Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2015.3105
iTunes 12.3.2
14 December 2015
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: iTunes
Publisher: Apple
Operating System: Windows
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Access Confidential Data -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2015-7104 CVE-2015-7103 CVE-2015-7102
CVE-2015-7101 CVE-2015-7100 CVE-2015-7099
CVE-2015-7098 CVE-2015-7097 CVE-2015-7096
CVE-2015-7095 CVE-2015-7050 CVE-2015-7048
Reference: ESB-2015.3071
Original Bulletin:
https://support.apple.com/en-au/HT205636
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2015-12-11-1 iTunes 12.3.2
iTunes 12.3.2 is now available and addresses the following:
WebKit
Available for: Windows 7 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-7048 : Apple
CVE-2015-7095 : Apple
CVE-2015-7096 : Apple
CVE-2015-7097 : Apple
CVE-2015-7098 : Apple
CVE-2015-7099 : Apple
CVE-2015-7100 : Apple
CVE-2015-7101 : Apple
CVE-2015-7102 : Apple
CVE-2015-7103 : Apple
CVE-2015-7104 : Apple
WebKit
Available for: Windows 7 and later
Impact: Visiting a maliciously crafted website may reveal a user's
browsing history
Description: An insufficient input validation issue existed in
content blocking. This issue was addressed through improved content
extension parsing.
CVE-ID
CVE-2015-7050 : Luke Li and Jonathan Metzman
- -----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJWa0HxAAoJEBcWfLTuOo7tL3sP/3IMYdGz6mTS98t6/aMJx8Ew
okyR8nBT2M3ALNVxTJeVxRbHc11f75x9DVJMV4Q291MRqeX3b7wHBcvoizmOM66c
bWNIqRdIYVub+WWwljBuzdsPIT0d9NlY8Htz9dbwtWmTPACYNKYr9ZUO1T9ntSer
WCEBRql2VlpOpr12FfpRc2I52BisIF1pVm24QmsVfgJM156lWxFAjC+i6ESOeBnd
waL4T5aw7+mZuoIbUSQvVsjEo2ay5wglAvPhYDlwpEMEY+w0U0E077qr/6LiLf9B
MtxIz6i/rtPD4Ak+rKLdAbAGah0nWvVPomo4KI+xS+kxlmxEQY2Q7dUzDpCmviho
ZMEgjoEFAouUa+mQC0w+CSxMyO5MS5ZDoZo14DHfkB978DDBjW88xAky4Row5gjX
97ZJ/+933eYqrcNLjc74CNoTDHw22YQ9bys05qJ2FovoTu0s+qsVWhx5tEehxJLr
RTvBfc/49JNTracvb/uK7ShbUc9u6qj9g5tHCgLqU6KwFj/vafF5d/lQph4gz6NQ
2xAxKCQjzS6Hqalj0xjmw51b2rxZXjXW2Q4itRa+BVbG8Eb8Frp5yzj5h/m/pS5/
5/yMR9vYDYXN8psVrSSPhFtpCz0jloeAWsSJk5nM+ReH4sUwRyS3dV7ONfyDxtvo
jIfn9cPnOmCwLLCZl2E9
=eKwE
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVm4ScX6ZAP0PgtI9AQJopQ/7BY28mo3TkpxQVnLgu4OrWm89MQCkqCgp
hi7z7C9H8+cS7SlDaV6Sl/v5pZckpF4R49gf1wuDk6nZrdRUMCrReu9UL5vknUWA
zHso3xjkUbljQBg50LLYWYuA052hXDBTmoMLwiUJMr1HOsLl6AgpYJFtXV5Gzndk
lbT0/QX5FQf4rNeczXYjPnSAQu3KAuW+OiPXVFXOjPXlD4eOKkcEkbcoho7SLy9o
H2gU8bAatsfAPea/jiZSFAmQIAJGze2+KFV7z4LUSeLfWCc/VbJx+5itxAf3/MH9
exvUr7BdWHj8j2/2ApIm2Yt4CXKH7VqTo4mRqQ8IQKDkTnd23eSm5x7KWrxIOeIA
9eKZJFatY+ZoAmBjz9Jv2JdNO3kf5hoxN9vKsNUPHLpDbUXy/h6jWJGzJAru4QZe
xBK5WgzUPIPi1AkZHv5fMAn90H0gGpEupaF7XjWB+XEWU7BvLZ5JAB52mH2v9GgL
RuYnLd+SULenXq4elV4bQ6tfq86C/YDfYRvoS8x6i9yXT9jgsaysnVkEyCBY+gEE
iEi3CQt584Z2z2re/hiji7GdM+SAxRSJNmJEO/GD4ZvzCs9NbLfyJHdmv5cl9S8t
MyTeCT1czKxRoHDJjkde+fs+yHXK7tByKfQQyTpiWDFHJNO9KNlNEulrEWQiWbOh
Oruw2gLOt24=
=e3dF
-----END PGP SIGNATURE-----