site_archiver@lists.apple.com Delivered-To: security-announce@lists.apple.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2010-06-16-1 iTunes 9.2 iTunes 9.2 is now available and addresses the following: ColorSync CVE-ID: CVE-2009-1726 Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted image with an embedded ColorSync profile may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow exists in the handling of images with an embedded ColorSync profile. Opening a maliciously crafted image with an embedded ColorSync profile may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved validation of ColorSync profiles. Credit to Chris Evans of the Google Security Team, and Andrzej Dyjak for reporting this issue. ImageIO CVE-ID: CVE-2010-1411 Available for: Windows 7, Vista, XP SP2 or later Impact: Opening a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution Description: Multiple integer overflows in the handling of TIFF files may result in a heap buffer overflow. Opening a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution. The issues are addressed through improved bounds checking. Credit to Kevin Finisterre of digitalmunition.com for reporting these issues. WebKit CVE-ID: CVE-2010-0544, CVE-2010-1119, CVE-2010-1387, CVE-2010-1390, CVE-2010-1392, CVE-2010-1393, CVE-2010-1395, CVE-2010-1396, CVE-2010-1397, CVE-2010-1398, CVE-2010-1399, CVE-2010-1400, CVE-2010-1401, CVE-2010-1402, CVE-2010-1403, CVE-2010-1404, CVE-2010-1405, CVE-2010-1408, CVE-2010-1409, CVE-2010-1410, CVE-2010-1412, CVE-2010-1414, CVE-2010-1415, CVE-2010-1416, CVE-2010-1417, CVE-2010-1418, CVE-2010-1419, CVE-2010-1421, CVE-2010-1422, CVE-2010-1749, CVE-2010-1758, CVE-2010-1759, CVE-2010-1761, CVE-2010-1763, CVE-2010-1769, CVE-2010-1770, CVE-2010-1771, CVE-2010-1774 Available for: Windows 7, Vista, XP SP2 or later Impact: Multiple vulnerabilities in WebKit Description: WebKit is updated to the version included in Safari 5.0 and Safari 4.1 to address several vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available at http://support.apple.com/kb/HT4196 iTunes 9.2 may be obtained from: http://www.apple.com/itunes/download/ For Mac OS X: The download file is named: "iTunes9.2.dmg" Its SHA-1 digest is: fc0cd72f63ce2a39ae24ccc6cdd00c921a8a542e For Windows XP / Vista / Windows 7: The download file is named: "iTunesSetup.exe" Its SHA-1 digest is: 36b0bab6592437bb90d3bf0c8e2475d9f707f20b For 64-bit Windows XP / Vista / Windows 7: The download file is named: "iTunes64Setup.exe" Its SHA-1 digest is: fee32b82f0f9afbedfe37231b78b65083ca7c024 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (Darwin) iQEcBAEBAgAGBQJMGRhTAAoJEGnF2JsdZQeea+oH/3xaEZAZ9dHFdMR4Jf6XNokV WY1vXIcUJRZC1B59y8He/k8Zx8Yk5axEO0QEXrPhK7CNsw9dxXfB35Svs+DH/bn9 9zniFYElsQP4gWZBbj9BcIDqEXvuLTG6aDXtZMQxo5eojCrK1esdpGPr1uEcGn9V DGy22Kn4xJn8xKuCGhaRnP4Hi9lJ5KSkVd+ZEXN8XKsN2dKqPnzcR0Ddd6XdJn5u Sg5WjABn6rSqBlTbqbJOopqOucU/NAyvV8y4N3KFS1bXMV/j1CV7sDsc/yilxt+x 7hPHdj0aal6PRG9v6XSrXTMIYlaDCnDBLWEeebKD1Lw7eJDlDUgobNez05L505E= =EIP2 -----END PGP SIGNATURE----- _______________________________________________ Do not post admin requests to the list. They will be ignored. Security-announce mailing list (Security-announce@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/security-announce/site_archiver%40lis... This email sent to site_archiver@lists.apple.com