what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Apple Security Advisory 2014-01-22-1

Apple Security Advisory 2014-01-22-1
Posted Jan 24, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-01-22-1 - iTunes 11.1.4 is now available and addresses multiple security issues related to content control, code execution, and more. libxml and libxslt have also been updated to address memory corruption and code execution issues.

tags | advisory, code execution
systems | apple
advisories | CVE-2011-3102, CVE-2012-0841, CVE-2012-2807, CVE-2012-2825, CVE-2012-2870, CVE-2012-2871, CVE-2012-5134, CVE-2013-1024, CVE-2013-1037, CVE-2013-1038, CVE-2013-1039, CVE-2013-1040, CVE-2013-1041, CVE-2013-1042, CVE-2013-1043, CVE-2013-1044, CVE-2013-1045, CVE-2013-1046, CVE-2013-1047, CVE-2013-2842, CVE-2013-5125, CVE-2013-5126, CVE-2013-5127, CVE-2013-5128, CVE-2014-1242
SHA-256 | 88e0818e053952a3bd2eb65f69993d1a072ba9bb5eaaa9ed5388a10cd7518e9e

Apple Security Advisory 2014-01-22-1

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2014-01-22-1 iTunes 11.1.4

iTunes 11.1.4 is now available and addresses the following:

iTunes
Available for: Mac OS X v10.6.8 or later, Windows 8, Windows 7,
Vista, XP SP2 or later
Impact: An attacker with a privileged network position may control
the contents of the iTunes Tutorials window
Description: The contents of the iTunes Tutorials window are
retrieved from the network using an unprotected HTTP connection. An
attacker with a privileged network position may inject arbitrary
contents. This issue was addressed by using an encrypted HTTPS
connection to retrieve tutorials.
CVE-ID
CVE-2014-1242 : Apple

iTunes
Available for: Windows 8, Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: An uninitialized memory access issue existed in the
handling of text tracks. This issue was addressed by additional
validation of text tracks.
CVE-ID
CVE-2013-1024 : Richard Kuo and Billy Suguitan of Triemt Corporation

iTunes
Available for: Windows 8, Windows 7, Vista, XP SP2 or later
Impact: A man-in-the-middle attack while browsing the iTunes Store
via iTunes may lead to an unexpected application termination or
arbitrary code executionn
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2013-1037 : Google Chrome Security Team
CVE-2013-1038 : Google Chrome Security Team
CVE-2013-1039 : own-hero Research working with iDefense VCP
CVE-2013-1040 : Google Chrome Security Team
CVE-2013-1041 : Google Chrome Security Team
CVE-2013-1042 : Google Chrome Security Team
CVE-2013-1043 : Google Chrome Security Team
CVE-2013-1044 : Apple
CVE-2013-1045 : Google Chrome Security Team
CVE-2013-1046 : Google Chrome Security Team
CVE-2013-1047 : miaubiz
CVE-2013-2842 : Cyril Cattiaux
CVE-2013-5125 : Google Chrome Security Team
CVE-2013-5126 : Apple
CVE-2013-5127 : Google Chrome Security Team
CVE-2013-5128 : Apple

libxml
Available for: Windows 8, Windows 7, Vista, XP SP2 or later
Impact: A man-in-the-middle attack while browsing the iTunes Store
via iTunes may lead to an unexpected application termination or
arbitrary code executionn
Description: Multiple memory corruption issues existed in libxml.
These issues were addressed by updating libxml to version 2.9.0.
CVE-ID
CVE-2011-3102 : Juri Aedla
CVE-2012-0841
CVE-2012-2807 : Juri Aedla
CVE-2012-5134 : Google Chrome Security Team (Juri Aedla)

libxslt
Available for: Windows 8, Windows 7, Vista, XP SP2 or later
Impact: A man-in-the-middle attack while browsing the iTunes Store
via iTunes may lead to an unexpected application termination or
arbitrary code executionn
Description: Multiple memory corruption issues existed in libxslt.
These issues were addressed by updating libxslt to version 1.1.28.
CVE-ID
CVE-2012-2825 : Nicolas Gregoire
CVE-2012-2870 : Nicolas Gregoire
CVE-2012-2871 : Kai Lu of Fortinet's FortiGuard Labs, Nicolas
Gregoire


iTunes 11.1.4 may be obtained from:
http://www.apple.com/itunes/download/

For OS X:
The download file is named: iTunes11.1.4.dmg
Its SHA-1 digest is: ffde4658def154edfa479696e40588e9252e7276

For Windows XP / Vista / Windows 7 / Windows 8:
The download file is named: "iTunesSetup.exe"
Its SHA-1 digest is: 3701f3e7f7c44bad05631533f2ab52e08ae0ba1f

For 64-bit Windows XP / Vista / Windows 7 / Windows 8:
The download file is named: "iTunes64Setup.exe"
Its SHA-1 digest is: fd9caee83907b9f6aa01d031f63fa9ed9be2bfab

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJS4DtWAAoJEPefwLHPlZEwEyIQAJ4B3eB18xKixTw39CTkiIf2
dQlDo2gk8ghBHTS4ZQU74OuGyEall3AgXqz/ENrrapgTT9Ej+OVtcofZIOM7IuFC
svag6TSYEkvNLbQMfhVOYvEbwc1Is56tu9huWgYpGpPrZYF0LfNyUYUd3DuWQ2de
1P2vfeowCxd9Orp2aw5w48gJkCFHcxtKpY7QSenn9ZEVKo7KM9ejwQqLWwdwwK45
koP3ovYJa61eLjth61+f85H2xkb6zB6zM5qGPwxNRknPdttabl+NNxiR93jvAoMr
8OUSMErSjxUN9HSBd+ZXtCCmK+NmYnYJk1HtIq11p4OZk8XvNVzzh3JtePAXoRjj
6xQsoC0EjxzV7aYPaje2aiY3XfuT4gLX1NI+ZnTNfy6Y3BMZ8FId1XnBESyevMXw
AowaQk6FNiz3qHNTSaJCmjMtVScu2m9OKANGexadETw2/NFMRsfHdDEf7bN8Lj85
MbPhgFW6qMKjJ15g0NW1gvvZjbJCcL6Y2LdjabWFeIJLV7gXE3lviIwMwFfQqBqN
B+w6o6PQPrGxSzSGzjIf/76qLYJjL7zenGERCHJiOH54LMITZn8db3lECY1CMUXw
lsKk4W7IeI2u43hxaYaYfSpdjF14U2CrRJSFHcyFe2oPxU26hxCax3AyHLxncPoX
eWabnIgZ1wYWZB0y8x5K
=pK6I
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close