U radu programskog paketa iTunes (za sustave Windows 7, Vista, XP SP2) uočeno je više sigurnosnih propusta. Udaljeni ih napadači mogu iskoristiti za izvođenje DoS napada ili pokretanje proizvoljnog programskog koda.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2012-09-12-1 iTunes 10.7

iTunes 10.7 is now available and addresses the following:

WebKit
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description:  Multiple memory corruption issues existed in WebKit.
These issues are addressed through improved memory handling.
CVE-ID
CVE-2011-3016 : miaubiz
CVE-2011-3021 : Arthur Gerkis
CVE-2011-3027 : miaubiz
CVE-2011-3032 : Arthur Gerkis
CVE-2011-3034 : Arthur Gerkis
CVE-2011-3035 : wushi of team509 working with iDefense VCP, Arthur
Gerkis
CVE-2011-3036 : miaubiz
CVE-2011-3037 : miaubiz
CVE-2011-3038 : miaubiz
CVE-2011-3039 : miaubiz
CVE-2011-3040 : miaubiz
CVE-2011-3041 : miaubiz
CVE-2011-3042 : miaubiz
CVE-2011-3043 : miaubiz
CVE-2011-3044 : Arthur Gerkis
CVE-2011-3050 : miaubiz
CVE-2011-3053 : miaubiz
CVE-2011-3059 : Arthur Gerkis
CVE-2011-3060 : miaubiz
CVE-2011-3064 : Atte Kettunen of OUSPG
CVE-2011-3068 : miaubiz
CVE-2011-3069 : miaubiz
CVE-2011-3071 : pa_kt working with HP's Zero Day Initiative
CVE-2011-3073 : Arthur Gerkis
CVE-2011-3074 : Slawomir Blazek
CVE-2011-3075 : miaubiz
CVE-2011-3076 : miaubiz
CVE-2011-3078 : Martin Barbella of the Google Chrome Security Team
CVE-2011-3081 : miaubiz
CVE-2011-3086 : Arthur Gerkis
CVE-2011-3089 : Skylined of the Google Chrome Security Team, miaubiz
CVE-2011-3090 : Arthur Gerkis
CVE-2011-3105 : miaubiz
CVE-2011-3913 : Arthur Gerkis
CVE-2011-3924 : Arthur Gerkis
CVE-2011-3926 : Arthur Gerkis
CVE-2011-3958 : miaubiz
CVE-2011-3966 : Aki Helin of OUSPG
CVE-2011-3968 : Arthur Gerkis
CVE-2011-3969 : Arthur Gerkis
CVE-2011-3971 : Arthur Gerkis
CVE-2012-0682 : Apple Product Security
CVE-2012-0683 : Dave Mandelin of Mozilla
CVE-2012-1520 : Martin Barbella of the Google Chrome Security Team
using AddressSanitizer, Jose A. Vazquez of spa-s3c.blogspot.com
working with iDefense VCP
CVE-2012-1521 : Skylined of the Google Chrome Security Team, Jose A.
Vazquez of spa-s3c.blogspot.com working with iDefense VCP
CVE-2012-2817 : miaubiz
CVE-2012-2818 : miaubiz
CVE-2012-2829 : miaubiz
CVE-2012-2831 : miaubiz
CVE-2012-2842 : miaubiz
CVE-2012-2843 : miaubiz
CVE-2012-3589 : Dave Mandelin of Mozilla
CVE-2012-3590 : Apple Product Security
CVE-2012-3591 : Apple Product Security
CVE-2012-3592 : Apple Product Security
CVE-2012-3593 : Apple Product Security
CVE-2012-3594 : miaubiz
CVE-2012-3595 : Martin Barbella of Google Chrome Security
CVE-2012-3596 : Skylined of the Google Chrome Security Team
CVE-2012-3597 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3598 : Apple Product Security
CVE-2012-3599 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3600 : David Levin of the Chromium development community
CVE-2012-3601 : Martin Barbella of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3602 : miaubiz
CVE-2012-3603 : Apple Product Security
CVE-2012-3604 : Skylined of the Google Chrome Security Team
CVE-2012-3605 : Cris Neckar of the Google Chrome Security team
CVE-2012-3606 : Abhishek Arya of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3607 : Abhishek Arya of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3608 : Skylined of the Google Chrome Security Team
CVE-2012-3609 : Skylined of the Google Chrome Security Team
CVE-2012-3610 : Skylined of the Google Chrome Security Team
CVE-2012-3611 : Apple Product Security
CVE-2012-3612 : Skylined of the Google Chrome Security Team
CVE-2012-3613 : Abhishek Arya of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3614 : Yong Li of Research In Motion, Inc.
CVE-2012-3615 : Stephen Chenney of the Chromium development community
CVE-2012-3616 : Abhishek Arya of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3617 : Apple Product Security
CVE-2012-3618 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3620 : Abhishek Arya of Google Chrome Security Team
CVE-2012-3621 : Skylined of the Google Chrome Security Team
CVE-2012-3622 : Abhishek Arya of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3623 : Skylined of the Google Chrome Security Team
CVE-2012-3624 : Skylined of the Google Chrome Security Team
CVE-2012-3625 : Skylined of Google Chrome Security Team
CVE-2012-3626 : Apple Product Security
CVE-2012-3627 : Skylined and Abhishek Arya of Google Chrome Security
team
CVE-2012-3628 : Apple Product Security
CVE-2012-3629 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3630 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3631 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3632 : Abhishek Arya of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3633 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3634 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3635 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3636 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3637 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3638 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3639 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3640 : miaubiz
CVE-2012-3641 : Slawomir Blazek
CVE-2012-3642 : miaubiz
CVE-2012-3643 : Skylined of the Google Chrome Security Team
CVE-2012-3644 : miaubiz
CVE-2012-3645 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3646 : Julien Chaffraix of the Chromium development
community, Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3647 : Skylined of the Google Chrome Security Team
CVE-2012-3648 : Abhishek Arya of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3649 : Dominic Cooney of Google and Martin Barbella of the
Google Chrome Security Team
CVE-2012-3651 : Abhishek Arya and Martin Barbella of the Google
Chrome Security Team
CVE-2012-3652 : Martin Barbella of Google Chrome Security Team
CVE-2012-3653 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3654 : Skylined of the Google Chrome Security Team
CVE-2012-3655 : Skylined of the Google Chrome Security Team
CVE-2012-3656 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3657 : Abhishek Arya of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3658 : Apple
CVE-2012-3659 : Mario Gomes of netfuzzer.blogspot.com, Abhishek Arya
of the Google Chrome Security Team using AddressSanitizer
CVE-2012-3660 : Abhishek Arya of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3661 : Apple Product Security
CVE-2012-3663 : Skylined of Google Chrome Security Team
CVE-2012-3664 : Thomas Sepez of the Chromium development community
CVE-2012-3665 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3666 : Apple
CVE-2012-3667 : Trevor Squires of propaneapp.com
CVE-2012-3668 : Apple Product Security
CVE-2012-3669 : Apple Product Security
CVE-2012-3670 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer, Arthur Gerkis
CVE-2012-3671 : Skylined and Martin Barbella of the Google Chrome
Security Team
CVE-2012-3672 : Abhishek Arya of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3673 : Abhishek Arya of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3674 : Skylined of Google Chrome Security Team
CVE-2012-3675 : Abhishek Arya of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3676 : Julien Chaffraix of the Chromium development
community
CVE-2012-3677 : Apple
CVE-2012-3678 : Apple Product Security
CVE-2012-3679 : Chris Leary of Mozilla
CVE-2012-3680 : Skylined of Google Chrome Security Team
CVE-2012-3681 : Apple
CVE-2012-3682 : Adam Barth of the Google Chrome Security Team
CVE-2012-3683 : wushi of team509 working with iDefense VCP
CVE-2012-3684 : kuzzcc
CVE-2012-3685 : Apple Product Security
CVE-2012-3686 : Robin Cao of Torch Mobile (Beijing)
CVE-2012-3687 : kuzzcc
CVE-2012-3688 : Abhishek Arya of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3692 : Skylined of the Google Chrome Security Team, Apple
Product Security
CVE-2012-3699 : Abhishek Arya of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3700 : Apple Product Security
CVE-2012-3701 : Abhishek Arya of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3702 : Abhishek Arya of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3703 : Apple Product Security
CVE-2012-3704 : Skylined of the Google Chrome Security Team
CVE-2012-3705 : Abhishek Arya of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3706 : Apple Product Security
CVE-2012-3707 : Abhishek Arya of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3708 : Apple
CVE-2012-3709 : Apple Product Security
CVE-2012-3710 : James Robinson of Google
CVE-2012-3711 : Skylined of the Google Chrome Security Team
CVE-2012-3712 : Abhishek Arya of the Google Chrome Security Team
using AddressSanitizer

iTunes 10.7 may be obtained from:
http://www.apple.com/itunes/download/

For Windows XP / Vista / Windows 7:
The download file is named: "iTunesSetup.exe"
Its SHA-1 digest is: 499c39aad4a05c76286e3159f4e1e081dab8fe86

For 64-bit Windows XP / Vista / Windows 7:
The download file is named: "iTunes64Setup.exe"
Its SHA-1 digest is: c632854371097edbf3d831f7f2d449297d9f988e

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJQUMRFAAoJEPefwLHPlZEwmlsP/2mlVZEsRtFPk3k/mkYyj8gs
4j8VH6D5PNk7cR5S65L0BRM6ijmvGJ1J5WyKxdK55BtZ2gd1vGjmpruSMVptDIzF
JkRQKV8koK/kqUIGI679borf8qv9hK0eFsoO8cVfGfA3LoRB94DlKl9UGhZpQjIt
bKS2hsNvDO1EWaoVFZeJw6wxx37zp8XdIuneoNsEPgECJywfMtncQT1MDE0deP5D
79vb3ds44CpCV2ltdwni5n43sUmGalCyMLkuR8GkUUQ7hd631cSOXK1mw39w6CY+
kM8lpczoW8s116E44GeGSu5rrYgOfthJPO0yUolB/kdjoccEri802YLq84Y2FV9u
c0T2BWMjmcoCEfuhT1JW6dL8FXTQGrQz/DvQlIzkzUf3KHVuu0pfc0V4bG202c2h
zGnHNsZOY38wAFwHbISBs0BM78/G2fJeOaXil2eUu1F8ChZOw4+KqQYee9lUgM1u
FBamxVVi5bzc4qj+EraLQS0X1gehKX3Riq6SwF6L7uOw0oSHTUwrqoiJq9s6CtGd
7YdxNQAugTScCWW0dCLajg5M4lW1pudOgIU1VfTnGYvqGTMsLCRL5WtJ69anQzWv
7pi898e8Wn7Iw1y3CTkoZZZNg9yD5ZvYf7FkIqEVj8ksmGliDC/O988KVg/dWQ7F
HUcSouao5FGpzuLJSdhc
=l7aG
-----END PGP SIGNATURE-----
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.)
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/security-announce/advisory%40lss.hr

This email sent to Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.