Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.3156
APPLE-SA-2021-09-20-9 iTunes U 3.8.3
21 September 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: iTunes U
Publisher: Apple
Operating System: Apple iOS
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2021-30862
Original Bulletin:
https://support.apple.com/HT212809
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2021-09-20-9 iTunes U 3.8.3
iTunes U 3.8.3 addresses the following issues. Information about the security content is also available at
https://support.apple.com/HT212809.
iTunes U
Available for: iOS 12.4 and later or iPadOS 12.4 and later
Impact: Processing a maliciously crafted URL may lead to arbitrary
javascript code execution
Description: A validation issue was addressed with improved input
sanitization.
CVE-2021-30862: Giyas Umarov (@3h6_1) of Holmdel High School
Installation note:
iTunes U 3.8.3 for iOS may be obtained from the App Store.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmFI888ACgkQeC9qKD1p
rhjucBAAo/VGsbEPr5OuaH7BLssGjchFhRQeyuT5d2H50dyE7Y0Os3ryZFdkPfo9
Sg2gX2A5jToz5EIXEddSWO+Ecaa80Iek/Gq4/HT5YzAenOlTYHaCn5cXbsa1jgfs
0VEyGLur1j/GRb6fSENh+cXphllCuizzkIxBwMSfG36HuMmFNiAakS/hbUwBe6Fz
QaejFaKip84ZKl5xpZEQdGVMKeLwrY4zdW1Qz3KV5HPw9s20xZgmHshIf3Vn7TrN
OPZcJHYmC957IgONt+pdLq2jvIX/D7cWgx+FTgoIfyl3NpSfc0cVOUixBvnAQ+ci
SM17NRMyQuht2BNjBVePWAjHTORHuYO0o8fXFWI4GkaqzXeDJfa8G6APWOujPRQr
1u6vfc8q4ztfTEaEetZU6K0tbsF72l28QGE6yctZD91i7qOLjK53u5hEX7N/s6AR
Q2MEpWte6+3NuAWngBp65d59oCLNsm5WRuVbynxS0m743bX9yAhPSPe5gRxsTMS1
7ebusKl1CDsJ65uUc8QtmYZg2lPL+em/cvhny8h6/xYYg+YFWlJ7X2/bKnp1EPZK
6PVCd9qG8hucQq1kRpsbfCrzApAsVHZJHJibNgmYD98Au7nTCLZxMq7h9IVF5uzN
AnG5yF6UWps2UlZhB3k2P5lqTHurOU1r3gcBL7+QUcD6H48x8lc=
=M9XX
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYUlAkONLKJtyKPYoAQim3A/+NC2uUI/7uZ/ffdJ2a35GT3d/xVI6v+av
NB4IXf5QfSBYVitobMiu8hTeQp5JdzvkP2YKaT5wQ4t9VYWXpVtAmOJQMI1AFhUl
b4C9wp39UCy26wteyWZYeZZk+UwdIwefJPi/+q5GysCzZwaJ1Eq1/vrYqUBmioes
ASXrH5U0/82Sscl6VQdpwCI3B4P1FJMM+vJwviIXb+P5AimXctHYLIXfU4VwF1Ct
bAgzSDmGE5gZ2RSoAVc0XjGlVIfrH1WK1fZhMYj5zwib5tufCak5/5ksCQ0SZ9IE
ogUh3g6/CbjhPa3bR/9/J97lqw/K+47RMFyOaHmeoYwUwsuR+LK7IOrpVHNIBDpu
B0ZCyGkKllAIvr3xP2YpKopbwqSdV8G+6mydN37mSWt2sERKCXA3nLt3fBNo6iVE
GcqlaBjywIN/5JKOhH8XGQjuAL/ld0az+0sKGddMjAZPmR4fibbqyl8nYk4IqeqI
yt6jPGmFx6GwA3RqShwIqu7Tn54KPZwCMMZW18elql4uFsh06WyNjz+CaBPUs39a
aobllDODOtZiMxVlZrponMcua+4NCPU9JUdorg4sLl4R8Iq/9WELYSXkcJ0DRWuX
dXHDrqy3eCUNy0eV3xF960gw2549ppqkRLAznxALyHSMmk8i5EopPdvrA+ZP1dHU
KkX3anmVFyc=
=J6d4
-----END PGP SIGNATURE-----