APPLE-SA-2010-03-30-2 iTunes 9.1
APPLE-SA-2010-03-30-2 iTunes 9.1
- Subject: APPLE-SA-2010-03-30-2 iTunes 9.1
- From: Apple Product Security <email@hidden>
- Date: Tue, 30 Mar 2010 13:12:52 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2010-03-30-2 iTunes 9.1
iTunes 9.1 is now available and addresses the following:
ColorSync
CVE-ID: CVE-2010-0040
Available for: Windows 7, Vista, XP
Impact: Viewing a maliciously crafted image with an embedded color
profile may lead to an unexpected application termination or
arbitrary code execution
Description: An integer overflow, that could result in a heap buffer
overflow, exists in the handling of images with an embedded color
profile. Opening a maliciously crafted image with an embedded color
profile may lead to an unexpected application termination or
arbitrary code execution. The isssue is addressed by performing
additional validation of color profiles. This issue does not affect
Mac OS X systems. Credit to Sebastien Renaud of VUPEN Vulnerability
Research Team for reporting this issue.
ImageIO
CVE-ID: CVE-2009-2285
Available for: Windows 7, Vista, XP
Impact: Viewing a maliciously crafted TIFF image may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer underflow exists in ImageIO's handling of TIFF
images. Viewing a maliciously crafted TIFF image may lead to an
unexpected application termination or arbitrary code execution. This
issue is addressed through improved bounds checking. For Mac OS X
v10.6 systems, this issue is addressed in Mac OS X v10.6.2. For Mac
OS X v10.5 systems, this issue is addressed in Security Update
2010-001.
ImageIO
CVE-ID: CVE-2010-0041
Available for: Windows 7, Vista, XP
Impact: Visiting a maliciously crafted website may result in sending
data from Safari's memory to the website
Description: An uninitialized memory access issue exists in
ImageIO's handling of BMP images. Visiting a maliciously crafted
website may result in sending data from Safari's memory to the
website. This issue is addressed through improved memory handling and
additional validation of BMP images. For Mac OS X v10.6 systems, this
issue is addressed in Mac OS X v10.6.3. For Mac OS X v10.5 systems,
this issue is addressed in Security Update 2010-002. Credit to
Matthew 'j00ru' Jurczyk of Hispasec for reporting this issue.
ImageIO
CVE-ID: CVE-2010-0042
Available for: Windows 7, Vista, XP
Impact: Visiting a maliciously crafted website may result in sending
data from Safari's memory to the website
Description: An uninitialized memory access issue exists in
ImageIO's handling of TIFF images. Visiting a maliciously crafted
website may result in sending data from Safari's memory to the
website. This issue is addressed through improved memory handling and
additional validation of TIFF images. For Mac OS X v10.6 systems,
this issue is addressed in Mac OS X v10.6.3. For Mac OS X v10.5
systems, this issue is addressed in Security Update 2010-002. Credit
to Matthew 'j00ru' Jurczyk of Hispasec for reporting this issue.
ImageIO
CVE-ID: CVE-2010-0043
Available for: Windows 7, Vista, XP
Impact: Processing a maliciously crafted TIFF image may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in the handling of
TIFF images. Processing a maliciously crafted TIFF image may lead to
an unexpected application termination or arbitrary code execution.
This issue is addressed through improved memory handling. For Mac OS
X v10.6 systems, this issue is addressed in Mac OS X v10.6.3. This
issue does not affect systems prior to Mac OS X v10.6. Credit to Gus
Mueller of Flying Meat for reporting this issue.
iTunes
CVE-ID: CVE-2010-0531
Available for: Mac OS X v10.4.11 or later,
Mac OS X Server v10.4.11 or later, Windows 7, Vista, XP
Impact: Importing a maliciously crafted MP4 file may lead to a
denial of service
Description: An infinite loop issue exists in the handling of MP4
files.A maliciously crafted podcast may be able to cause an infinite
loop in iTunes, and prevent its operation even after it is
relaunched. This issue is addressed through improved validation of
MP4 files. Credit to Sojeong Hong of Sourcefire VRT for reporting
this issue.
iTunes
CVE-ID: CVE-2010-0532
Available for: Windows 7, Vista, XP
Impact: A local user may be able to obtain system privileges during
iTunes installation
Description: A privilege escalation issue exists in the iTunes for
Windows installation package. During the installation process, a race
condition may allow a local user to modify a file that is then
executed with system privileges. The issue is addressed through
improved access controls for installation files. This issue does not
affect Mac OS X systems. Credit to Jason Geffner of NGSSoftware for
reporting this issue.
iTunes 9.1 may be obtained from:
http://www.apple.com/itunes/download/
For Mac OS X:
The download file is named: "iTunes9.1.dmg"
Its SHA-1 digest is: cbfe7da9ccc2934395e27ee99ab400c3fdea0595
For Windows XP / Vista / Windows 7:
The download file is named: "iTunesSetup.exe"
Its SHA-1 digest is: 80e64f3222703e5da2d613541170bcd6c300e801
For 64-bit Windows XP / Vista / Windows 7:
The download file is named: "iTunes64Setup.exe"
Its SHA-1 digest is: e6b5ddd1e6f21ddcf7117adec72e47701633b1cb
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (Darwin)
iQEcBAEBAgAGBQJLsjCgAAoJEHkodeiKZIkBDVUH/jHMRx9MgZlhmMWB+86kA+l5
l5cJNE5ftyrChnJtPqOz0tUsA4rONwuHRjMEdSfJU9m1pNVoYA5cotkpEFYt4q/W
MzzlCeMpm2BJwqGOud860igH7VTxBFlBgLAt87aE7yIo5J2y84f9PM7kq4d0FW6R
sLPWC7dNhojLPRWTiuKvdEliW3i+C/KPIF0tg3Jpbbt86rR+TWbbFIVwyUvO8nTn
jnnavQAnVM2Ytk8K1g71fjTzYElP5eQ6UQ/lf4dWHW4DvzQbsM3h4ria3BG/hQYB
IdEVVM6z1mOsBosTz88rfOM6QYF9YkyiayC6VCQhHLC+Q31mZYu2BFr+mMbiUlY=
=2dBL
-----END PGP SIGNATURE-----
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden