Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2015.1736 iTunes 12.2 1 July 2015 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: iTunes Publisher: Apple Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2015-1154 CVE-2015-1153 CVE-2015-1152 CVE-2015-1124 CVE-2015-1122 CVE-2015-1121 CVE-2015-1120 CVE-2015-1119 CVE-2015-1083 CVE-2015-1082 CVE-2015-1081 CVE-2015-1080 CVE-2015-1079 CVE-2015-1078 CVE-2015-1077 CVE-2015-1076 CVE-2015-1075 CVE-2015-1074 CVE-2015-1073 CVE-2015-1072 CVE-2015-1071 CVE-2015-1070 CVE-2015-1069 CVE-2015-1068 CVE-2014-4479 CVE-2014-4477 CVE-2014-4476 CVE-2014-4475 CVE-2014-4474 CVE-2014-4473 CVE-2014-4472 CVE-2014-4471 CVE-2014-4470 CVE-2014-4469 CVE-2014-4468 CVE-2014-4466 CVE-2014-4459 CVE-2014-4452 CVE-2014-3192 Reference: ESB-2015.1730 ESB-2015.1247 ESB-2015.0919 ESB-2015.0918 ESB-2015.0916 ESB-2015.0659 ESB-2015.0198 ESB-2015.0197 ASB-2014.0116 ESB-2014.2287 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-06-30-6 iTunes 12.2 iTunes 12.2 is now available and addresses the following: WebKit Available for: Windows 8 and Windows 7 Impact: A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2014-3192 : cloudfuzzer CVE-2014-4452 CVE-2014-4459 CVE-2014-4466 : Apple CVE-2014-4468 : Apple CVE-2014-4469 : Apple CVE-2014-4470 : Apple CVE-2014-4471 : Apple CVE-2014-4472 : Apple CVE-2014-4473 : Apple CVE-2014-4474 : Apple CVE-2014-4475 : Apple CVE-2014-4476 : Apple CVE-2014-4477 : lokihardt@ASRT working with HP's Zero Day Initiative CVE-2014-4479 : Apple CVE-2015-1068 : Apple CVE-2015-1069 : Apple CVE-2015-1070 : Apple CVE-2015-1071 : Apple CVE-2015-1072 CVE-2015-1073 : Apple CVE-2015-1074 : Apple CVE-2015-1075 : Google Chrome Security team CVE-2015-1076 CVE-2015-1077 : Apple CVE-2015-1078 : Apple CVE-2015-1079 : Apple CVE-2015-1080 : Apple CVE-2015-1081 : Apple CVE-2015-1082 : Apple CVE-2015-1083 : Apple CVE-2015-1119 : Renata Hodovan of University of Szeged / Samsung Electronics CVE-2015-1120 : Apple CVE-2015-1121 : Apple CVE-2015-1122 : Apple CVE-2015-1124 : Apple CVE-2015-1152 CVE-2015-1153 CVE-2015-1154 iTunes 12.2 may be obtained from: http://www.apple.com/itunes/download/ Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ - -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJVkxn8AAoJEBcWfLTuOo7tYPoP/3l/dw+rYzo6GHoE0xZM/4nc 0kq2Wx+f8blymEOs6cHM7hvR4YTRc+O/QnNZXrVVxa7SqFG2dnE203sxOFyTfl6t yzN2ueA9IGC0W6c3YBo3ej1Fifi9ey25P66AParFU+7jI3Pj3mkKb1ClrFb6gCzc U743HOcnmmqSpnnXfxZPt+y2oDasweNt0guCpYYG8mcG2hzyQfSmA8EEh/Dzplv9 Nl2NGAqyG3Cj8ZDOoPIZcHYZ8h2DHl+YyczVyryo6YwadRPq54pDKDOjsDmVUkl9 YFZu99gdDK/QVudRolmj9ZjvdAi5fpJJZ0hHl7giNzo5wKCVIaTVgzjVRjXWWvRZ JwTt07sky25py+rQne62/heKfIhPwv2pNyZmSLSpQsb8+yYVKw0mX5nLmko91+yS kPOMRF5f/Ek2aYoRJ9DruVpMFs1kHIC3ynh5WQrAWkono1fU/U1Wxz2yGPuU+Jhm dghvFEjH8uHaayaeNilTKqAfxGBOpd9jKzUe3bQ8gbGNtruun0QxIUsa9DE98giu e1OtNo70kt1EznEPeAoLwhVb/jQE29OlZyhN912tvTGVjExCmIxcZQdw537yWj7C ae2Kjb4l8ni4T4ta0i1mxC/bbsHa8u/gs8DcMGGcjnbWUAJx6oOAAzY6x9SIfZqa szGbF5r4TZ5KFgMW9I6o =Vyyo - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVZNeHH6ZAP0PgtI9AQIDew//Y6YAr4bM9lXBjgdc0JfAjk31Bml6lVLt kNn6QNltbljSG/a3GTieN7uIAyk9LG3zQj+1gbooXsDK+IVKSHp6MxaPKW1haESF d4iQ+H2SbW+Oh8uYL5ffuLFcq8ksD+njxoUCmmQKhP0jZb3XBvT4vOzLjaIpdCv6 SyVFixtFiedC61myf67VgKftLYs+F6OXlnfKYAnL1d/baTW6z1k80m/0lMGDqlPr bCH5fbrfUNqf2JHuGTm8pDJl+X3gUz0n0F92Gge1EAdBdjPEJZcE7yYoaSV+wrPo 6gD3tUmrSqspG5S2eU2x65uE/AF7QxJ+Nhk/LDPsoqep6Yi+sOY8Xe4EDF3CcwZH PCXCCkavD/qjPtbUuO9imdQidQlli1A0NBtHeMp+uRGmuJDNpdjVJki/GA6HMAgI XNPzzu8EG9btATRJa2QT3KTCu4psnZ3lE/3YAnOJ+NYP2oYXHDP+TQcHjxaqtRpH ShHcP360fSRNGCvfH2rDNYGhFBqbXm85VtvgLEvpaDCCueZEFiB6YzBZBx416Gg4 Uo5wc1awrfFVk7ldfqIS46W3CfUOjNTjeGI0ns2MG+Fe+ux1drg/4uOB0UrVwYHS qeRDnhu4SnNzYMuI+o+hBkridLesXrIu5FmimUstSFnYMl69YrNFzX84qqx91oH9 lXNv6Oq7XTc= =o34m -----END PGP SIGNATURE-----