Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2010.0287 iTunes 9.1 31 March 2010 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: iTunes Safari Publisher: Apple Operating System: Windows 7 Windows Vista Windows XP Mac OS X Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Increased Privileges -- Existing Account Denial of Service -- Existing Account Read-only Data Access -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2010-0532 CVE-2010-0531 CVE-2010-0043 CVE-2010-0042 CVE-2010-0041 CVE-2010-0040 CVE-2009-2285 Reference: ESB-2010.0282 ESB-2010.0239.2 ESB-2010.0109 ESB-2010.0052 ESB-2009.1500 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2010-03-30-2 iTunes 9.1 iTunes 9.1 is now available and addresses the following: ColorSync CVE-ID: CVE-2010-0040 Available for: Windows 7, Vista, XP Impact: Viewing a maliciously crafted image with an embedded color profile may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow, that could result in a heap buffer overflow, exists in the handling of images with an embedded color profile. Opening a maliciously crafted image with an embedded color profile may lead to an unexpected application termination or arbitrary code execution. The isssue is addressed by performing additional validation of color profiles. This issue does not affect Mac OS X systems. Credit to Sebastien Renaud of VUPEN Vulnerability Research Team for reporting this issue. ImageIO CVE-ID: CVE-2009-2285 Available for: Windows 7, Vista, XP Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: A buffer underflow exists in ImageIO's handling of TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.2. For Mac OS X v10.5 systems, this issue is addressed in Security Update 2010-001. ImageIO CVE-ID: CVE-2010-0041 Available for: Windows 7, Vista, XP Impact: Visiting a maliciously crafted website may result in sending data from Safari's memory to the website Description: An uninitialized memory access issue exists in ImageIO's handling of BMP images. Visiting a maliciously crafted website may result in sending data from Safari's memory to the website. This issue is addressed through improved memory handling and additional validation of BMP images. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.3. For Mac OS X v10.5 systems, this issue is addressed in Security Update 2010-002. Credit to Matthew 'j00ru' Jurczyk of Hispasec for reporting this issue. ImageIO CVE-ID: CVE-2010-0042 Available for: Windows 7, Vista, XP Impact: Visiting a maliciously crafted website may result in sending data from Safari's memory to the website Description: An uninitialized memory access issue exists in ImageIO's handling of TIFF images. Visiting a maliciously crafted website may result in sending data from Safari's memory to the website. This issue is addressed through improved memory handling and additional validation of TIFF images. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.3. For Mac OS X v10.5 systems, this issue is addressed in Security Update 2010-002. Credit to Matthew 'j00ru' Jurczyk of Hispasec for reporting this issue. ImageIO CVE-ID: CVE-2010-0043 Available for: Windows 7, Vista, XP Impact: Processing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue exists in the handling of TIFF images. Processing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory handling. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.3. This issue does not affect systems prior to Mac OS X v10.6. Credit to Gus Mueller of Flying Meat for reporting this issue. iTunes CVE-ID: CVE-2010-0531 Available for: Mac OS X v10.4.11 or later, Mac OS X Server v10.4.11 or later, Windows 7, Vista, XP Impact: Importing a maliciously crafted MP4 file may lead to a denial of service Description: An infinite loop issue exists in the handling of MP4 files.A maliciously crafted podcast may be able to cause an infinite loop in iTunes, and prevent its operation even after it is relaunched. This issue is addressed through improved validation of MP4 files. Credit to Sojeong Hong of Sourcefire VRT for reporting this issue. iTunes CVE-ID: CVE-2010-0532 Available for: Windows 7, Vista, XP Impact: A local user may be able to obtain system privileges during iTunes installation Description: A privilege escalation issue exists in the iTunes for Windows installation package. During the installation process, a race condition may allow a local user to modify a file that is then executed with system privileges. The issue is addressed through improved access controls for installation files. This issue does not affect Mac OS X systems. Credit to Jason Geffner of NGSSoftware for reporting this issue. iTunes 9.1 may be obtained from: http://www.apple.com/itunes/download/ For Mac OS X: The download file is named: "iTunes9.1.dmg" Its SHA-1 digest is: cbfe7da9ccc2934395e27ee99ab400c3fdea0595 For Windows XP / Vista / Windows 7: The download file is named: "iTunesSetup.exe" Its SHA-1 digest is: 80e64f3222703e5da2d613541170bcd6c300e801 For 64-bit Windows XP / Vista / Windows 7: The download file is named: "iTunes64Setup.exe" Its SHA-1 digest is: e6b5ddd1e6f21ddcf7117adec72e47701633b1cb Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ - -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (Darwin) iQEcBAEBAgAGBQJLsjCgAAoJEHkodeiKZIkBDVUH/jHMRx9MgZlhmMWB+86kA+l5 l5cJNE5ftyrChnJtPqOz0tUsA4rONwuHRjMEdSfJU9m1pNVoYA5cotkpEFYt4q/W MzzlCeMpm2BJwqGOud860igH7VTxBFlBgLAt87aE7yIo5J2y84f9PM7kq4d0FW6R sLPWC7dNhojLPRWTiuKvdEliW3i+C/KPIF0tg3Jpbbt86rR+TWbbFIVwyUvO8nTn jnnavQAnVM2Ytk8K1g71fjTzYElP5eQ6UQ/lf4dWHW4DvzQbsM3h4ria3BG/hQYB IdEVVM6z1mOsBosTz88rfOM6QYF9YkyiayC6VCQhHLC+Q31mZYu2BFr+mMbiUlY= =2dBL - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iD8DBQFLsoFd/iFOrG6YcBERAoGgAJ9Nz0S2iXjGyS4tVXaaD2NHod9pLQCeJ+qW dbIhrK9kr3R94OZYaEm1dO8= =lYVg -----END PGP SIGNATURE-----