[PCWorks] Apple iTunes Multiple Vulnerabilities

• From: "Clint Hamilton-PCWorks Admin" <PCWorks@xxxxxxxxxxxxxxxxxxxxxxxx>
• To: "PCWorks@xxxxxxxxxxxxx" <pcworks@xxxxxxxxxxxxx>
• Date: Fri, 25 Jun 2010 03:33:33 -0500

TITLE:
Apple iTunes Multiple Vulnerabilities

Criticality level:  Highly critical
Impact:  Security Bypass, Exposure of sensitive information, 
System access
Where:  From remote

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/40196/

DESCRIPTION:
Multiple vulnerabilities have been reported in Apple iTunes. 
Some
have an unknown impact and others can be exploited by malicious
people to bypass certain security restrictions, disclose 
sensitive
information, or compromise a user's system.

1) An error when processing ColorSync profiles embedded in a
specially crafted image can be exploited to cause a heap-based 
buffer
overflow and potentially execute arbitrary code.

This is related to vulnerability #3 in:
SA36096

2) Multiple integer overflows when processing TIFF files can be
exploited to cause a heap-based buffer overflow and potentially
execute arbitrary code.

For more information:
SA40181

3) Multiple vulnerabilities in WebKit can be exploited by 
malicious
people to bypass certain security restrictions, disclose 
sensitive
information, and potentially compromise a user's system.

For more information:
SA37931
SA40105

4) One unspecified vulnerability with an unknown impact has 
been
reported in WebKit included in iTunes. No further information 
is
currently available.

5) Two vulnerabilities in WebKit can be exploited by malicious 
people
to compromise a user's system.

For more information see vulnerability #14 and 15 in:
SA40257

SOLUTION:
Update to version 9.2.

ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT4220

=========================
The list's FAQ's can be seen by sending an email to 
PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line.

To unsubscribe, subscribe, set Digest or Vacation to on or off, go to 
//www.freelists.org/list/pcworks .  You can also send an email to 
PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line.  Your 
member list settings can be found at 
//www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks .  Once logged in, you have 
access to numerous other email options.  

The list archives are located at //www.freelists.org/archives/pcworks/ .  
All email posted to the list will be placed there in the event anyone needs to 
look for previous posts.
-zxdjhu-

Other related posts:

• » [PCWorks] Apple iTunes Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Apple iTunes Multiple Vulnerabilities - Clint Hamilton-PCWorks Admin
• » [PCWorks] Apple iTunes Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin

1. Home
2. pcworks
3. Archive
4. 06-2010

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---