Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:25847
HistoryMar 03, 2011 - 12:00 a.m.

About the security content of iTunes 10.2

2011-03-0300:00:00
vulners.com
131

About the security content of iTunes 10.2

* Last Modified: March 02, 2011
* Article: HT4554

Email this article
Print this page
Summary

This document describes the security content of iTunes 10.2.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see "Apple Security Updates."
Products Affected

iTunes 10 for Windows, Product Security, iTunes 10 for Mac
iTunes 10.2

*

  ImageIO

  Available for: Windows 7, Vista, XP SP2 or later

  Impact: Multiple vulnerabilities in libpng

  Description: libpng is updated to version 1.4.3 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. For Mac OS X v10.5 systems, this is addressed in Security Update 2010-007. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html

  CVE-ID

  CVE-2010-1205

  CVE-2010-2249

*

  ImageIO

  Available for: Windows 7, Vista, XP SP2 or later

  Impact: Viewing a maliciously crafted JPEG image may lead to an unexpected application termination or arbitrary code execution

  Description: A heap buffer overflow issue existed in ImageIO's handling of JPEG images. Viewing a maliciously crafted JPEG image may lead to an unexpected application termination or arbitrary code execution.

  CVE-ID

  CVE-2011-0170 : Andrzej Dyjak working with iDefense VCP

*

  ImageIO

  Available for: Windows 7, Vista, XP SP2 or later

  Impact: Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution

  Description: A buffer overflow existed in libTIFF's handling of JPEG encoded TIFF images. Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution.

  CVE-ID

  CVE-2011-0191 : Apple

*

  ImageIO

  Available for: Windows 7, Vista, XP SP2 or later

  Impact: Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution

  Description: A buffer overflow existed in libTIFF's handling of CCITT Group 4 encoded TIFF images. Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution.

  CVE-ID

  CVE-2011-0192 : Apple

*

  libxml

  Available for: Windows 7, Vista, XP SP2 or later

  Impact: Processing a maliciously crafted XML file may lead to an unexpected application termination or arbitrary code execution

  Description: A double free issue existed in libxml's handling of XPath expressions. Processing a maliciously crafted XML file may lead to an unexpected application termination or arbitrary code execution.

  CVE-ID

  CVE-2010-4494 : Yang Dingning of NCNIPC, Graduate University of Chinese Academy of Sciences

*

  libxml

  Available for: Windows 7, Vista, XP SP2 or later

  Impact: Processing a maliciously crafted XML file may lead to an unexpected application termination or arbitrary code execution

  Description: A memory corruption issue existed in libxml's XPath handling. Processing a maliciously crafted XML file may lead to an unexpected application termination or arbitrary code execution.

  CVE-ID

  CVE-2010-4008 : Bui Quang Minh from Bkis (www.bkis.com)

*

  WebKit

  Available for: Windows 7, Vista, XP SP2 or later

  Impact: A man-in-the-middle attack may lead to an unexpected application termination or arbitrary code execution

  Description: Multiple memory corruption issues exist in WebKit. A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution.

  CVE-ID

  CVE-2010-1824 : kuzzcc, and wushi of team509 working with TippingPoint's Zero Day Initiative

  CVE-2011-0111 : Sergey Glazunov

  CVE-2011-0112 : Yuzo Fujishima of Google Inc.

  CVE-2011-0113 : Andreas Kling of Nokia

  CVE-2011-0114 : Chris Evans of Google Chrome Security Team

  CVE-2011-0115 : J23 working with TippingPoint's Zero Day Initiative, and Emil A Eklund of Google, Inc

  CVE-2011-0116 : an anonymous researcher working with TippingPoint's Zero Day Initiative

  CVE-2011-0117 : Abhishek Arya (Inferno) of Google, Inc.

  CVE-2011-0118 : Abhishek Arya (Inferno) of Google, Inc.

  CVE-2011-0119 : Abhishek Arya (Inferno) of Google, Inc.

  CVE-2011-0120 : Abhishek Arya (Inferno) of Google, Inc.

  CVE-2011-0121 : Abhishek Arya (Inferno) of Google, Inc.

  CVE-2011-0122 : Slawomir Blazek

  CVE-2011-0123 : Abhishek Arya (Inferno) of Google, Inc.

  CVE-2011-0124 : Yuzo Fujishima of Google Inc.

  CVE-2011-0125 : Abhishek Arya (Inferno) of Google, Inc.

  CVE-2011-0126 : Mihai Parparita of Google, Inc.

  CVE-2011-0127 : Abhishek Arya (Inferno) of Google, Inc.

  CVE-2011-0128 : David Bloom

  CVE-2011-0129 : Famlam

  CVE-2011-0130 : Apple

  CVE-2011-0131 : wushi of team509

  CVE-2011-0132 : wushi of team509 working with TippingPoint's Zero Day Initiative

  CVE-2011-0133 : wushi of team509 working with TippingPoint's Zero Day Initiative

  CVE-2011-0134 : Jan Tosovsky

  CVE-2011-0135 : an anonymous reporter

  CVE-2011-0136 : Sergey Glazunov

  CVE-2011-0137 : Sergey Glazunov

  CVE-2011-0138 : kuzzcc

  CVE-2011-0139 : kuzzcc

  CVE-2011-0140 : Sergey Glazunov

  CVE-2011-0141 : Chris Rohlf of Matasano Security

  CVE-2011-0142 : Abhishek Arya (Inferno) of Google, Inc.

  CVE-2011-0143 : Slawomir Blazek and Sergey Glazunov

  CVE-2011-0144 : Emil A Eklund of Google, Inc.

  CVE-2011-0145 : Abhishek Arya (Inferno) of Google, Inc.

  CVE-2011-0146 : Abhishek Arya (Inferno) of Google, Inc.

  CVE-2011-0147 : Dirk Schulze

  CVE-2011-0148 : Michal Zalewski of Google, Inc.

  CVE-2011-0149 : wushi of team509 working with TippingPoint's Zero Day Initiative, and SkyLined of Google Chrome Security Team

  CVE-2011-0150 : Michael Gundlach of safariadblock.com

  CVE-2011-0151 : Abhishek Arya (Inferno) of Google, Inc.

  CVE-2011-0152 : SkyLined of Google Chrome Security Team

  CVE-2011-0153 : Abhishek Arya (Inferno) of Google, Inc.

  CVE-2011-0154 : an anonymous researcher working with TippingPoint's Zero Day Initiative

  CVE-2011-0155 : Aki Helin of OUSPG

  CVE-2011-0156 : Abhishek Arya (Inferno) of Google, Inc.

  CVE-2011-0164 : Apple

  CVE-2011-0165 : Sergey Glazunov

  CVE-2011-0168 : Sergey Glazunov
Related for SECURITYVULNS:DOC:25847