Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2010.0287
iTunes 9.1
31 March 2010
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: iTunes
Safari
Publisher: Apple
Operating System: Windows 7
Windows Vista
Windows XP
Mac OS X
Impact/Access: Execute Arbitrary Code/Commands -- Existing Account
Increased Privileges -- Existing Account
Denial of Service -- Existing Account
Read-only Data Access -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2010-0532 CVE-2010-0531 CVE-2010-0043
CVE-2010-0042 CVE-2010-0041 CVE-2010-0040
CVE-2009-2285
Reference: ESB-2010.0282
ESB-2010.0239.2
ESB-2010.0109
ESB-2010.0052
ESB-2009.1500
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2010-03-30-2 iTunes 9.1
iTunes 9.1 is now available and addresses the following:
ColorSync
CVE-ID: CVE-2010-0040
Available for: Windows 7, Vista, XP
Impact: Viewing a maliciously crafted image with an embedded color
profile may lead to an unexpected application termination or
arbitrary code execution
Description: An integer overflow, that could result in a heap buffer
overflow, exists in the handling of images with an embedded color
profile. Opening a maliciously crafted image with an embedded color
profile may lead to an unexpected application termination or
arbitrary code execution. The isssue is addressed by performing
additional validation of color profiles. This issue does not affect
Mac OS X systems. Credit to Sebastien Renaud of VUPEN Vulnerability
Research Team for reporting this issue.
ImageIO
CVE-ID: CVE-2009-2285
Available for: Windows 7, Vista, XP
Impact: Viewing a maliciously crafted TIFF image may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer underflow exists in ImageIO's handling of TIFF
images. Viewing a maliciously crafted TIFF image may lead to an
unexpected application termination or arbitrary code execution. This
issue is addressed through improved bounds checking. For Mac OS X
v10.6 systems, this issue is addressed in Mac OS X v10.6.2. For Mac
OS X v10.5 systems, this issue is addressed in Security Update
2010-001.
ImageIO
CVE-ID: CVE-2010-0041
Available for: Windows 7, Vista, XP
Impact: Visiting a maliciously crafted website may result in sending
data from Safari's memory to the website
Description: An uninitialized memory access issue exists in
ImageIO's handling of BMP images. Visiting a maliciously crafted
website may result in sending data from Safari's memory to the
website. This issue is addressed through improved memory handling and
additional validation of BMP images. For Mac OS X v10.6 systems, this
issue is addressed in Mac OS X v10.6.3. For Mac OS X v10.5 systems,
this issue is addressed in Security Update 2010-002. Credit to
Matthew 'j00ru' Jurczyk of Hispasec for reporting this issue.
ImageIO
CVE-ID: CVE-2010-0042
Available for: Windows 7, Vista, XP
Impact: Visiting a maliciously crafted website may result in sending
data from Safari's memory to the website
Description: An uninitialized memory access issue exists in
ImageIO's handling of TIFF images. Visiting a maliciously crafted
website may result in sending data from Safari's memory to the
website. This issue is addressed through improved memory handling and
additional validation of TIFF images. For Mac OS X v10.6 systems,
this issue is addressed in Mac OS X v10.6.3. For Mac OS X v10.5
systems, this issue is addressed in Security Update 2010-002. Credit
to Matthew 'j00ru' Jurczyk of Hispasec for reporting this issue.
ImageIO
CVE-ID: CVE-2010-0043
Available for: Windows 7, Vista, XP
Impact: Processing a maliciously crafted TIFF image may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in the handling of
TIFF images. Processing a maliciously crafted TIFF image may lead to
an unexpected application termination or arbitrary code execution.
This issue is addressed through improved memory handling. For Mac OS
X v10.6 systems, this issue is addressed in Mac OS X v10.6.3. This
issue does not affect systems prior to Mac OS X v10.6. Credit to Gus
Mueller of Flying Meat for reporting this issue.
iTunes
CVE-ID: CVE-2010-0531
Available for: Mac OS X v10.4.11 or later,
Mac OS X Server v10.4.11 or later, Windows 7, Vista, XP
Impact: Importing a maliciously crafted MP4 file may lead to a
denial of service
Description: An infinite loop issue exists in the handling of MP4
files.A maliciously crafted podcast may be able to cause an infinite
loop in iTunes, and prevent its operation even after it is
relaunched. This issue is addressed through improved validation of
MP4 files. Credit to Sojeong Hong of Sourcefire VRT for reporting
this issue.
iTunes
CVE-ID: CVE-2010-0532
Available for: Windows 7, Vista, XP
Impact: A local user may be able to obtain system privileges during
iTunes installation
Description: A privilege escalation issue exists in the iTunes for
Windows installation package. During the installation process, a race
condition may allow a local user to modify a file that is then
executed with system privileges. The issue is addressed through
improved access controls for installation files. This issue does not
affect Mac OS X systems. Credit to Jason Geffner of NGSSoftware for
reporting this issue.
iTunes 9.1 may be obtained from:
http://www.apple.com/itunes/download/
For Mac OS X:
The download file is named: "iTunes9.1.dmg"
Its SHA-1 digest is: cbfe7da9ccc2934395e27ee99ab400c3fdea0595
For Windows XP / Vista / Windows 7:
The download file is named: "iTunesSetup.exe"
Its SHA-1 digest is: 80e64f3222703e5da2d613541170bcd6c300e801
For 64-bit Windows XP / Vista / Windows 7:
The download file is named: "iTunes64Setup.exe"
Its SHA-1 digest is: e6b5ddd1e6f21ddcf7117adec72e47701633b1cb
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (Darwin)
iQEcBAEBAgAGBQJLsjCgAAoJEHkodeiKZIkBDVUH/jHMRx9MgZlhmMWB+86kA+l5
l5cJNE5ftyrChnJtPqOz0tUsA4rONwuHRjMEdSfJU9m1pNVoYA5cotkpEFYt4q/W
MzzlCeMpm2BJwqGOud860igH7VTxBFlBgLAt87aE7yIo5J2y84f9PM7kq4d0FW6R
sLPWC7dNhojLPRWTiuKvdEliW3i+C/KPIF0tg3Jpbbt86rR+TWbbFIVwyUvO8nTn
jnnavQAnVM2Ytk8K1g71fjTzYElP5eQ6UQ/lf4dWHW4DvzQbsM3h4ria3BG/hQYB
IdEVVM6z1mOsBosTz88rfOM6QYF9YkyiayC6VCQhHLC+Q31mZYu2BFr+mMbiUlY=
=2dBL
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iD8DBQFLsoFd/iFOrG6YcBERAoGgAJ9Nz0S2iXjGyS4tVXaaD2NHod9pLQCeJ+qW
dbIhrK9kr3R94OZYaEm1dO8=
=lYVg
-----END PGP SIGNATURE-----