TITLE: Apple iTunes Multiple Vulnerabilities Criticality level: Highly critical Impact: Security Bypass, Exposure of sensitive information, System access Where: From remote VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40196/ DESCRIPTION: Multiple vulnerabilities have been reported in Apple iTunes. Some have an unknown impact and others can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, or compromise a user's system. 1) An error when processing ColorSync profiles embedded in a specially crafted image can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code. This is related to vulnerability #3 in: SA36096 2) Multiple integer overflows when processing TIFF files can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code. For more information: SA40181 3) Multiple vulnerabilities in WebKit can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, and potentially compromise a user's system. For more information: SA37931 SA40105 4) One unspecified vulnerability with an unknown impact has been reported in WebKit included in iTunes. No further information is currently available. 5) Two vulnerabilities in WebKit can be exploited by malicious people to compromise a user's system. For more information see vulnerability #14 and 15 in: SA40257 SOLUTION: Update to version 9.2. ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT4220 ========================= The list's FAQ's can be seen by sending an email to PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line. To unsubscribe, subscribe, set Digest or Vacation to on or off, go to //www.freelists.org/list/pcworks . You can also send an email to PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line. Your member list settings can be found at //www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks . Once logged in, you have access to numerous other email options. The list archives are located at //www.freelists.org/archives/pcworks/ . All email posted to the list will be placed there in the event anyone needs to look for previous posts. -zxdjhu-