• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
APPLE-SA-2009-03-11 iTunes 8.1
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

APPLE-SA-2009-03-11 iTunes 8.1

  • Subject: APPLE-SA-2009-03-11 iTunes 8.1
  • From: Apple Product Security <email@hidden>
  • Date: Wed, 11 Mar 2009 18:05:19 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2009-03-11 iTunes 8.1

iTunes 8.1 is now available and addresses the following:

iTunes
CVE-ID:  CVE-2009-0016
Available for:  Windows XP or Vista
Impact:  Sending a maliciously crafted DAAP message may lead to a
denial of service
Description:  An infinite loop exists in the handling of iTunes
Digital Audio Access Protocol (DAAP) messages. Sending a message
containing a maliciously crafted Content-Length parameter in the DAAP
header may lead to a denial of service. This update addresses the
issue by performing additional validation of DAAP messages. This
issue does not affect Mac OS X systems. Credit to Xiaopeng Zhang,
Zhenhua Liu, and Junfeng Jia of Fortinet's FortiGuard Global Security
Research Team for reporting this issue.

iTunes
CVE-ID:  CVE-2009-0143
Available for:  Mac OS X v10.4.10 or later,
Mac OS X Server v10.4.10 or later, Windows XP or Vista
Impact:  Subscribing to a malicious podcast may lead to the
disclosure of iTunes username and password
Description:  A design issue exists in the iTunes podcast feature. A
subscription to a malicious podcast may cause an authentication
dialog to be presented to the user. This dialog may entice the user
to send iTunes credentials to the podcast server. This update
addresses the issue by clarifying the origin of the authentication
request in the dialog. Credit to Simon Bellwood for reporting this
issue.

iTunes 8.1 may be obtained from:
http://www.apple.com/itunes/download/

For Mac OS X:
The download file is named: "iTunes8.1.dmg"
Its SHA-1 digest is: 6c9ee64741158c9f45417b965b38b01ea3b51af1

For Windows XP / Vista:
The download file is named: "iTunesSetup.exe"
Its SHA-1 digest is: 00bd8842cf0f2026cc4590ef434f6846eeca7fa4

For Windows XP / Vista 64 Bit:
The download file is named: "iTunes64Setup.exe"
Its SHA-1 digest is: cd61ef5e5a6fd350d2ac4366a31de5d110defdff

Information will also be posted to the Apple Security Updates
web site:  http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (Darwin)

iQEcBAEBAgAGBQJJurQhAAoJEHkodeiKZIkBk6MIAKdiDyWja2nSeUH6auYmmRUM
F9Xt68l8yL8tNlZ/qn/gFO3rnaUa3UTj2TzUpKiu5dUmYjtpg8/W5oLIHOn6nJDy
sHzZILZckJj5XRbKNuuF5/hXWgclCdiqLsjNgujUQFP1PhK/dJeV4uIrg+U8i67T
24x/enoqA5xPOSYumVjWs2cxFq+G4D33wSReU0cSg+B/tpkL5YO2IXtczM0VNkBO
3Py1OPUPI2rMa9htUoqQdajmaXgFEK0+7Eu6jDFkbi9Cgvh7W1NjMDEKa1UGS3sr
71HC0fbp5pi4r7SdtH4D963Cj9kMeLS9HchVTQV52aDsj8IObGmloprZ1bHeDOo=
=kcsL
-----END PGP SIGNATURE-----
  • Prev by Date: APPLE-SA-2009-03-05 Time Capsule and AirPort Base Station (802.11n*) Firmware 7.4.1
  • Previous by thread: APPLE-SA-2009-03-05 Time Capsule and AirPort Base Station (802.11n*) Firmware 7.4.1
  • Index(es):
    • Date
    • Thread