-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-10-22-8 iTunes 11.1.2 iTunes 11.1.2 is now available and addresses the following: iTunes Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An uninitialized memory access issue existed in the handling of text tracks. This issue was addressed by additional validation of text tracks. CVE-ID CVE-2013-1024 : Richard Kuo and Billy Suguitan of Triemt Corporation iTunes Available for: Windows 7, Vista, XP SP2 or later Impact: A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code executionn Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2013-1037 : Google Chrome Security Team CVE-2013-1038 : Google Chrome Security Team CVE-2013-1039 : own-hero Research working with iDefense VCP CVE-2013-1040 : Google Chrome Security Team CVE-2013-1041 : Google Chrome Security Team CVE-2013-1042 : Google Chrome Security Team CVE-2013-1043 : Google Chrome Security Team CVE-2013-1044 : Apple CVE-2013-1045 : Google Chrome Security Team CVE-2013-1046 : Google Chrome Security Team CVE-2013-1047 : miaubiz CVE-2013-2842 : Cyril Cattiaux CVE-2013-5125 : Google Chrome Security Team CVE-2013-5126 : Apple CVE-2013-5127 : Google Chrome Security Team CVE-2013-5128 : Apple libxml Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in libxml. These issues were addressed by updating libxml to version 2.9.0. CVE-ID CVE-2011-3102 : Juri Aedla CVE-2012-0841 CVE-2012-2807 : Juri Aedla CVE-2012-5134 : Google Chrome Security Team (Juri Aedla) libxslt Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in libxslt. These issues were addressed by updating libxslt to version 1.1.28. CVE-ID CVE-2012-2825 : Nicolas Gregoire CVE-2012-2870 : Nicolas Gregoire CVE-2012-2871 : Kai Lu of Fortinet's FortiGuard Labs, Nicolas Gregoire iTunes 11.1.2 may be obtained from: http://www.apple.com/itunes/download/ For Windows XP / Vista / Windows 7: The download file is named: "iTunesSetup.exe" Its SHA-1 digest is: e3ecbc0b88b683ab14657b3cf96dba60673bd88f For 64-bit Windows XP / Vista / Windows 7: The download file is named: "iTunes64Setup.exe" Its SHA-1 digest is: bb6c77a33f26f41c322455eea25bfd81f59ac5bc Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJSZw2TAAoJEPefwLHPlZEwMtMP/jIo5rcmG+zc6gjpgWu2zS3u cvoLJ97aPGYO74pPLRvvcXtI6IQucsicvpfmTkrUflzMUwilgB8WxVNPANKOyW5y 59u49Udtv96gBVo7KrZSgxM9f1qI6YIxGdQcBK7u+PZFPc2HmJuzeFl7TFzVzrfR c1Lre+q8qWLrhjh/FiVWPgLCsNO0aUQ3fpNuJhSn0TCCOdAGFD1WtOVLB6q8zotz GwUNG52A2abLtqTC7f3UbAjRtNW37VJ4jt/n1r4v4tZgr5SeAedCvq1awIvmwVUI HV6UgWORvmt2gIJoqynky+6UkY2b/lMM5993i9K3qfuQSjktYUCKSs395Kzb/CgH V/hy5qNXQ4iUiDo0a3DBHFVR+iOIW6gLVt3RVp5tMXtSzYypYRTBTpTHuSwiI31/ LISGDV3FGtdb9W550AayjV8sQvHRyNWg3suvwCwr3Oc2Q/oqcWpxWGJaSwtO2NBS sU4Dwitx9cfOM5pqQbma7ujHcZifgIkwZr57zQXHP5PF+YHOs1SXBQupCMocHI7N VSiHuM0nDxT87c1QaHlZe6x73hr3XqLsOBgnr/FUREbcKjrU4qq3PC9EaslPQe7P FxAm00mV2/1MkLtWRKs+wRc1hZb59d9IkI535OP1BxWWJYlQrYficb6gm39fee1J z6mpg8cpxwtZoPdZCQb9 =0yE/ -----END PGP SIGNATURE----- _______________________________________________ Do not post admin requests to the list. They will be ignored. Security-announce mailing list (Security-announce@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/security-announce/site_archiver%40li... This email sent to site_archiver@lists.apple.com