Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.3156 APPLE-SA-2021-09-20-9 iTunes U 3.8.3 21 September 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: iTunes U Publisher: Apple Operating System: Apple iOS Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2021-30862 Original Bulletin: https://support.apple.com/HT212809 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2021-09-20-9 iTunes U 3.8.3 iTunes U 3.8.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212809. iTunes U Available for: iOS 12.4 and later or iPadOS 12.4 and later Impact: Processing a maliciously crafted URL may lead to arbitrary javascript code execution Description: A validation issue was addressed with improved input sanitization. CVE-2021-30862: Giyas Umarov (@3h6_1) of Holmdel High School Installation note: iTunes U 3.8.3 for iOS may be obtained from the App Store. Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmFI888ACgkQeC9qKD1p rhjucBAAo/VGsbEPr5OuaH7BLssGjchFhRQeyuT5d2H50dyE7Y0Os3ryZFdkPfo9 Sg2gX2A5jToz5EIXEddSWO+Ecaa80Iek/Gq4/HT5YzAenOlTYHaCn5cXbsa1jgfs 0VEyGLur1j/GRb6fSENh+cXphllCuizzkIxBwMSfG36HuMmFNiAakS/hbUwBe6Fz QaejFaKip84ZKl5xpZEQdGVMKeLwrY4zdW1Qz3KV5HPw9s20xZgmHshIf3Vn7TrN OPZcJHYmC957IgONt+pdLq2jvIX/D7cWgx+FTgoIfyl3NpSfc0cVOUixBvnAQ+ci SM17NRMyQuht2BNjBVePWAjHTORHuYO0o8fXFWI4GkaqzXeDJfa8G6APWOujPRQr 1u6vfc8q4ztfTEaEetZU6K0tbsF72l28QGE6yctZD91i7qOLjK53u5hEX7N/s6AR Q2MEpWte6+3NuAWngBp65d59oCLNsm5WRuVbynxS0m743bX9yAhPSPe5gRxsTMS1 7ebusKl1CDsJ65uUc8QtmYZg2lPL+em/cvhny8h6/xYYg+YFWlJ7X2/bKnp1EPZK 6PVCd9qG8hucQq1kRpsbfCrzApAsVHZJHJibNgmYD98Au7nTCLZxMq7h9IVF5uzN AnG5yF6UWps2UlZhB3k2P5lqTHurOU1r3gcBL7+QUcD6H48x8lc= =M9XX - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYUlAkONLKJtyKPYoAQim3A/+NC2uUI/7uZ/ffdJ2a35GT3d/xVI6v+av NB4IXf5QfSBYVitobMiu8hTeQp5JdzvkP2YKaT5wQ4t9VYWXpVtAmOJQMI1AFhUl b4C9wp39UCy26wteyWZYeZZk+UwdIwefJPi/+q5GysCzZwaJ1Eq1/vrYqUBmioes ASXrH5U0/82Sscl6VQdpwCI3B4P1FJMM+vJwviIXb+P5AimXctHYLIXfU4VwF1Ct bAgzSDmGE5gZ2RSoAVc0XjGlVIfrH1WK1fZhMYj5zwib5tufCak5/5ksCQ0SZ9IE ogUh3g6/CbjhPa3bR/9/J97lqw/K+47RMFyOaHmeoYwUwsuR+LK7IOrpVHNIBDpu B0ZCyGkKllAIvr3xP2YpKopbwqSdV8G+6mydN37mSWt2sERKCXA3nLt3fBNo6iVE GcqlaBjywIN/5JKOhH8XGQjuAL/ld0az+0sKGddMjAZPmR4fibbqyl8nYk4IqeqI yt6jPGmFx6GwA3RqShwIqu7Tn54KPZwCMMZW18elql4uFsh06WyNjz+CaBPUs39a aobllDODOtZiMxVlZrponMcua+4NCPU9JUdorg4sLl4R8Iq/9WELYSXkcJ0DRWuX dXHDrqy3eCUNy0eV3xF960gw2549ppqkRLAznxALyHSMmk8i5EopPdvrA+ZP1dHU KkX3anmVFyc= =J6d4 -----END PGP SIGNATURE-----