APPLE-SA-2010-06-16-1 iTunes 9.2
APPLE-SA-2010-06-16-1 iTunes 9.2
- Subject: APPLE-SA-2010-06-16-1 iTunes 9.2
- From: Apple Product Security <email@hidden>
- Date: Wed, 16 Jun 2010 13:21:08 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2010-06-16-1 iTunes 9.2
iTunes 9.2 is now available and addresses the following:
ColorSync
CVE-ID: CVE-2009-1726
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted image with an embedded
ColorSync profile may lead to an unexpected application termination
or arbitrary code execution
Description: A heap buffer overflow exists in the handling of images
with an embedded ColorSync profile. Opening a maliciously crafted
image with an embedded ColorSync profile may lead to an unexpected
application termination or arbitrary code execution. This issue is
addressed through improved validation of ColorSync profiles. Credit
to Chris Evans of the Google Security Team, and Andrzej Dyjak for
reporting this issue.
ImageIO
CVE-ID: CVE-2010-1411
Available for: Windows 7, Vista, XP SP2 or later
Impact: Opening a maliciously crafted TIFF file may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple integer overflows in the handling of TIFF
files may result in a heap buffer overflow. Opening a maliciously
crafted TIFF file may lead to an unexpected application termination
or arbitrary code execution. The issues are addressed through
improved bounds checking. Credit to Kevin Finisterre of
digitalmunition.com for reporting these issues.
WebKit
CVE-ID: CVE-2010-0544, CVE-2010-1119, CVE-2010-1387, CVE-2010-1390,
CVE-2010-1392, CVE-2010-1393, CVE-2010-1395, CVE-2010-1396,
CVE-2010-1397, CVE-2010-1398, CVE-2010-1399, CVE-2010-1400,
CVE-2010-1401, CVE-2010-1402, CVE-2010-1403, CVE-2010-1404,
CVE-2010-1405, CVE-2010-1408, CVE-2010-1409, CVE-2010-1410,
CVE-2010-1412, CVE-2010-1414, CVE-2010-1415, CVE-2010-1416,
CVE-2010-1417, CVE-2010-1418, CVE-2010-1419, CVE-2010-1421,
CVE-2010-1422, CVE-2010-1749, CVE-2010-1758, CVE-2010-1759,
CVE-2010-1761, CVE-2010-1763, CVE-2010-1769, CVE-2010-1770,
CVE-2010-1771, CVE-2010-1774
Available for: Windows 7, Vista, XP SP2 or later
Impact: Multiple vulnerabilities in WebKit
Description: WebKit is updated to the version included in Safari 5.0
and Safari 4.1 to address several vulnerabilities, the most serious
of which may lead to arbitrary code execution. Further information is
available at http://support.apple.com/kb/HT4196
iTunes 9.2 may be obtained from:
http://www.apple.com/itunes/download/
For Mac OS X:
The download file is named: "iTunes9.2.dmg"
Its SHA-1 digest is: fc0cd72f63ce2a39ae24ccc6cdd00c921a8a542e
For Windows XP / Vista / Windows 7:
The download file is named: "iTunesSetup.exe"
Its SHA-1 digest is: 36b0bab6592437bb90d3bf0c8e2475d9f707f20b
For 64-bit Windows XP / Vista / Windows 7:
The download file is named: "iTunes64Setup.exe"
Its SHA-1 digest is: fee32b82f0f9afbedfe37231b78b65083ca7c024
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (Darwin)
iQEcBAEBAgAGBQJMGRhTAAoJEGnF2JsdZQeea+oH/3xaEZAZ9dHFdMR4Jf6XNokV
WY1vXIcUJRZC1B59y8He/k8Zx8Yk5axEO0QEXrPhK7CNsw9dxXfB35Svs+DH/bn9
9zniFYElsQP4gWZBbj9BcIDqEXvuLTG6aDXtZMQxo5eojCrK1esdpGPr1uEcGn9V
DGy22Kn4xJn8xKuCGhaRnP4Hi9lJ5KSkVd+ZEXN8XKsN2dKqPnzcR0Ddd6XdJn5u
Sg5WjABn6rSqBlTbqbJOopqOucU/NAyvV8y4N3KFS1bXMV/j1CV7sDsc/yilxt+x
7hPHdj0aal6PRG9v6XSrXTMIYlaDCnDBLWEeebKD1Lw7eJDlDUgobNez05L505E=
=EIP2
-----END PGP SIGNATURE-----
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden