About the security content of iTunes 9.1

About the security content of iTunes 9.1

support.apple.com | Nov 17th 2011

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see "Apple Security Updates."

iTunes 9.1

  • ColorSync

    CVE-ID: CVE-2010-0040

    Available for: Windows 7, Vista, XP

    Impact: Viewing a maliciously crafted image with an embedded color profile may lead to an unexpected application termination or arbitrary code execution

    Description: An integer overflow, that could result in a heap buffer overflow, exists in the handling of images with an embedded color profile. Opening a maliciously crafted image with an embedded color profile may lead to an unexpected application termination or arbitrary code execution. The issue is addressed by performing additional validation of color profiles. This issue does not affect Mac OS X systems. Credit to Sebastien Renaud of VUPEN Vulnerability Research Team for reporting this issue.

  • ImageIO

    CVE-ID: CVE-2009-2285

    Available for: Windows 7, Vista, XP

    Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution

    Description: A buffer underflow exists in ImageIO's handling of TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.2. For Mac OS X v10.5 systems, this issue is addressed in Security Update 2010-001.

  • ImageIO

    CVE-ID: CVE-2010-0041

    Available for: Windows 7, Vista, XP

    Impact: Visiting a maliciously crafted website may result in sending data from Safari's memory to the website

    Description: An uninitialized memory access issue exists in ImageIO's handling of BMP images. Visiting a maliciously crafted website may result in sending data from Safari's memory to the website. This issue is addressed through improved memory handling and additional validation of BMP images. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.3. For Mac OS X v10.5 systems, this issue is addressed in Security Update 2010-002. Credit to Matthew 'j00ru' Jurczyk of Hispasec for reporting this issue.

  • ImageIO

    CVE-ID: CVE-2010-0042

    Available for: Windows 7, Vista, XP

    Impact: Visiting a maliciously crafted website may result in sending data from Safari's memory to the website

    Description: An uninitialized memory access issue exists in ImageIO's handling of TIFF images. Visiting a maliciously crafted website may result in sending data from Safari's memory to the website. This issue is addressed through improved memory handling and additional validation of TIFF images. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.3. For Mac OS X v10.5 systems, this issue is addressed in Security Update 2010-002. Credit to Matthew 'j00ru' Jurczyk of Hispasec for reporting this issue.

  • ImageIO

    CVE-ID: CVE-2010-0043

    Available for: Windows 7, Vista, XP

    Impact: Processing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue exists in the handling of TIFF images. Processing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory handling. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.3. This issue does not affect systems prior to Mac OS X v10.6. Credit to Gus Mueller of Flying Meat for reporting this issue.

  • iTunes

    CVE-ID: CVE-2010-0531

    Available for: Mac OS X v10.4.11 or later, Mac OS X Server v10.4.11 or later, Windows 7, Vista, XP

    Impact: Importing a maliciously crafted MP4 file may lead to a denial of service

    Description: An infinite loop issue exists in the handling of MP4 files.A maliciously crafted podcast may be able to cause an infinite loop in iTunes, and prevent its operation even after it is relaunched. This issue is addressed through improved validation of MP4 files. Credit to Sojeong Hong of Sourcefire VRT for reporting this issue.

  • iTunes

    CVE-ID: CVE-2010-0532

    Available for: Windows 7, Vista, XP

    Impact: A local user may be able to obtain system privileges during iTunes installation

    Description: A privilege escalation issue exists in the iTunes for Windows installation package. During the installation process, a race condition may allow a local user to modify a file that is then executed with system privileges. The issue is addressed through improved access controls for installation files. This issue does not affect Mac OS X systems. Credit to Jason Geffner of NGSSoftware for reporting this issue.

  • iTunes

    CVE-ID: CVE-2010-1768

    Available for: Mac OS X v10.4.11 or later, Mac OS X Server v10.4.11 or later

    Impact: Syncing a mobile device may allow a local user to gain elevated privileges

    Description: An insecure file operation exists in the handling of log files for mobile devices. Syncing an iPhone, iPad, or iPod touch may allow a local user to gain the privileges of the console user. This issue is addressed through improved handling of log files. Credit to Jon Passki, and Nicolas Seriot of HEIG-VD for reporting this issue.

  • iTunes

    CVE-ID: CVE-2010-1795

    Available for: Windows 7, Vista, XP

    Impact: Opening a file in a maliciously prepared directory may lead to arbitrary code execution

    Description: A path searching issue exists in iTunes. iTunes will search for a specific DLL in the current working directory. If someone places a maliciously crafted file with a specific name in a directory, opening another file in that directory in iTunes may lead to arbitrary code execution. This issue is addressed by removing the code that uses the DLL. This issue does not affect Mac OS X systems. Credit to Simon Raner of ACROS Security for reporting this issue.

Original Page: http://pocket.co/spMyC

Shared from Pocket

^ed

Comments