ESB-2017.2427 - [OSX] Apple iTunes: Access confidential data - Remote with user interaction 2017-09-26

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2017.2427
                                iTunes 12.7
                             26 September 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Apple iTunes
Publisher:         Apple
Operating System:  OS X
Impact/Access:     Access Confidential Data -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2017-7079  

Original Bulletin: 
   https://support.apple.com/kb/HT201222

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-09-25-7 iTunes 12.7

iTunes 12.7 addresses the following:

Data Sync
Available for: OS X Yosemite 10.10.5 and later
Impact: An application may be able to access iOS backups performed
through iTunes
Description: An access control issue was addressed by restricting
access to iOS backups to iTunes.
CVE-2017-7079: Pi Delta
Entry added September 25, 2017

Installation note:

iTunes 12.7 may be obtained from:
https://www.apple.com/itunes/download/

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJZyUQgAAoJEIOj74w0bLRGnGsQAJop+zlod9UQSlJfdRxJ01ki
GJfR8gw9GWDLvc3JY4XULXJfED23KH7OK4OeiR1/NXdc/yR4fJWGph11p9Lb9Lez
QCbLl63aM4leC3M1yBberlaLQ6kNwk/Wo5TlllhrJLddy3OP3Otfah5A9BWg/d6J
e27wiYtjW3Su0GjomrV7T40dD37VUc4ugJTH50pa93/RDQnXs2oTjqI7ofkuuYoj
OB/03oDSlZgZO4YfyZVlKQ73uNA0zHKW6HI+ykLEJqFBKHxBKhCAaPYL29F4kOkl
AE17dyZr1910x8PIaThWhej/LxLeTBgbxtTs4pvr2Sl3K/vMtNoHg6kvmHBeuacj
d/IOLwrFaVq6ZjPoqsEupkbrpJeNUvXcGl05QAwgrAZBlXV79Uz2PAE885G78wuD
R2aWsOFVv2uFaQLvy5J8hxSahqGpA0EuzWu8Miq9k2toz19kvOL3LC16pJ5uUZEs
5MmiZwEVs785JhWUFU22Ecmd5pYi+AGVXI+DnBdkhKZWDU45RCbKhOoD1EtAPXSO
op8Rxs0XQD1AJNgTvBBgW/W+kf32OTJFImwT5jT4IKaljaovM0HtpDbDcUscRZYr
1zkSoqAbrZ3+Lq+3HdYvX8WVNHaUoRPnCgznp5GlDxRvc/jyE65Pr1BBRq9Xu2LJ
k6rrKA4qvyBDvMBUPusT
=l/hz
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWcmeEIx+lLeg9Ub1AQhCBg//fwU+FZbyX+92pagSEkwRHv90AKPibtHK
N888t6UuYB66wizg1w9oud2j35uLEg1LkYxIM8ZvjGb5qSrresZBzH1fWVAN/TqE
dSGyoCVs+EUPEe7J2kn97H1zTNMSxtKPxLxBIdQmb4j40o/ud5j2aDOQfwzWRkf5
2wO2Hv7dY0eSO9t4q2Zk0Z9HWl4UAOqGvwVvHbKf0NyQCaAhEVy7vO2PLHiwDO+c
7uBdHxloQYtTNG8Vi/8DQjXaDrkepmCmL5eoyAE2L2SRu3THg5biRtA7Mh+NVZuT
vdJHgDVIpGDrAyWZib3L5xsNBufQBdClotEewHWjPHePwRCunAKKZgGRO60FCWBZ
KqewH4Ybefo5CuXra1H5rdKkui5zkyiCF0f3pBkf6OVEWm7RuQlOs14rub1uNJeq
evVgo8zb7vdFKeyFcQZM5MQ8rUrkmepd64hBcyYB2m2aHH3D/qJQGSUEfUTGyhoG
NWSK9soQ9Whn6qwor3vdLj20WMNiKMzwtWrcB8XYdhYd9erMLk2EaI4VP/0+CV0D
FKTl2Ubm9yIK6qQX+Wf1MfeQrJiuYxf12v6lndGGd+oF1un2pxE8ffYB7B25+hPp
ANJkOMaTLcoxjfI6T+MGiXe5K1k+3bivMJ8WrDMbArSJALuZ0wxa+zOUjKBRuucs
XCtY28KuWHs=
=8DUW
-----END PGP SIGNATURE-----

« Back to bulletins