APPLE-SA-2013-10-22-8 iTunes 11.1.2
APPLE-SA-2013-10-22-8 iTunes 11.1.2
- Subject: APPLE-SA-2013-10-22-8 iTunes 11.1.2
- From: Apple Product Security <email@hidden>
- Date: Tue, 22 Oct 2013 19:38:10 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2013-10-22-8 iTunes 11.1.2
iTunes 11.1.2 is now available and addresses the following:
iTunes
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: An uninitialized memory access issue existed in the
handling of text tracks. This issue was addressed by additional
validation of text tracks.
CVE-ID
CVE-2013-1024 : Richard Kuo and Billy Suguitan of Triemt Corporation
iTunes
Available for: Windows 7, Vista, XP SP2 or later
Impact: A man-in-the-middle attack while browsing the iTunes Store
via iTunes may lead to an unexpected application termination or
arbitrary code executionn
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2013-1037 : Google Chrome Security Team
CVE-2013-1038 : Google Chrome Security Team
CVE-2013-1039 : own-hero Research working with iDefense VCP
CVE-2013-1040 : Google Chrome Security Team
CVE-2013-1041 : Google Chrome Security Team
CVE-2013-1042 : Google Chrome Security Team
CVE-2013-1043 : Google Chrome Security Team
CVE-2013-1044 : Apple
CVE-2013-1045 : Google Chrome Security Team
CVE-2013-1046 : Google Chrome Security Team
CVE-2013-1047 : miaubiz
CVE-2013-2842 : Cyril Cattiaux
CVE-2013-5125 : Google Chrome Security Team
CVE-2013-5126 : Apple
CVE-2013-5127 : Google Chrome Security Team
CVE-2013-5128 : Apple
libxml
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted web page may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in libxml.
These issues were addressed by updating libxml to version 2.9.0.
CVE-ID
CVE-2011-3102 : Juri Aedla
CVE-2012-0841
CVE-2012-2807 : Juri Aedla
CVE-2012-5134 : Google Chrome Security Team (Juri Aedla)
libxslt
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted web page may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in libxslt.
These issues were addressed by updating libxslt to version 1.1.28.
CVE-ID
CVE-2012-2825 : Nicolas Gregoire
CVE-2012-2870 : Nicolas Gregoire
CVE-2012-2871 : Kai Lu of Fortinet's FortiGuard Labs, Nicolas
Gregoire
iTunes 11.1.2 may be obtained from:
http://www.apple.com/itunes/download/
For Windows XP / Vista / Windows 7:
The download file is named: "iTunesSetup.exe"
Its SHA-1 digest is: e3ecbc0b88b683ab14657b3cf96dba60673bd88f
For 64-bit Windows XP / Vista / Windows 7:
The download file is named: "iTunes64Setup.exe"
Its SHA-1 digest is: bb6c77a33f26f41c322455eea25bfd81f59ac5bc
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJSZw2TAAoJEPefwLHPlZEwMtMP/jIo5rcmG+zc6gjpgWu2zS3u
cvoLJ97aPGYO74pPLRvvcXtI6IQucsicvpfmTkrUflzMUwilgB8WxVNPANKOyW5y
59u49Udtv96gBVo7KrZSgxM9f1qI6YIxGdQcBK7u+PZFPc2HmJuzeFl7TFzVzrfR
c1Lre+q8qWLrhjh/FiVWPgLCsNO0aUQ3fpNuJhSn0TCCOdAGFD1WtOVLB6q8zotz
GwUNG52A2abLtqTC7f3UbAjRtNW37VJ4jt/n1r4v4tZgr5SeAedCvq1awIvmwVUI
HV6UgWORvmt2gIJoqynky+6UkY2b/lMM5993i9K3qfuQSjktYUCKSs395Kzb/CgH
V/hy5qNXQ4iUiDo0a3DBHFVR+iOIW6gLVt3RVp5tMXtSzYypYRTBTpTHuSwiI31/
LISGDV3FGtdb9W550AayjV8sQvHRyNWg3suvwCwr3Oc2Q/oqcWpxWGJaSwtO2NBS
sU4Dwitx9cfOM5pqQbma7ujHcZifgIkwZr57zQXHP5PF+YHOs1SXBQupCMocHI7N
VSiHuM0nDxT87c1QaHlZe6x73hr3XqLsOBgnr/FUREbcKjrU4qq3PC9EaslPQe7P
FxAm00mV2/1MkLtWRKs+wRc1hZb59d9IkI535OP1BxWWJYlQrYficb6gm39fee1J
z6mpg8cpxwtZoPdZCQb9
=0yE/
-----END PGP SIGNATURE-----
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden