lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <06E90E6D-4209-4B38-9F3B-AEC201CF4EFD@lists.apple.com>
Date: Thu, 16 Oct 2014 17:10:28 -0700
From: Apple Product Security <product-security-noreply@...ts.apple.com>
To: security-announce@...ts.apple.com
Subject: APPLE-SA-2014-10-16-6 iTunes 12.0.1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2014-10-16-6 iTunes 12.0.1

iTunes 12.0.1 is now available and addresses the following:

iTunes
Available for:  Windows 8, Windows 7, Vista, XP SP2 or later
Impact:  A man-in-the-middle attack while browsing the iTunes Store
via iTunes may lead to an unexpected application termination or
arbitrary code execution
Description:  Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2013-2871 : miaubiz
CVE-2013-2875 : miaubiz
CVE-2013-2909 : Atte Kettunen of OUSPG
CVE-2013-2926 : cloudfuzzer
CVE-2013-2927 : cloudfuzzer
CVE-2013-2928 : Google Chrome Security Team
CVE-2013-5195 : Apple
CVE-2013-5196 : Google Chrome Security Team
CVE-2013-5197 : Google Chrome Security Team
CVE-2013-5198 : Apple
CVE-2013-5199 : Apple
CVE-2013-5225 : Google Chrome Security Team
CVE-2013-5228 : Keen Team (@K33nTeam) working with HP's Zero Day
Initiative
CVE-2013-6625 : cloudfuzzer
CVE-2013-6635 : cloudfuzzer
CVE-2013-6663 : Atte Kettunen of OUSPG
CVE-2014-1268 : Apple
CVE-2014-1269 : Apple
CVE-2014-1270 : Apple
CVE-2014-1289 : Apple
CVE-2014-1290 : ant4g0nist (SegFault) working with HP's Zero Day
Initiative, Google Chrome Security Team
CVE-2014-1291 : Google Chrome Security Team
CVE-2014-1292 : Google Chrome Security Team
CVE-2014-1293 : Google Chrome Security Team
CVE-2014-1294 : Google Chrome Security Team
CVE-2014-1298 : Google Chrome Security Team
CVE-2014-1299 : Google Chrome Security Team, Apple, Renata Hodovan of
University of Szeged / Samsung Electronics
CVE-2014-1300 : Ian Beer of Google Project Zero working with HP's
Zero Day Initiative
CVE-2014-1301 : Google Chrome Security Team
CVE-2014-1302 : Google Chrome Security Team, Apple
CVE-2014-1303 : KeenTeam working with HP's Zero Day Initiative
CVE-2014-1304 : Apple
CVE-2014-1305 : Apple
CVE-2014-1307 : Google Chrome Security Team
CVE-2014-1308 : Google Chrome Security Team
CVE-2014-1309 : cloudfuzzer
CVE-2014-1310 : Google Chrome Security Team
CVE-2014-1311 : Google Chrome Security Team
CVE-2014-1312 : Google Chrome Security Team
CVE-2014-1313 : Google Chrome Security Team
CVE-2014-1323 : banty
CVE-2014-1324 : Google Chrome Security Team
CVE-2014-1325 : Apple
CVE-2014-1326 : Apple
CVE-2014-1327 : Google Chrome Security Team, Apple
CVE-2014-1329 : Google Chrome Security Team
CVE-2014-1330 : Google Chrome Security Team
CVE-2014-1331 : cloudfuzzer
CVE-2014-1333 : Google Chrome Security Team
CVE-2014-1334 : Apple
CVE-2014-1335 : Google Chrome Security Team
CVE-2014-1336 : Apple
CVE-2014-1337 : Apple
CVE-2014-1338 : Google Chrome Security Team
CVE-2014-1339 : Atte Kettunen of OUSPG
CVE-2014-1340 : Apple
CVE-2014-1341 : Google Chrome Security Team
CVE-2014-1342 : Apple
CVE-2014-1343 : Google Chrome Security Team
CVE-2014-1344 : Ian Beer of Google Project Zero
CVE-2014-1362 : Apple, miaubiz
CVE-2014-1363 : Apple
CVE-2014-1364 : Apple
CVE-2014-1365 : Apple, Google Chrome Security Team
CVE-2014-1366 : Apple
CVE-2014-1367 : Apple
CVE-2014-1368 : Wushi of Keen Team (Research Team of Keen Cloud Tech)
CVE-2014-1382 : Renata Hodovan of University of Szeged / Samsung
Electronics
CVE-2014-1384 : Apple
CVE-2014-1385 : Apple
CVE-2014-1386 : an anonymous researcher
CVE-2014-1387 : Google Chrome Security Team
CVE-2014-1388 : Apple
CVE-2014-1389 : Apple
CVE-2014-1390 : Apple
CVE-2014-1713 : VUPEN working with HP's Zero Day Initiative
CVE-2014-1731 : an anonymous member of the Blink development
community
CVE-2014-4410 : Eric Seidel of Google
CVE-2014-4411 : Google Chrome Security Team
CVE-2014-4412 : Apple
CVE-2014-4413 : Apple
CVE-2014-4414 : Apple
CVE-2014-4415 : Apple


iTunes 12.0.1 may be obtained from:
http://www.apple.com/itunes/download/

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJUQCKuAAoJEBcWfLTuOo7t3cgP/RCpdvSrkHZM2SsNXSVtaCfW
auW4hMgN5s2OkYxWwiHDhnKB6dM5Jb4aC5a4j7JECUMRZ7MxIw4EgfV0SJDfRP7M
90YhewGKLaapfc6SRYl1lws+Me+OXf0tjzgBEyD+3qdhFDCCQzWh2F+rpjj4Bzbo
cWrPn454dEEvJvDRc7/U13xvbSNm94jedzZjuCDkiA8+1UFF1fWqxU1Iw8HjW1U2
KUe0Uzrpyul85shviO/nO4hnuGMT3i85ZBmTWjMhsOteLsp/ZRSHrvuKps3XM0qg
rBp8W//gFgYreMUP3m779SkCAPznmA7XnufCZBdbLJwdQBac+xdcjdQa+RdjUfXA
Fb8sDaNQm1qJVfo8kDWe6ED7MbnxbwrpKswQFN2Mft3wXLNdfdViLmQ4A3mJ+1ju
0RoR8SuoZiZrClbPW0C08i6Y4EZfVeG1lNzJQySlqg2ZhFPcrdQMyLr0mSs58ClE
19km+0fMKWzb8XJsQZkir41P5sheldAVsqtQBud2Q25xnM8LmTDuX1ywXUEvTKO8
SRAZ4EF1vvfVpHE9w/XgBzRC9J23scN1/WnzDeoVMxkz4YrvsZdV3bjJJMJ4bDs6
85hjnwYe8QFnfaZPoMcstwWQMxA8Hl4mhu3B+1PKWlT6FENpCKCCc5W5MxWrAXnp
K0B4Ue5bqvDqVL0KLkrB
=+heG
-----END PGP SIGNATURE-----


Download attachment "signature.asc" of type "application/pgp-signature" (842 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ