| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 13 Dec 2017 14:18:49 -0800 From: Apple Product Security <product-security-noreply@...ts.apple.com> To: security-announce@...ts.apple.com Subject: [FD] APPLE-SA-2017-12-13-4 iTunes 12.7.2 for Windows -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-12-13-4 iTunes 12.7.2 for Windows iTunes 12.7.2 for Windows addresses the following: APNs Server Available for: Windows 7 and later Impact: An attacker in a privileged network position can track a user Description: A privacy issue existed in the use of client certificates. This issue was addressed through a revised protocol. CVE-2017-13864: FURIOUSMAC Team of United States Naval Academy WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-7156: an anonymous researcher CVE-2017-7157: an anonymous researcher CVE-2017-13856: Jeonghoon Shin CVE-2017-13870: an anonymous researcher CVE-2017-13866: an anonymous researcher Installation note: iTunes 12.7.2 for Windows may be obtained from: https://www.apple.com/itunes/download/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAloxnVIpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEat2w/+ LfcayyJHN1Hw976DBscT+cI9qPKrkaOJRZ9htR+t28y4bSFOrQs1aTBFjEE475iP XIhBSz1lacDFEM59jgwpPU3AHvhIQfzoO6r5Unvr17sdr5+TwE8opVPSwUgiBbJm 6X6XZh8F7VT08Vtugzj6SAc+YA3nUQuEgDYq31le0EgHcWEsqRMM86WArk1yNuP9 9hErnTMMoRKqNGTsSGompZgATjbDAsp8DU+hWRJK7B5TsMLrf8WNYXxKAhEcOzA+ 7NVBJG0+7t4sU6D1wQPgyOxynM+fUi7XytgHgId5VBcvhac6HD6ENlCjE789yZB0 fKzTQ57eqfAMo5Whts3c2/6SKhkXucqJce6xAKQaZk8KEWxWsB8o/keN1zQifOnR yt6gLJvj2f3npuakNVu2mx46y2XFWiJ5Z3+vnGikQAPE9FU7Wbu55hl8lLB+8fNb gEnmtrFxM3kwgFHceoMaFtrE6qF6J+cjoRQjMiJ/YnzuStJLOAtMZx0r7ttX3a6K b6IwfAC7aqrIDYgZVMDY8zLsorEE9s97dMLLvWTpI73z0u34K/aiXrvygncLcqsb vklP4Dh30AhSnB9p5QFtA9PIEnWGveqWbNddzET5ruddZGUnXfAmVCyQHbBEoQup DLuWB/SAiEOcb+2Sw6CnMIzsMlG0GxxVEqYR9kbOKCc= =5oVo -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists