APPLE-SA-2009-06-01-2 iTunes 8.2
APPLE-SA-2009-06-01-2 iTunes 8.2
- Subject: APPLE-SA-2009-06-01-2 iTunes 8.2
- From: Apple Product Security <email@hidden>
- Date: Mon, 1 Jun 2009 13:13:37 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2009-06-01-2 iTunes 8.2
iTunes 8.2 is now available and addresses the following:
iTunes
CVE-ID: CVE-2009-0950
Available for: Mac OS X v10.4.10 or later,
Mac OS X Server v10.4.10 or later, Windows Vista, XP SP2
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A stack buffer overflow exists in iTunes when parsing
"itms:" URLs. Accessing a maliciously crafted "itms:" URL may lead to
an unexpected application termination or arbitrary code execution.
This update addresses the issue through improved bounds checking.
Credit to Will Drewry for reporting this issue.
iTunes 8.2 may be obtained from:
http://www.apple.com/itunes/download/
For Mac OS X:
The download file is named: "iTunes8.2.dmg"
Its SHA-1 digest is: a07c4fb0dfd94ba238024cf8d448165da24e5be5
For Windows XP / Vista:
The download file is named: "iTunesSetup.exe"
Its SHA-1 digest is: 16f5b1e787b36aece842ea5ae80bfc6bf2b32b19
For Windows Vista 64 Bit:
The download file is named: "iTunes64Setup.exe"
Its SHA-1 digest is: b8739f847f2b66835f4f4b542b3308de96d418ed
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: 9.7.2.1608
wsBVAwUBSiQadXkodeiKZIkBAQj1rgf/R8+ZzEVsTXhj8vVCClxSanI3bqqKEQOo
xzkSPQTafOpnDjVywb+5o29TJfDisbzAoYU8RzdlSFBPx8mDdAKkhCiScGpR2/tQ
uBEq9D3OXCD2+NVbSCoLzjh230Hgi2qoz7HIzA4UC9KRxBZfyqFayGOZVg84JPsT
RKCfRHmF8twkY5xupTloOWfUa6DNH2hSbNxnQs4pSHxu+UQLRrwMUQaT6u5DD/ja
e35TA5zH9vnmf9aCH+Jze8syLhOl35rnNXoOC560EmzsfUpbhF28tor+VXLXK6v3
FApOQ039KoNTyR80Ya21Dz4SeCTzfLZQsxP9RxLwabxQdQd5JU+u/g==
=AqmT
-----END PGP SIGNATURE-----
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden