Home / mailingsPDF  

APPLE-SA-2010-06-16-1 iTunes 9.2

Posted on 16 June 2010
Apple Security-announce

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2010-06-16-1 iTunes 9.2

iTunes 9.2 is now available and addresses the following:

ColorSync
CVE-ID: CVE-2009-1726
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted image with an embedded
ColorSync profile may lead to an unexpected application termination
or arbitrary code execution
Description: A heap buffer overflow exists in the handling of images
with an embedded ColorSync profile. Opening a maliciously crafted
image with an embedded ColorSync profile may lead to an unexpected
application termination or arbitrary code execution. This issue is
addressed through improved validation of ColorSync profiles. Credit
to Chris Evans of the Google Security Team, and Andrzej Dyjak for
reporting this issue.

ImageIO
CVE-ID: CVE-2010-1411
Available for: Windows 7, Vista, XP SP2 or later
Impact: Opening a maliciously crafted TIFF file may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple integer overflows in the handling of TIFF
files may result in a heap buffer overflow. Opening a maliciously
crafted TIFF file may lead to an unexpected application termination
or arbitrary code execution. The issues are addressed through
improved bounds checking. Credit to Kevin Finisterre of
digitalmunition.com for reporting these issues.

WebKit
CVE-ID: CVE-2010-0544, CVE-2010-1119, CVE-2010-1387, CVE-2010-1390,
CVE-2010-1392, CVE-2010-1393, CVE-2010-1395, CVE-2010-1396,
CVE-2010-1397, CVE-2010-1398, CVE-2010-1399, CVE-2010-1400,
CVE-2010-1401, CVE-2010-1402, CVE-2010-1403, CVE-2010-1404,
CVE-2010-1405, CVE-2010-1408, CVE-2010-1409, CVE-2010-1410,
CVE-2010-1412, CVE-2010-1414, CVE-2010-1415, CVE-2010-1416,
CVE-2010-1417, CVE-2010-1418, CVE-2010-1419, CVE-2010-1421,
CVE-2010-1422, CVE-2010-1749, CVE-2010-1758, CVE-2010-1759,
CVE-2010-1761, CVE-2010-1763, CVE-2010-1769, CVE-2010-1770,
CVE-2010-1771, CVE-2010-1774
Available for: Windows 7, Vista, XP SP2 or later
Impact: Multiple vulnerabilities in WebKit
Description: WebKit is updated to the version included in Safari 5.0
and Safari 4.1 to address several vulnerabilities, the most serious
of which may lead to arbitrary code execution. Further information is
available at http://support.apple.com/kb/HT4196


iTunes 9.2 may be obtained from:
http://www.apple.com/itunes/download/

For Mac OS X:
The download file is named: "iTunes9.2.dmg"
Its SHA-1 digest is: fc0cd72f63ce2a39ae24ccc6cdd00c921a8a542e

For Windows XP / Vista / Windows 7:
The download file is named: "iTunesSetup.exe"
Its SHA-1 digest is: 36b0bab6592437bb90d3bf0c8e2475d9f707f20b

For 64-bit Windows XP / Vista / Windows 7:
The download file is named: "iTunes64Setup.exe"
Its SHA-1 digest is: fee32b82f0f9afbedfe37231b78b65083ca7c024

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

 

TOP