Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:32567
HistoryOct 25, 2015 - 12:00 a.m.

APPLE-SA-2015-10-21-5 iTunes 12.3.1

2015-10-2500:00:00
vulners.com
27

APPLE-SA-2015-10-21-5 iTunes 12.3.1

iTunes 12.3.1 is now available and addresses the following:

iTunes
Available for: Windows 7 and later
Impact: A man-in-the-middle attack while browsing the iTunes Store
via iTunes may result in unexpected application termination or
arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-5928 : Apple
CVE-2015-5929 : Apple
CVE-2015-5930 : Apple
CVE-2015-5931
CVE-2015-7002 : Apple
CVE-2015-7011 : Apple
CVE-2015-7012 : Apple
CVE-2015-7013 : Apple
CVE-2015-7014

iTunes
Available for: Windows 7 and later
Impact: Applications that use CoreText may be vulnerable to
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in the
processing of text files. These issues were addressed through
improved memory handling.
CVE-ID
CVE-2015-6975 : John Villamil (@day6reak), Yahoo Pentest Team
CVE-2015-6992 : John Villamil (@day6reak), Yahoo Pentest Team
CVE-2015-7017 : John Villamil (@day6reak), Yahoo Pentest Team

Installation note:

iTunes 12.3.1 may be obtained from:
http://www.apple.com/itunes/download/

You may also update to the latest version of iTunes via Apple
Software Update, which can be found in the Start menu.

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

Related for SECURITYVULNS:DOC:32567