Home / mailings APPLE-SA-2009-06-01-2 iTunes 8.2
Posted on 01 June 2009
Apple Security-announce-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2009-06-01-2 iTunes 8.2
iTunes 8.2 is now available and addresses the following:
iTunes
CVE-ID: CVE-2009-0950
Available for: Mac OS X v10.4.10 or later,
Mac OS X Server v10.4.10 or later, Windows Vista, XP SP2
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A stack buffer overflow exists in iTunes when parsing
"itms:" URLs. Accessing a maliciously crafted "itms:" URL may lead to
an unexpected application termination or arbitrary code execution.
This update addresses the issue through improved bounds checking.
Credit to Will Drewry for reporting this issue.
iTunes 8.2 may be obtained from:
http://www.apple.com/itunes/download/
For Mac OS X:
The download file is named: "iTunes8.2.dmg"
Its SHA-1 digest is: a07c4fb0dfd94ba238024cf8d448165da24e5be5
For Windows XP / Vista:
The download file is named: "iTunesSetup.exe"
Its SHA-1 digest is: 16f5b1e787b36aece842ea5ae80bfc6bf2b32b19
For Windows Vista 64 Bit:
The download file is named: "iTunes64Setup.exe"
Its SHA-1 digest is: b8739f847f2b66835f4f4b542b3308de96d418ed
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
