You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa iTunes

Sigurnosni nedostaci programskog paketa iTunes

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: M
  • Kategorije: WXP, WN7, VIS, APL, WN8

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

APPLE-SA-2014-10-16-6 iTunes 12.0.1

iTunes 12.0.1 is now available and addresses the following:

iTunes
Available for: Windows 8, Windows 7, Vista, XP SP2 or later
Impact: A man-in-the-middle attack while browsing the iTunes Store
via iTunes may lead to an unexpected application termination or
arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2013-2871 : miaubiz
CVE-2013-2875 : miaubiz
CVE-2013-2909 : Atte Kettunen of OUSPG
CVE-2013-2926 : cloudfuzzer
CVE-2013-2927 : cloudfuzzer
CVE-2013-2928 : Google Chrome Security Team
CVE-2013-5195 : Apple
CVE-2013-5196 : Google Chrome Security Team
CVE-2013-5197 : Google Chrome Security Team
CVE-2013-5198 : Apple
CVE-2013-5199 : Apple
CVE-2013-5225 : Google Chrome Security Team
CVE-2013-5228 : Keen Team (@K33nTeam) working with HP’s Zero Day
Initiative
CVE-2013-6625 : cloudfuzzer
CVE-2013-6635 : cloudfuzzer
CVE-2013-6663 : Atte Kettunen of OUSPG
CVE-2014-1268 : Apple
CVE-2014-1269 : Apple
CVE-2014-1270 : Apple
CVE-2014-1289 : Apple
CVE-2014-1290 : ant4g0nist (SegFault) working with HP’s Zero Day
Initiative, Google Chrome Security Team
CVE-2014-1291 : Google Chrome Security Team
CVE-2014-1292 : Google Chrome Security Team
CVE-2014-1293 : Google Chrome Security Team
CVE-2014-1294 : Google Chrome Security Team
CVE-2014-1298 : Google Chrome Security Team
CVE-2014-1299 : Google Chrome Security Team, Apple, Renata Hodovan of
University of Szeged / Samsung Electronics
CVE-2014-1300 : Ian Beer of Google Project Zero working with HP’s
Zero Day Initiative
CVE-2014-1301 : Google Chrome Security Team
CVE-2014-1302 : Google Chrome Security Team, Apple
CVE-2014-1303 : KeenTeam working with HP’s Zero Day Initiative
CVE-2014-1304 : Apple
CVE-2014-1305 : Apple
CVE-2014-1307 : Google Chrome Security Team
CVE-2014-1308 : Google Chrome Security Team
CVE-2014-1309 : cloudfuzzer
CVE-2014-1310 : Google Chrome Security Team
CVE-2014-1311 : Google Chrome Security Team
CVE-2014-1312 : Google Chrome Security Team
CVE-2014-1313 : Google Chrome Security Team
CVE-2014-1323 : banty
CVE-2014-1324 : Google Chrome Security Team
CVE-2014-1325 : Apple
CVE-2014-1326 : Apple
CVE-2014-1327 : Google Chrome Security Team, Apple
CVE-2014-1329 : Google Chrome Security Team
CVE-2014-1330 : Google Chrome Security Team
CVE-2014-1331 : cloudfuzzer
CVE-2014-1333 : Google Chrome Security Team
CVE-2014-1334 : Apple
CVE-2014-1335 : Google Chrome Security Team
CVE-2014-1336 : Apple
CVE-2014-1337 : Apple
CVE-2014-1338 : Google Chrome Security Team
CVE-2014-1339 : Atte Kettunen of OUSPG
CVE-2014-1340 : Apple
CVE-2014-1341 : Google Chrome Security Team
CVE-2014-1342 : Apple
CVE-2014-1343 : Google Chrome Security Team
CVE-2014-1344 : Ian Beer of Google Project Zero
CVE-2014-1362 : Apple, miaubiz
CVE-2014-1363 : Apple
CVE-2014-1364 : Apple
CVE-2014-1365 : Apple, Google Chrome Security Team
CVE-2014-1366 : Apple
CVE-2014-1367 : Apple
CVE-2014-1368 : Wushi of Keen Team (Research Team of Keen Cloud Tech)
CVE-2014-1382 : Renata Hodovan of University of Szeged / Samsung
Electronics
CVE-2014-1384 : Apple
CVE-2014-1385 : Apple
CVE-2014-1386 : an anonymous researcher
CVE-2014-1387 : Google Chrome Security Team
CVE-2014-1388 : Apple
CVE-2014-1389 : Apple
CVE-2014-1390 : Apple
CVE-2014-1713 : VUPEN working with HP’s Zero Day Initiative
CVE-2014-1731 : an anonymous member of the Blink development
community
CVE-2014-4410 : Eric Seidel of Google
CVE-2014-4411 : Google Chrome Security Team
CVE-2014-4412 : Apple
CVE-2014-4413 : Apple
CVE-2014-4414 : Apple
CVE-2014-4415 : Apple

iTunes 12.0.1 may be obtained from:
http://www.apple.com/itunes/download/

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple’s Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

—–BEGIN PGP SIGNATURE—–
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools – http://gpgtools.org

iQIcBAEBAgAGBQJUQCKuAAoJEBcWfLTuOo7t3cgP/RCpdvSrkHZM2SsNXSVtaCfW
auW4hMgN5s2OkYxWwiHDhnKB6dM5Jb4aC5a4j7JECUMRZ7MxIw4EgfV0SJDfRP7M
90YhewGKLaapfc6SRYl1lws+Me+OXf0tjzgBEyD+3qdhFDCCQzWh2F+rpjj4Bzbo
cWrPn454dEEvJvDRc7/U13xvbSNm94jedzZjuCDkiA8+1UFF1fWqxU1Iw8HjW1U2
KUe0Uzrpyul85shviO/nO4hnuGMT3i85ZBmTWjMhsOteLsp/ZRSHrvuKps3XM0qg
rBp8W//gFgYreMUP3m779SkCAPznmA7XnufCZBdbLJwdQBac+xdcjdQa+RdjUfXA
Fb8sDaNQm1qJVfo8kDWe6ED7MbnxbwrpKswQFN2Mft3wXLNdfdViLmQ4A3mJ+1ju
0RoR8SuoZiZrClbPW0C08i6Y4EZfVeG1lNzJQySlqg2ZhFPcrdQMyLr0mSs58ClE
19km+0fMKWzb8XJsQZkir41P5sheldAVsqtQBud2Q25xnM8LmTDuX1ywXUEvTKO8
SRAZ4EF1vvfVpHE9w/XgBzRC9J23scN1/WnzDeoVMxkz4YrvsZdV3bjJJMJ4bDs6
85hjnwYe8QFnfaZPoMcstwWQMxA8Hl4mhu3B+1PKWlT6FENpCKCCc5W5MxWrAXnp
K0B4Ue5bqvDqVL0KLkrB
=+heG
—–END PGP SIGNATURE—–

—–BEGIN PGP SIGNATURE—–
Comment: GPGTools – http://gpgtools.org

iQIcBAEBAgAGBQJUQF50AAoJEBcWfLTuOo7t8LkP/3CZgUJOdIjeGq7X8Db6Fj6s
JLn8qCKqWBLO6XJYOIVLlW7WF2NVdtcJonIKSag218hBcXthVZmyrcsdwu9hma30
5Ua1rw5gj3oxABM07kCrYpf0CYcSJYcV/RcxX1vm+EGYS/6dQKyRbHRKRPP4QSGQ
iaaM76J1oaBqP/yrAPRceL25c8dvW8wkiAt2QCW575jpJQf9MaS5n2vX/sd5POmS
n0fAHziB3BrXIl1yVljK6qq4Mg7qPaqxWV5DjuYG8RleSjYodlnhVUhv9bPcY4UN
Mjm5TxqsBFrm27xkGXxsA6Crtv3BBVvSwXbLQ53XyC1gZ8ZvdT+8mj94EzwGVYdz
2ykFR9BaPc7e1lqHK3MgbAXjofLEzNKZxwCLeyiOXE0Z7bomblluf/Zf82z1y7iu
h7LlldCKLvJiK4dBAkaMzfuvaysCYd8l2UzkvwWBHHxCWyxjSN+KrGyZbQuRQzLq
GGJtkKVu9+1X9KHB37HM4dPTy+ZgLJfAfO5yO/tJXERTcyRJDtUTtlGY7URNX+ew
JsMkFq7EVwrkFDeL/0YrW0pl34TA5hmRDI3I2x6Y/uDxmesu4so2SZlPzulJaehC
dJFqyVzWENVelywaTcWjvq8Db0hCPPYNUvqj6fRw9aGd06TN1lOZLMeOH2GVZEkw
dg2RysRt5YplvfRGu47a
=E2wp
—–END PGP SIGNATURE—–
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (Security-announce@lists.apple.com)

AutorMarko Stanec
Cert idNCERT-REF-2014-10-0020-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
Top
More in Preporuke
Sigurnosni nedostaci programskih paketa OS X Server v4.0

Otkriveni su sigurnosni nedostaci u sljedećim programskim paketima i komponentama OS X Server operativnog sustava: BIND, CoreCollaboration, Mail Service, Profile...

Close