site_archiver@lists.apple.com Delivered-To: security-announce@lists.apple.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2009-09-09 iTunes 8.0 iTunes 8.0 is now available and addresses the following issues: iTunes CVE-ID: CVE-2008-3634 Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11 Impact: Firewall warning dialog in iTunes is misleading Description: When the firewall is configured to block iTunes Music Sharing and the user enables iTunes Music Sharing in iTunes, a warning dialog is displayed which incorrectly informs the user that unblocking iTunes Music Sharing doesn't affect the firewall's security. Allowing iTunes Music Sharing or any other service through the firewall inherently affects security by exposing the service to remote entities. This update addresses the issue by refining the text in the warning dialog. This issue does not affect systems running Mac OS X v10.5 or later. Credit info to Eric Hall of DarkArt Consulting Services, Inc. for reporting this issue. iTunes CVE-ID: CVE-2008-3636 Available for: Windows XP or Vista Impact: A local user may gain system privileges Description: A third-party driver provided with iTunes may trigger an integer overflow, and could allow a local user to obtain system privileges. Credit to Ruben Santamarta of Wintercore for reporting this issue. iTunes 8.0 may be obtained from: http://www.apple.com/itunes/download/ For Mac OS X: The download file is named: "iTunes8.dmg" Its SHA-1 digest is: af54727e4b2e0e6bb0c367b34ae5075f36096aef For Windows XP / Vista: The download file is named: "iTunes8Setup.exe" Its SHA-1 digest is: 5d4ff8ffbe9feeaed67deb317797c1d71a03c359 For Windows XP / Vista 64 Bit: The download file is named: "iTunes864Setup.exe" Its SHA-1 digest is: 86df5d9899a8dad82b893309dc18672e3d2cccd0 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: http://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: 9.7.2.1608 wsBVAwUBSMbO0XkodeiKZIkBAQgKnAf/e2KzDHS44/JZthQXFTDenrDAEST2YRX4 SEECbifKVUZQJENjxJyzw6ViRK22VkjncE1dcQs0NvRnds+6iDZwN9T5tk/+QBI7 tcv0rQR7nJC0is7Q7p+As8grK4Pjsswjj5mhuk/tuIjO5tvHeprKqPQs3C3ad3DG C9WluCX9yTi+aVMMPKPLjvT6jAciF8hlPjePNOkf+bWpLx2GZPVRYQvn9guUArtr JdMUlIu2WCsS7doumNBiZ0ec3U9EAs2zvqks2PfSngKdVea32ryxY2D6OVWxX/h/ wQSCu3U2Na2ljk6wDHJMB2sBqpvcDyFqiCRntAeEfGpkQ51fOF/AjQ== =jmQc -----END PGP SIGNATURE----- _______________________________________________ Do not post admin requests to the list. They will be ignored. Security-announce mailing list (Security-announce@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/security-announce/site_archiver%40lis... This email sent to site_archiver@lists.apple.com