Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2015.3105 iTunes 12.3.2 14 December 2015 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: iTunes Publisher: Apple Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2015-7104 CVE-2015-7103 CVE-2015-7102 CVE-2015-7101 CVE-2015-7100 CVE-2015-7099 CVE-2015-7098 CVE-2015-7097 CVE-2015-7096 CVE-2015-7095 CVE-2015-7050 CVE-2015-7048 Reference: ESB-2015.3071 Original Bulletin: https://support.apple.com/en-au/HT205636 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2015-12-11-1 iTunes 12.3.2 iTunes 12.3.2 is now available and addresses the following: WebKit Available for: Windows 7 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2015-7048 : Apple CVE-2015-7095 : Apple CVE-2015-7096 : Apple CVE-2015-7097 : Apple CVE-2015-7098 : Apple CVE-2015-7099 : Apple CVE-2015-7100 : Apple CVE-2015-7101 : Apple CVE-2015-7102 : Apple CVE-2015-7103 : Apple CVE-2015-7104 : Apple WebKit Available for: Windows 7 and later Impact: Visiting a maliciously crafted website may reveal a user's browsing history Description: An insufficient input validation issue existed in content blocking. This issue was addressed through improved content extension parsing. CVE-ID CVE-2015-7050 : Luke Li and Jonathan Metzman - -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJWa0HxAAoJEBcWfLTuOo7tL3sP/3IMYdGz6mTS98t6/aMJx8Ew okyR8nBT2M3ALNVxTJeVxRbHc11f75x9DVJMV4Q291MRqeX3b7wHBcvoizmOM66c bWNIqRdIYVub+WWwljBuzdsPIT0d9NlY8Htz9dbwtWmTPACYNKYr9ZUO1T9ntSer WCEBRql2VlpOpr12FfpRc2I52BisIF1pVm24QmsVfgJM156lWxFAjC+i6ESOeBnd waL4T5aw7+mZuoIbUSQvVsjEo2ay5wglAvPhYDlwpEMEY+w0U0E077qr/6LiLf9B MtxIz6i/rtPD4Ak+rKLdAbAGah0nWvVPomo4KI+xS+kxlmxEQY2Q7dUzDpCmviho ZMEgjoEFAouUa+mQC0w+CSxMyO5MS5ZDoZo14DHfkB978DDBjW88xAky4Row5gjX 97ZJ/+933eYqrcNLjc74CNoTDHw22YQ9bys05qJ2FovoTu0s+qsVWhx5tEehxJLr RTvBfc/49JNTracvb/uK7ShbUc9u6qj9g5tHCgLqU6KwFj/vafF5d/lQph4gz6NQ 2xAxKCQjzS6Hqalj0xjmw51b2rxZXjXW2Q4itRa+BVbG8Eb8Frp5yzj5h/m/pS5/ 5/yMR9vYDYXN8psVrSSPhFtpCz0jloeAWsSJk5nM+ReH4sUwRyS3dV7ONfyDxtvo jIfn9cPnOmCwLLCZl2E9 =eKwE - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVm4ScX6ZAP0PgtI9AQJopQ/7BY28mo3TkpxQVnLgu4OrWm89MQCkqCgp hi7z7C9H8+cS7SlDaV6Sl/v5pZckpF4R49gf1wuDk6nZrdRUMCrReu9UL5vknUWA zHso3xjkUbljQBg50LLYWYuA052hXDBTmoMLwiUJMr1HOsLl6AgpYJFtXV5Gzndk lbT0/QX5FQf4rNeczXYjPnSAQu3KAuW+OiPXVFXOjPXlD4eOKkcEkbcoho7SLy9o H2gU8bAatsfAPea/jiZSFAmQIAJGze2+KFV7z4LUSeLfWCc/VbJx+5itxAf3/MH9 exvUr7BdWHj8j2/2ApIm2Yt4CXKH7VqTo4mRqQ8IQKDkTnd23eSm5x7KWrxIOeIA 9eKZJFatY+ZoAmBjz9Jv2JdNO3kf5hoxN9vKsNUPHLpDbUXy/h6jWJGzJAru4QZe xBK5WgzUPIPi1AkZHv5fMAn90H0gGpEupaF7XjWB+XEWU7BvLZ5JAB52mH2v9GgL RuYnLd+SULenXq4elV4bQ6tfq86C/YDfYRvoS8x6i9yXT9jgsaysnVkEyCBY+gEE iEi3CQt584Z2z2re/hiji7GdM+SAxRSJNmJEO/GD4ZvzCs9NbLfyJHdmv5cl9S8t MyTeCT1czKxRoHDJjkde+fs+yHXK7tByKfQQyTpiWDFHJNO9KNlNEulrEWQiWbOh Oruw2gLOt24= =e3dF -----END PGP SIGNATURE-----