Home / mailings APPLE-SA-2011-04-18-1 iTunes 10.2.2
Posted on 18 April 2011
Apple Security-announce-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2011-04-18-1 iTunes 10.2.2
iTunes 10.2.2 is now available and addresses the following:
WebKit
Available for: Windows 7, Vista, XP SP2 or later
Impact: A man-in-the-middle attack may lead to an unexpected
application termination or arbitrary code execution
Description: Multiple memory corruption issues exist in WebKit. A
man-in-the-middle attack while browsing the iTunes Store via iTunes
may lead to an unexpected application termination or arbitrary code
execution.
CVE-ID
CVE-2011-1290 : Vincenzo Iozzo, Willem Pinckaers, Ralf-Philipp
Weinmann, and an anonymous researcher working with TippingPoint's
Zero Day Initiative
CVE-2011-1344 : Vupen Security working with TippingPoint's Zero Day
Initiative, and Martin Barbella
iTunes 10.2.2 may be obtained from:
http://www.apple.com/itunes/download/
For Mac OS X:
The download file is named: "iTunes10.2.2.dmg"
Its SHA-1 digest is: 7b94065174927dbce71182c89a00b3966021ceb8
For Windows XP / Vista / Windows 7:
The download file is named: "iTunesSetup.exe"
Its SHA-1 digest is: 30c97f21cb7ec9921b80c7dfd3a9f460b6746045
For 64-bit Windows XP / Vista / Windows 7:
The download file is named: "iTunes64Setup.exe"
Its SHA-1 digest is: 10d04b03e9733827e69a20bcf46f5e7ea97e0cd3
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
