| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 14 Mar 2022 17:13:14 -0700 From: Apple Product Security via Fulldisclosure <fulldisclosure@...lists.org> To: security-announce@...ts.apple.com Subject: [FD] APPLE-SA-2022-03-14-10 iTunes 12.12.3 for Windows -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-03-14-10 iTunes 12.12.3 for Windows iTunes 12.12.3 for Windows addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213188. ImageIO Available for: Windows 10 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-22611: Xingyu Jin of Google ImageIO Available for: Windows 10 and later Impact: Processing a maliciously crafted image may lead to heap corruption Description: A memory consumption issue was addressed with improved memory handling. CVE-2022-22612: Xingyu Jin of Google WebKit Available for: Windows 10 and later Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A cookie management issue was addressed with improved state management. WebKit Bugzilla: 232748 CVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix WebKit Available for: Windows 10 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. WebKit Bugzilla: 234966 CVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro Zero Day Initiative iTunes 12.12.3 for Windows may be obtained from: https://www.apple.com/itunes/download/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIvyyAACgkQeC9qKD1p rhjG1A//SUYQTx9Ic3gF+VdgEV6qUFSlWvgcPL1UW1KWwbemcL4L4GwpzMDt6EBV COmD4B+LSlLAlk+yA5Dx/ANOSSRn0L/XwDekTUqKiqs65XSwtpmh8rnlhI1MBRy1 04lqPJv2bA0yfQGJ29AXYZi2X1U3jqQ76Q1EnlN6fCo+2ebut+X2CAlN3uckWNot C9n/wmJxMYi4a9AbX85AYFEh3SPlg2X5URFSpc3N4KQflQE2/9mqypR8itr6SikM FWCuhrE4k7asvdT55nEFEgrre0CP73VKPqhCtOEtDucafzFcyounLU9yQOfsFIdh 9xzsRwtrwIPZIzNNIL29qf5W0dsi9Q5KUQprkrP0CNwueY4otkeBHrTafufPjMBE F/G9/uIyxoYabgeZ/mkKpxwqIsGMq44vA7/BEN+gCPpMj03VAbhV79D77vJrGDVv vrV1/a6necl0H34YCYRC4FvJ+DjocvR6CvpbhFyadHDRKHVGi78pGg+Qknh2AFpI AdjsgNNUOHSU9nH1D8U1b5FgElSYFKZPcOQugydZvXNYWq806Tome1MqGPIfiKUe YRW3DrnESBZUWpQyGDByFQxFFrPsAlU8It1+k78Uq5nj7TJq9Cb1RpKaJwHR3hyp 3/EziIMJeIqDk/DeQ11+7hjG9bC18qcoXTsw1NmpRzZDaRzc7lc= =PRjy -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists