site_archiver@lists.apple.com Delivered-To: security-announce@lists.apple.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2010-03-30-2 iTunes 9.1 iTunes 9.1 is now available and addresses the following: ColorSync CVE-ID: CVE-2010-0040 Available for: Windows 7, Vista, XP Impact: Viewing a maliciously crafted image with an embedded color profile may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow, that could result in a heap buffer overflow, exists in the handling of images with an embedded color profile. Opening a maliciously crafted image with an embedded color profile may lead to an unexpected application termination or arbitrary code execution. The isssue is addressed by performing additional validation of color profiles. This issue does not affect Mac OS X systems. Credit to Sebastien Renaud of VUPEN Vulnerability Research Team for reporting this issue. ImageIO CVE-ID: CVE-2009-2285 Available for: Windows 7, Vista, XP Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: A buffer underflow exists in ImageIO's handling of TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.2. For Mac OS X v10.5 systems, this issue is addressed in Security Update 2010-001. ImageIO CVE-ID: CVE-2010-0041 Available for: Windows 7, Vista, XP Impact: Visiting a maliciously crafted website may result in sending data from Safari's memory to the website Description: An uninitialized memory access issue exists in ImageIO's handling of BMP images. Visiting a maliciously crafted website may result in sending data from Safari's memory to the website. This issue is addressed through improved memory handling and additional validation of BMP images. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.3. For Mac OS X v10.5 systems, this issue is addressed in Security Update 2010-002. Credit to Matthew 'j00ru' Jurczyk of Hispasec for reporting this issue. ImageIO CVE-ID: CVE-2010-0042 Available for: Windows 7, Vista, XP Impact: Visiting a maliciously crafted website may result in sending data from Safari's memory to the website Description: An uninitialized memory access issue exists in ImageIO's handling of TIFF images. Visiting a maliciously crafted website may result in sending data from Safari's memory to the website. This issue is addressed through improved memory handling and additional validation of TIFF images. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.3. For Mac OS X v10.5 systems, this issue is addressed in Security Update 2010-002. Credit to Matthew 'j00ru' Jurczyk of Hispasec for reporting this issue. ImageIO CVE-ID: CVE-2010-0043 Available for: Windows 7, Vista, XP Impact: Processing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue exists in the handling of TIFF images. Processing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory handling. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.3. This issue does not affect systems prior to Mac OS X v10.6. Credit to Gus Mueller of Flying Meat for reporting this issue. iTunes CVE-ID: CVE-2010-0531 Available for: Mac OS X v10.4.11 or later, Mac OS X Server v10.4.11 or later, Windows 7, Vista, XP Impact: Importing a maliciously crafted MP4 file may lead to a denial of service Description: An infinite loop issue exists in the handling of MP4 files.A maliciously crafted podcast may be able to cause an infinite loop in iTunes, and prevent its operation even after it is relaunched. This issue is addressed through improved validation of MP4 files. Credit to Sojeong Hong of Sourcefire VRT for reporting this issue. iTunes CVE-ID: CVE-2010-0532 Available for: Windows 7, Vista, XP Impact: A local user may be able to obtain system privileges during iTunes installation Description: A privilege escalation issue exists in the iTunes for Windows installation package. During the installation process, a race condition may allow a local user to modify a file that is then executed with system privileges. The issue is addressed through improved access controls for installation files. This issue does not affect Mac OS X systems. Credit to Jason Geffner of NGSSoftware for reporting this issue. iTunes 9.1 may be obtained from: http://www.apple.com/itunes/download/ For Mac OS X: The download file is named: "iTunes9.1.dmg" Its SHA-1 digest is: cbfe7da9ccc2934395e27ee99ab400c3fdea0595 For Windows XP / Vista / Windows 7: The download file is named: "iTunesSetup.exe" Its SHA-1 digest is: 80e64f3222703e5da2d613541170bcd6c300e801 For 64-bit Windows XP / Vista / Windows 7: The download file is named: "iTunes64Setup.exe" Its SHA-1 digest is: e6b5ddd1e6f21ddcf7117adec72e47701633b1cb Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (Darwin) iQEcBAEBAgAGBQJLsjCgAAoJEHkodeiKZIkBDVUH/jHMRx9MgZlhmMWB+86kA+l5 l5cJNE5ftyrChnJtPqOz0tUsA4rONwuHRjMEdSfJU9m1pNVoYA5cotkpEFYt4q/W MzzlCeMpm2BJwqGOud860igH7VTxBFlBgLAt87aE7yIo5J2y84f9PM7kq4d0FW6R sLPWC7dNhojLPRWTiuKvdEliW3i+C/KPIF0tg3Jpbbt86rR+TWbbFIVwyUvO8nTn jnnavQAnVM2Ytk8K1g71fjTzYElP5eQ6UQ/lf4dWHW4DvzQbsM3h4ria3BG/hQYB IdEVVM6z1mOsBosTz88rfOM6QYF9YkyiayC6VCQhHLC+Q31mZYu2BFr+mMbiUlY= =2dBL -----END PGP SIGNATURE----- _______________________________________________ Do not post admin requests to the list. They will be ignored. Security-announce mailing list (Security-announce@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/security-announce/site_archiver%40lis... This email sent to site_archiver@lists.apple.com