[<prev] [next>] [day] [month] [year] [list]
Message-Id: <8D223145-E40E-4C19-8E3A-9CE428D37DE4@lists.apple.com>
Date: Mon, 27 Mar 2017 11:32:15 -0700
From: Apple Product Security <product-security-noreply@...ts.apple.com>
To: security-announce@...ts.apple.com
Subject: [FD] APPLE-SA-2017-03-27-1 Pages 6.1, Numbers 4.1, and Keynote 7.1
for Mac; Pages 3.1, Numbers 3.1, and Keynote 3.1 for iOS
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-03-27-1 Pages 6.1, Numbers 4.1, and Keynote 7.1
for Mac; Pages 3.1, Numbers 3.1, and Keynote 3.1 for iOS are now
available and address the following:
Export
Available for: macOS 10.12 Sierra or later, iOS 10 or later
Impact: The contents of password-protected PDFs exported from iWork
may be exposed
Description: iWork used weak 40-bit RC4 encryption for password-
protected PDF exports. This issue was addressed by changing iWork
export to use AES-128.
CVE-2017-2391: Philipp Eckel of ThoughtWorks
Installation note:
Pages 6.1, Numbers 4.1, and Keynote 7.1 for Mac and Pages 3.1,
Numbers 3.1, and Keynote 3.1 for iOS may be obtained from the
App Store.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJY2VkhAAoJEIOj74w0bLRGtMYQAMixdDDlyh/wWcT8bTLSekBU
6CqKrmus7LmaKyaqSjpzTlh4P40fLjpiPEukBzSerLeHlSBZ2mOpGcpXcC5evRDG
GVJe5J7DeJyfk0Asta+9sgX/YAms9VcqZS9AxAVA7LeP1yspxAej6FMyP+vnvK6c
y4SAzxlAZLjzMORaXnn/erp9SAtyyituD1TIhP4dIjcM7YNb0heKO46FCFVflcKd
jqamu5A+W7D3i0f2dxlw5cN8J2Lpbeue/hoKT+thO+97zGjvUtqY53LOvOGcpYvD
bxp3Ld2fCgCVgpalIrsvBYXbnBTgn/Mvve8dax2Ub0s95IxQkEr3SP1gr/YubSE9
EXg1PhmwnozUXsbZZV68nnQ2xfzc5CgjjojPBF8sg8BCFqXy4k5qkHi9sLdwxCis
Hlcl6OyrkF+Puqjs3XZPzfSUKndL4pXiIv8H7nPgtCIsIF6BjABQGLUKOSNNtQwe
ySAatdMCB1ut3NkSBh+yjIsK9QshiD9JbUhlZkLvkJhhcZp+rFac4adTN6U9svbO
ehttNA2kPOW/YnYv42tk499cA+S3gHYHl7jzGnQNq2aQT/AZFg9lDJFYS0qqdLCW
G0XaKDiSzsAkCa54UIyc2e+/St/b10kNXuTxKa/Q9Y9Mh9RtJUHHm0FrLPkevZJ7
MxmltI7TPqTEOCpaYFfd
=cT2K
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists