| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 05 Dec 2018 13:08:36 -0800 From: Apple Product Security via Fulldisclosure <fulldisclosure@...lists.org> To: security-announce@...ts.apple.com Subject: [FD] APPLE-SA-2018-12-05-5 iTunes 12.9.2 for Windows -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-12-05-5 iTunes 12.9.2 for Windows iTunes 12.9.2 for Windows is now available and addresses the following: Safari Available for: Windows 7 and later Impact: Visiting a malicious website may lead to address bar spoofing Description: A logic issue was addressed with improved state management. CVE-2018-4440: Wenxu Wu of Tencent Security Xuanwu Lab (xlab.tencent.com) Safari Available for: Windows 7 and later Impact: Visiting a malicious website may lead to user interface spoofing Description: A logic issue was addressed with improved validation. CVE-2018-4439: xisigr of Tencent's Xuanwu Lab (tencent.com) WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4437: HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST Softsec Lab, Korea CVE-2018-4464: HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST Softsec Lab, Korea WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4441: lokihardt of Google Project Zero CVE-2018-4442: lokihardt of Google Project Zero CVE-2018-4443: lokihardt of Google Project Zero WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A logic issue existed resulting in memory corruption. This was addressed with improved state management. CVE-2018-4438: lokihardt of Google Project Zero Installation note: iTunes 12.9.2 for Windows may be obtained from: https://www.apple.com/itunes/download/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlwINzwpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3Hw3g// fQOEkIXi4l7u3waeCvktx1kQxKzo659W0GOk+cWaBq62ZXzXLkNc45Ik2H70bSH7 /zUU9CJKUFvjWYSG3UFp8L4u5vFLXhXEDfdchvpaS3/ppOWfRjvnAuIxhqD8jYt2 QeZpwvC4Z1UlwVwYVCvycEZJ8qMtbgMiG7btV8t6QBasmvxquVB6xPEGoN/qCPWe mAatijBV3aGij1sN3ACxMv7fmQP4a+BbC9ckzTY742hZMEFdIg4So0OxRwUXR1lC AHdJx8npH9MJuwPWYGZHfCEYgrHv1NHwV82grzK/PHGjYsSwkbHQWet8uUFkPh8Z ZviXKoN52kr6rWvOaH0+p9fm0uN9G1vJ/dX3D56w2/V/mOZIy5zHkfJn9I7hTBzI PCFTEPayeqnuVz2bQsIc2+lKxcexa8epfUN+8DDSTCMuDYsi4BunS4kzK2xbhYFK B/vT+bVzLI+GngmrgmEZKCf7nMsKGVkyzKAOdfuCJ8JXfjuhrvJCWNoRjM4WHInY A/aaOWUcqW8XsURW4dRcDCvX0thkT/USsLb6a/CYmTIvxEODJAtUE/6ybTuZQ0k/ FUdVLKBhd/3fKhOWS+JG62GN5FIeLXrhocXLO5IfQUjL68Hoq3HLtEMNsunT2C4u uDBCQfs/7jnpC2E0ysGRGkYK1kV1CqMzd9GE+OlNMHg= =e5n2 -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists