—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512
APPLE-SA-2017-03-22-1 iTunes for Windows 12.6
iTunes for Windows 12.6 is now available and addresses the following:
iTunes
Available for: Windows 7 and later
Impact: Multiple issues in SQLite
Description: Multiple issues existed in SQLite. These issues were
addressed by updating SQLite to version 3.15.2.
CVE-2013-7443
CVE-2015-3414
CVE-2015-3415
CVE-2015-3416
CVE-2015-3717
CVE-2015-6607
CVE-2016-6153
iTunes
Available for: Windows 7 and later
Impact: Multiple issues in expat
Description: Multiple issues existed in expat. These issues were
addressed by updating expat to version 2.2.0.
CVE-2009-3270
CVE-2009-3560
CVE-2009-3720
CVE-2012-1147
CVE-2012-1148
CVE-2012-6702
CVE-2015-1283
CVE-2016-0718
CVE-2016-4472
CVE-2016-5300
iTunes for Windows 12.6 may be obtained from:
https://www.apple.com/itunes/download/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple’s Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
—–BEGIN PGP SIGNATURE—–
Comment: GPGTools – https://gpgtools.org
iQIcBAEBCgAGBQJY0q70AAoJEIOj74w0bLRGSkMP/juCil9jOd3GKb9rdLJ25wph
AzlDmTBM+u2Gl+jLP8J/K+xomx5QVPtaKRpZWqftxeSMZAZfrCje4nAStMAb2ECc
ngBsAMLpBXUAsPNDTMwVQ9I1/CdZdwQHvS65aq0Q2n8mWqpDeQwlxsK5p2+m0LhR
2D0DWirJaoRTFMLboFF76o0OwdG86EfBG6fjfL9BLFnQ/pCV2Oj93EO39likuTCj
zpHOMFJZCwedvU5/NVEQHjDSRT0NNY9rxUWPw/bK9jnN1NmweX1IO2DvA+q7vki1
AOxTZRlolIzp7VCI45vPJIl553MHcgN7AcXzY90+9GSD2ZP9NMCOuCjjFp+KiUyR
jE8jBRwDcDLglWFXQRy1NblA8HA6IL30ip66FSlpF9D6FARPHJgjtzpWpRUxJBja
GqPbdvvOGcLbKRPVoP/twbeGmZ+lu20Ywlk1OnMXcbNdipu0G80uwoHwrwdZ2l10
VvulWUGGoPc8/BSmJXf7hWJTkjGmDoaxIqT0LR1UrKmH7J3/1YXgVoWiHGy1TTLW
Irj9JvLk4/2qw6MSuqMLWR7Z2RamaLpmBl3KgP3UbHM+Kv6hBjVMQrKHX/Bgu3K8
bWnObX6misAWDGvVXIE1h77sDRS2QLZE4XakjsYM2mqAZDOriVt9nghiABlNKrHi
tgiUgDAYRJS9c71scLjv
=NyIV
—–END PGP SIGNATURE—–
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (Security-announce@lists.apple.com)
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512
APPLE-SA-2017-03-28-2 Additional information for
APPLE-SA-2017-03-22-1 iTunes for Windows 12.6
iTunes for Windows 12.6 addresses the following:
APNs Server
Available for: Windows 7 and later
Impact: An attacker in a privileged network position can track a
user’s activity
Description: A client certificate was sent in plaintext. This issue
was addressed through improved certificate handling.
CVE-2017-2383: Matthias Wachs and Quirin Scheitle of Technical
University Munich (TUM)
Entry added March 28, 2017
iTunes
Available for: Windows 7 and later
Impact: Multiple issues in SQLite
Description: Multiple issues existed in SQLite. These issues were
addressed by updating SQLite to version 3.15.2.
CVE-2013-7443
CVE-2015-3414
CVE-2015-3415
CVE-2015-3416
CVE-2015-3717
CVE-2015-6607
CVE-2016-6153
iTunes
Available for: Windows 7 and later
Impact: Multiple issues in expat
Description: Multiple issues existed in expat. These issues were
addressed by updating expat to version 2.2.0.
CVE-2009-3270
CVE-2009-3560
CVE-2009-3720
CVE-2012-1147
CVE-2012-1148
CVE-2012-6702
CVE-2015-1283
CVE-2016-0718
CVE-2016-4472
CVE-2016-5300
libxslt
Available for: Windows 7 and later
Impact: Multiple vulnerabilities in libxslt
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2017-5029: Holger Fuhrmannek
Entry added March 28, 2017
WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2017-2463: Kai Kang (4B5F5F4B) of Tencent’s Xuanwu Lab
(tencent.com) working with Trend Micro’s Zero Day Initiative
Entry added March 28, 2017
WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin
Description: A validation issue existed in element handling. This
issue was addressed through improved validation.
CVE-2017-2479: lokihardt of Google Project Zero
CVE-2017-2480: lokihardt of Google Project Zero
Entry added March 28, 2017
Installation note:
iTunes for Windows 12.6 may be obtained from:
https://www.apple.com/itunes/download/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple’s Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
—–BEGIN PGP SIGNATURE—–
Comment: GPGTools – http://gpgtools.org
iQIcBAEBCgAGBQJY2sl6AAoJEIOj74w0bLRGEMAQAJjPU9+iTIEs0o4EfazvmkXj
/zLRgzdfr1kp9Iu90U/ZxgnAO3ZUqEF/6FWy6dN3zSA7AlP7q+zFlxXqbkoJB+eX
sE+vGilHWZ8p2Qud9EikwDKCvLNn/4xYQ9Nm0jCwA14VBS1dBlOrFUlsnM9EoS9/
YKks/NSYV9jtLgKvc42SeTks62tLL5ZQGMKv+Gg0HH2Yeug2eAHGb+u5vYCHTcER
AMTKKQtr57IJyz2tg7YZGWvbKIS2690CpIyZGxpbUCKv+dNdEPsDTNHjjpzwMBtc
diSIIX8AC6T0nWbrOFtWqhhFyWk6rZAWb8RvDYYd/a6ro7hxYq8xZATBS2BJFskp
esMHBuFYgDwIeJiGaCW07UyJzyzDck7pesJeq7gqF+O5Fl6bdHN4b8rNmVtBvDom
g7tkwSE9+ZmiPUMJGF2NUWNb4+yY0OPm3Uq2kvoyXl5KGmEaFMoDnPzKIdPmE+b+
lJZUYgQSXlO6B7uz+MBx2ntH1uhIrAdKhFiePYj/lujNB3lTij5zpCOLyivdEXZw
iJHX211+FpS8VV1/dHOjgbYnvnw4wofbPN63dkYvwgwwWy7VISThXQuMqtDW/wOE
9h0me2NkZRxQ845p4MaLPqZQFi1WcU4/PbcBBb0CvBwlnonYP/YRnyQrNWx+36Fo
VkUmhXDNi0csm+QTi7ZP
=hPjT
—–END PGP SIGNATURE—–
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (Security-announce@lists.apple.com)
$downloadlink = get_field('download_link'); ?>