—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

APPLE-SA-2017-03-22-1 iTunes for Windows 12.6

iTunes for Windows 12.6 is now available and addresses the following:

iTunes
Available for: Windows 7 and later
Impact: Multiple issues in SQLite
Description: Multiple issues existed in SQLite. These issues were
addressed by updating SQLite to version 3.15.2.
CVE-2013-7443
CVE-2015-3414
CVE-2015-3415
CVE-2015-3416
CVE-2015-3717
CVE-2015-6607
CVE-2016-6153

iTunes
Available for: Windows 7 and later
Impact: Multiple issues in expat
Description: Multiple issues existed in expat. These issues were
addressed by updating expat to version 2.2.0.
CVE-2009-3270
CVE-2009-3560
CVE-2009-3720
CVE-2012-1147
CVE-2012-1148
CVE-2012-6702
CVE-2015-1283
CVE-2016-0718
CVE-2016-4472
CVE-2016-5300

iTunes for Windows 12.6 may be obtained from:
https://www.apple.com/itunes/download/

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple’s Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
—–BEGIN PGP SIGNATURE—–
Comment: GPGTools – https://gpgtools.org

iQIcBAEBCgAGBQJY0q70AAoJEIOj74w0bLRGSkMP/juCil9jOd3GKb9rdLJ25wph
AzlDmTBM+u2Gl+jLP8J/K+xomx5QVPtaKRpZWqftxeSMZAZfrCje4nAStMAb2ECc
ngBsAMLpBXUAsPNDTMwVQ9I1/CdZdwQHvS65aq0Q2n8mWqpDeQwlxsK5p2+m0LhR
2D0DWirJaoRTFMLboFF76o0OwdG86EfBG6fjfL9BLFnQ/pCV2Oj93EO39likuTCj
zpHOMFJZCwedvU5/NVEQHjDSRT0NNY9rxUWPw/bK9jnN1NmweX1IO2DvA+q7vki1
AOxTZRlolIzp7VCI45vPJIl553MHcgN7AcXzY90+9GSD2ZP9NMCOuCjjFp+KiUyR
jE8jBRwDcDLglWFXQRy1NblA8HA6IL30ip66FSlpF9D6FARPHJgjtzpWpRUxJBja
GqPbdvvOGcLbKRPVoP/twbeGmZ+lu20Ywlk1OnMXcbNdipu0G80uwoHwrwdZ2l10
VvulWUGGoPc8/BSmJXf7hWJTkjGmDoaxIqT0LR1UrKmH7J3/1YXgVoWiHGy1TTLW
Irj9JvLk4/2qw6MSuqMLWR7Z2RamaLpmBl3KgP3UbHM+Kv6hBjVMQrKHX/Bgu3K8
bWnObX6misAWDGvVXIE1h77sDRS2QLZE4XakjsYM2mqAZDOriVt9nghiABlNKrHi
tgiUgDAYRJS9c71scLjv
=NyIV
—–END PGP SIGNATURE—–

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (Security-announce@lists.apple.com)

 

—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA512

 

APPLE-SA-2017-03-28-2 Additional information for

APPLE-SA-2017-03-22-1 iTunes for Windows 12.6

 

iTunes for Windows 12.6 addresses the following:

 

APNs Server

Available for:  Windows 7 and later

Impact: An attacker in a privileged network position can track a

user’s activity

Description: A client certificate was sent in plaintext. This issue

was addressed through improved certificate handling.

CVE-2017-2383: Matthias Wachs and Quirin Scheitle of Technical

University Munich (TUM)

Entry added March 28, 2017

 

iTunes

Available for:  Windows 7 and later

Impact: Multiple issues in SQLite

Description: Multiple issues existed in SQLite. These issues were

addressed by updating SQLite to version 3.15.2.

CVE-2013-7443

CVE-2015-3414

CVE-2015-3415

CVE-2015-3416

CVE-2015-3717

CVE-2015-6607

CVE-2016-6153

 

iTunes

Available for:  Windows 7 and later

Impact: Multiple issues in expat

Description: Multiple issues existed in expat. These issues were

addressed by updating expat to version 2.2.0.

CVE-2009-3270

CVE-2009-3560

CVE-2009-3720

CVE-2012-1147

CVE-2012-1148

CVE-2012-6702

CVE-2015-1283

CVE-2016-0718

CVE-2016-4472

CVE-2016-5300

 

libxslt

Available for:  Windows 7 and later

Impact: Multiple vulnerabilities in libxslt

Description: Multiple memory corruption issues were addressed through

improved memory handling.

CVE-2017-5029: Holger Fuhrmannek

Entry added March 28, 2017

 

WebKit

Available for:  Windows 7 and later

Impact: Processing maliciously crafted web content may lead to

arbitrary code execution

Description: Multiple memory corruption issues were addressed through

improved memory handling.

CVE-2017-2463: Kai Kang (4B5F5F4B) of Tencent’s Xuanwu Lab

(tencent.com) working with Trend Micro’s Zero Day Initiative

Entry added March 28, 2017

 

WebKit

Available for:  Windows 7 and later

Impact: Processing maliciously crafted web content may exfiltrate

data cross-origin

Description: A validation issue existed in element handling. This

issue was addressed through improved validation.

CVE-2017-2479: lokihardt of Google Project Zero

CVE-2017-2480: lokihardt of Google Project Zero

Entry added March 28, 2017

 

Installation note:

 

iTunes for Windows 12.6 may be obtained from:

https://www.apple.com/itunes/download/

 

Information will also be posted to the Apple Security Updates

web site: https://support.apple.com/kb/HT201222

 

This message is signed with Apple’s Product Security PGP key,

and details are available at:

https://www.apple.com/support/security/pgp/

—–BEGIN PGP SIGNATURE—–

Comment: GPGTools – http://gpgtools.org

 

iQIcBAEBCgAGBQJY2sl6AAoJEIOj74w0bLRGEMAQAJjPU9+iTIEs0o4EfazvmkXj

/zLRgzdfr1kp9Iu90U/ZxgnAO3ZUqEF/6FWy6dN3zSA7AlP7q+zFlxXqbkoJB+eX

sE+vGilHWZ8p2Qud9EikwDKCvLNn/4xYQ9Nm0jCwA14VBS1dBlOrFUlsnM9EoS9/

YKks/NSYV9jtLgKvc42SeTks62tLL5ZQGMKv+Gg0HH2Yeug2eAHGb+u5vYCHTcER

AMTKKQtr57IJyz2tg7YZGWvbKIS2690CpIyZGxpbUCKv+dNdEPsDTNHjjpzwMBtc

diSIIX8AC6T0nWbrOFtWqhhFyWk6rZAWb8RvDYYd/a6ro7hxYq8xZATBS2BJFskp

esMHBuFYgDwIeJiGaCW07UyJzyzDck7pesJeq7gqF+O5Fl6bdHN4b8rNmVtBvDom

g7tkwSE9+ZmiPUMJGF2NUWNb4+yY0OPm3Uq2kvoyXl5KGmEaFMoDnPzKIdPmE+b+

lJZUYgQSXlO6B7uz+MBx2ntH1uhIrAdKhFiePYj/lujNB3lTij5zpCOLyivdEXZw

iJHX211+FpS8VV1/dHOjgbYnvnw4wofbPN63dkYvwgwwWy7VISThXQuMqtDW/wOE

9h0me2NkZRxQ845p4MaLPqZQFi1WcU4/PbcBBb0CvBwlnonYP/YRnyQrNWx+36Fo

VkUmhXDNi0csm+QTi7ZP

=hPjT

—–END PGP SIGNATURE—–

 

 _______________________________________________

Do not post admin requests to the list. They will be ignored.

Security-announce mailing list      (Security-announce@lists.apple.com)