Date: 02 September 2010
References: ESB-2010.0657 ESB-2010.1066
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2010.0792
iTunes 10
2 September 2010
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: iTunes prior to version 10
Publisher: Apple
Operating System: Mac OS X
Windows
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Cross-site Scripting -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Access Confidential Data -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2010-1793 CVE-2010-1792 CVE-2010-1791
CVE-2010-1790 CVE-2010-1789 CVE-2010-1788
CVE-2010-1787 CVE-2010-1786 CVE-2010-1785
CVE-2010-1784 CVE-2010-1783 CVE-2010-1782
CVE-2010-1780
Reference: ESB-2010.0657
Original Bulletin:
http://support.apple.com/kb/HT4328
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2010-09-01-1 iTunes 10
iTunes 10 is now available and addresses the following:
WebKit
CVE-ID: CVE-2010-1780, CVE-2010-1782, CVE-2010-1783, CVE-2010-1784,
CVE-2010-1785, CVE-2010-1786, CVE-2010-1787, CVE-2010-1788,
CVE-2010-1789, CVE-2010-1790, CVE-2010-1791, CVE-2010-1792,
CVE-2010-1793
Available for: Windows 7, Vista, XP SP2 or later
Impact: Multiple vulnerabilities in WebKit
Description: WebKit for Windows is updated to include the security
fixes provided in Safari 5.0.1. Further information is available at
http://support.apple.com/kb/HT4276
iTunes 10 may be obtained from:
http://www.apple.com/itunes/download/
For Mac OS X:
The download file is named: "iTunes10.dmg"
Its SHA-1 digest is: 936a24a8897d024bddaeab1ef771d8b6e678f1f9
For Windows XP / Vista / Windows 7:
The download file is named: "iTunesSetup.exe"
Its SHA-1 digest is: 9bae2670a66e04beb87de7d7a645c9abff2f5b0b
For 64-bit Windows XP / Vista / Windows 7:
The download file is named: "iTunes64Setup.exe"
Its SHA-1 digest is: 8103e9a3da41789f57adcce7ef973e9812c02e6f
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (Darwin)
iQEcBAEBAgAGBQJMfsMfAAoJEGnF2JsdZQeekW8H/2VIr2jNZI3m2QbS0htUcdtN
ARa0/PkkvU51pAneStdraRQheN+mU8nDCf0uSUpP5A9K2X5gFx6Do/OYZeyIxOxs
ff6z/7qHQWLio6dPrp+jhbGevHivpAIGb/PqIUNHC94FKNaHUDXx+J8WB2Ht8475
gqNiGxHXlLE/7N/eqafLPonPJSYus9EtabHS5Yk0QlAeCd1RZ3GckiiEHscTI4Sl
C8V85L5EwSv3owbhVyIPo8CmRz/PP52G3LAnLdLcmID4/UoLJPRU3YiQDhS/6qXy
LQ5toTCtZ1V533kUKmHpBUu+HMFmXhh7GMHP7X1dsNKCA1boImf3k9+eKN8CCVE=
=o8k+
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iD8DBQFMfysl/iFOrG6YcBERAt+AAKDdPjmKz2H8E0ZGavAJYSC9VcuSAwCfaCfA
ALM7Uf1RJ4ptlsW6YHZm5r8=
=apZG
-----END PGP SIGNATURE-----
|