lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <8CC6B777-D0E4-458A-A8F8-D9E3192EC89E@lists.apple.com> Date: Tue, 4 Apr 2017 17:48:53 -0700 From: Apple Product Security <product-security-noreply@...ts.apple.com> To: security-announce@...ts.apple.com Subject: [FD] APPLE-SA-2017-04-04-1 Apple Music 2.0 for Android -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-04-04-1 Apple Music 2.0 for Android Apple Music 2.0 for Android is now available and addresses the following: Apple Music Available for: Android version 4.3 or later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: A certificate validation issue existed in Apple Music for Android. This issue was addressed through improved certificate validation. CVE-2017-2387: David Coomber of Info-Sec.CA Installation note: Apple Music 2.0 for Android may be obtained from Google Play. Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCgAGBQJY495eAAoJEIOj74w0bLRGVxwP/RCoUs/5c4PWbLKKMSIRqn/0 CQXJJsFW4IhR2ve9fyokQiYNNNRXkbz2hIj/veuv4mHfo9cq5iN4qdbktBQIiuCJ V3emDwGO8+thvJUJXZ5AMBz8lX0zEvqN1k2yIyk7lzqQQOzx0hIJASWX0B2oBB95 IsjbUmybVwRCL32Sn86RW9lVisfcchjwRMbYtoBORLqjLJOuQnTQzc91VdeSO4o/ pg0Am9OcumlhkeiEpu/RXBgnb7x7bx/KdFfQYEVDiyWmCxYJkDI96SDYuvu037f1 ZRL0hmmfgtMDjitVF2vAailMQkJ+JRaIkK/YW5sAUY+p6OdwRnOx+0ZQbrMfTFrK x8EdAo8v84HsEFToz7nRXy9tF3CLumWuSaOy6nJ7UKnFR6nXqqqXI6z7+M+HGcpY UVyspkBm9kYjLFz798tLCIUOdtIgURMkBTDIzrsAixaxDbUUrfgOxBwohh8gTE5X 1rucHpi5fK15SkCBndbRa2sDGnmNKP9MT0OL8DkRwQ06Owr5rn66emVc1vP26jK/ vvFwW5xRTdfXSTB5iU3QWwcDIlWu8D6sfMQAaPt1lSg0luvIUlAQGSiIfF92grOo PQfsZ8zUu1ghDefKxy7DfhUAlfjabM3c00p9mqjroFyQO//QiMnogGDDhC3oQx9V uOCp21cCIHCLiYFyhV2y =eJ3o -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists