—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

APPLE-SA-2019-10-07-2 iTunes for Windows 12.10.1

iTunes for Windows 12.10.1 is now available and addresses the
following:

UIFoundation
Available for: Windows 7 and later
Impact: Processing a maliciously crafted text file may lead to
arbitrary code execution
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2019-8745: riusksk of VulWar Corp working with Trend Micro’s Zero
Day Initiative

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved state
management.
CVE-2019-8625: Sergei Glazunov of Google Project Zero
CVE-2019-8719: Sergei Glazunov of Google Project Zero

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2019-8707: an anonymous researcher working with Trend Micro’s
Zero Day Initiative, cc working with Trend Micro Zero Day Initiative
CVE-2019-8720: Wen Xu of SSLab at Georgia Tech
CVE-2019-8726: Jihui Lu of Tencent KeenLab
CVE-2019-8733: Sergei Glazunov of Google Project Zero
CVE-2019-8735: G. Geshev working with Trend Micro Zero Day Initiative
CVE-2019-8763: Sergei Glazunov of Google Project Zero

Additional recognition

Software Update
We would like to acknowledge Michael Gorelik (@smgoreli) of Morphisec
(morphisec.com) for their assistance.

WebKit
We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) and
Zhihua Yao of DBAPPSecurity Zion Lab for their assistance.

Installation note:

iTunes for Windows 12.10.1 may be obtained from:
https://www.apple.com/itunes/download/

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple’s Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
—–BEGIN PGP SIGNATURE—–

iQJdBAEBCABHFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl2biHQpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQBz4uGe3y0M2l2w/8
CFBwglpJCrfPpY9BoPkHRgMEWB+9hPfa3PQ5R4+OhXkT19UKFDwkhCFqgDgPS98o
e7QVX9224AIdVDK3ZiViq7O4ToFiJDOYUEu9xdMAqH3qhY7lvBbaUijs3fH6DNFQ
KhiNHhhbZyMc73p9wd03ykASA0VFwLXg0YS0SdQNlKCqKe988+87t02NlvDuVlQB
VR47deoDbeYg51HmUU2a3sD5l/IVHWan9Vzya+rCUpdUpOHTI2kow0B2+AQbZT0C
FUx0qBze8i6WE8An3E/rEJ2gz2wLpyGXDwQfNyZ/4cmyV7U6PjiYf9JIWE3T2nOm
FHZUEYvYejNqaFe0tIulsq4IqEE8f3vszKPkRkYsuFYASN/3EYVSlqoHEEpw58bm
8JvRDloxlJwIgA6hRaDalzDDRJaDOR2oWL4L0vhi+JEO57cKZb6KciUEsOX4xb7Z
6BxCVAFzz2NFn8qnVx8QHP+L5DMFioJTkyhx+hxjYpKSpygrXob1BZnwnqlP1aS0
9tjZhQx4+/lULGoh88ICJWDQDwQmyTxgWGuYj5VZ1HYjSuBzlZ7/+CZiD6dM37jS
CYSFG7xRV3bb+mHQaBmEa8pKUkpjbU8hVOcipT5kEPb2MLlakNrjtxo/VYA4aPKI
n1x9sk0QBlyxN1hI/ayKHV0JsnnXFJHArIiBTcLm/lc=
=kwOT
—–END PGP SIGNATURE—–
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (Security-announce@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/security-announce/advinp%40cert.hr

This email sent to advinp@cert.hr