Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
APPLE-SA-2009-09-09 iTunes 8.0
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

APPLE-SA-2009-09-09 iTunes 8.0

Hash: SHA256

APPLE-SA-2009-09-09 iTunes 8.0

iTunes 8.0 is now available and addresses the following issues:

CVE-ID:  CVE-2008-3634
Available for:  Mac OS X v10.4.11, Mac OS X Server v10.4.11
Impact:  Firewall warning dialog in iTunes is misleading
Description:  When the firewall is configured to block iTunes Music
Sharing and the user enables iTunes Music Sharing in iTunes, a
warning dialog is displayed which incorrectly informs the user that
unblocking iTunes Music Sharing doesn't affect the firewall's
security. Allowing iTunes Music Sharing or any other service through
the firewall inherently affects security by exposing the service to
remote entities. This update addresses the issue by refining the text
in the warning dialog. This issue does not affect systems running Mac
OS X v10.5 or later. Credit info to Eric Hall of DarkArt Consulting
Services, Inc. for reporting this issue.

CVE-ID:  CVE-2008-3636
Available for:  Windows XP or Vista
Impact:  A local user may gain system privileges
Description:  A third-party driver provided with iTunes may trigger
an integer overflow, and could allow a local user to obtain system
privileges. Credit to Ruben Santamarta of Wintercore for reporting
this issue.

iTunes 8.0 may be obtained from:

For Mac OS X:
The download file is named:  "iTunes8.dmg"
Its SHA-1 digest is:  af54727e4b2e0e6bb0c367b34ae5075f36096aef

For Windows XP / Vista:
The download file is named:  "iTunes8Setup.exe"
Its SHA-1 digest is:  5d4ff8ffbe9feeaed67deb317797c1d71a03c359

For Windows XP / Vista 64 Bit:
The download file is named:  "iTunes864Setup.exe"
Its SHA-1 digest is:  86df5d9899a8dad82b893309dc18672e3d2cccd0

Information will also be posted to the Apple Security Updates
web site:

This message is signed with Apple's Product Security PGP key,
and details are available at:



Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden

Visit the Apple Store online or at retail locations.

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2011 Apple Inc. All rights reserved.