VARIoT IoT vulnerabilities database
| VAR-201110-0426 | CVE-2011-3219 | Apple iTunes Used in CoreMedia Vulnerable to buffer overflow |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Buffer overflow in CoreMedia, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the way Quicktime handles H.264 streams. When parsing the Sequence Parameter Set data for a H.264 stream it reads the frame cropping offset fields. When those fields contain incorrect data Quicktime will eventually write outside the buffer allocated for the movie stream. This can result in remote code execution under the context of the current user. Apple Mac OS X is prone to a buffer-overflow vulnerability that affects the CoreMedia component. Failed exploit attempts will likely result in a denial-of-service condition. A buffer overflow vulnerability exists in CoreMedia versions of Apple iTunes prior to 10.5. More details
can be found at:
http://support.apple.com/kb/HT4981
-- Disclosure Timeline:
2011-07-20 - Vulnerability reported to vendor
2011-10-26 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
* Damian Put
-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
Follow the ZDI on Twitter:
http://twitter.com/thezdi
. Apple has
released updates to address these vulnerabilities.
I. Apple has released updates to address these
vulnerabilities.
II.
III. This advisory describes any known issues related to the
updates and the specific impacts for each vulnerability.
Administrators are encouraged to note these issues and impacts and
test for any potentially adverse effects before wide-scale
deployment.
IV. Please send
email to <cert@cert.org> with "TA11-286A Feedback VU#421739" in
the subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2011 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
October 13, 2011: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBTpb8zj/GkGVXE7GMAQI21Af/SHWzIangqPW9vtuG/MQWSBMy9nG4wIZS
DUEAWBEMPTKF3fLrIy6TVpRLN3q/q4dCYXzM4lec4IzKvEbV/bUyg15xEfYdxB0v
s/vARGNwf7tjSbjo+PaHLuSZ1HLn/GLO3CXaf+ut/Kb8y9Fsir5klMgrCX/N0JkY
dLoV9R6zGs1aQzmF9ULB1IQ2/lUkg6CGnyARh0prfhRFwKfu7NZXb8yz5ex68q6V
NF6j9l+XK0Cl4K7R+0ESD4e47jLCg6iN175O8VzrlxiRvBRAyTaFycdMB4uSkmii
xu8SqU2QFhsIJy8J+i1Bb6kuWkaxAnUbxO4tRrmXoqTXl9m0CtpnWA==
=3Wp2
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach?
Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM:
http://secunia.com/products/corporate/vim/ovum_2011_request/
----------------------------------------------------------------------
TITLE:
Apple iTunes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA46339
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/46339/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=46339
RELEASE DATE:
2011-10-13
DISCUSS ADVISORY:
http://secunia.com/advisories/46339/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/46339/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46339
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Apple has reported multiple vulnerabilities in Apple iTunes, which
can be exploited by malicious people to disclose sensitive
information, manipulate certain data, conduct cross-site scripting
and spoofing attacks, bypass certain security restrictions, and
compromise a user's system.
Multiple vulnerabilities exist within the WebKit and ColorSync
components.
For more information:
SA44375 (#8)
SA45097 (#2)
SA45325
SA45498
SA45698 (#2)
SA46049 (#11)
SA46171 (#6)
1) An error in the CoreFoundation component when handling string
tokenization can be exploited to corrupt memory via a MitM
(Man-in-the-Middle) attack.
2) An error in the CoreAudio component when handling Advanced Audio
Coding (AAC) streams can be exploited to cause a buffer overflow.
4) Some errors in the WebKit component when using the
AddressSanitizer can be exploited to corrupt memory.
5) Multiple unspecified errors in the WebKit component can be
exploited to corrupt memory.
SOLUTION:
Update to version 10.5.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
1) Reported by the vendor.
The vendor also credits:
2) Luigi Auriemma via ZDI.
3) Damian Put via ZDI.
4) Cris Neckar, Adam Barth, and Abhishek Arya (Inferno), Google
Chrome Security Team.
The vendor provides a bundled list of credits for vulnerabilities in
#5:
* Cris Neckar, Google Chrome Security Team
* Abhishek Arya (Inferno), Google Chrome Security Team
* SkyLined, Google Chrome Security Team
* Raman Tenneti and Philip Rogers, Google
* Sadrul Habib Chowdhury, Chromium development community
* Cris Neckar and Abhishek Arya (Inferno), Google Chrome Security
Team
* Dimitri Glazkov, Kent Tamura, Dominic Cooney, Chromium development
community
* Martin Barbella
* Slawomir Blazek
* vkouchna
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT4981
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2011-10-26-1 QuickTime 7.7.1
QuickTime 7.7.1 is now available and addresses the following:
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in QuickTime's handling of
H.264 encoded movie files. For OS X Lion systems, this issue is
addressed in OS X Lion v10.7.2.
CVE-ID
CVE-2011-3219 : Damian Put working with TippingPoint's Zero Day
Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to the
disclosure of memory contents
Description: An uninitialized memory access issue existed in
QuickTime's handling of URL data handlers within movie files. For OS
X Lion systems, this issue is addressed in OS X Lion v10.7.2.
CVE-ID
CVE-2011-3220 : Luigi Auriemma working with TippingPoint's Zero Day
Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: An implementation issue existed in QuickTime's handling
of the atom hierarchy within a movie file. For OS X Lion systems,
this issue is addressed in OS X Lion v10.7.2.
CVE-ID
CVE-2011-3221 : an anonymous researcher working with TippingPoint's
Zero Day Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: An attacker in a privileged network position may inject
script in the local domain when viewing template HTML
Description: A cross-site scripting issue existed in QuickTime
Player's "Save for Web" export. The template HTML files generated by
this feature referenced a script file from a non-encrypted origin. An
attacker in a privileged network position may be able to inject
malicious scripts in the local domain if the user views a template
file locally. This issue is addressed by removing the reference to an
online script. This issue does not affect OS X Lion systems.
CVE-ID
CVE-2011-3218 : Aaron Sigel of vtty.com
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted FlashPix file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in QuickTime's handling of
FlashPix files. For OS X Lion systems, this issue is addressed in OS
X Lion v10.7.2.
CVE-ID
CVE-2011-3222 : Damian Put working with TippingPoint's Zero Day
Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in QuickTime's handling of
FLIC files. For OS X Lion systems, this issue is addressed in OS X
Lion v10.7.2.
CVE-ID
CVE-2011-3223 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero
Day Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in
QuickTime's handling of movie files. For OS X Lion systems, these
issues are addressed in OS X Lion v10.7.2.
CVE-ID
CVE-2011-3228 : Apple
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted PICT file may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow issue existed in the handling of
PICT files.
CVE-ID
CVE-2011-3247 : Luigi Auriemma working with TippingPoint's Zero Day
Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A signedness issue existed in the handling of font
tables embedded in QuickTime movie files.
CVE-ID
CVE-2011-3248 : Luigi Auriemma working with TippingPoint's Zero Day
Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow issue existed in the handling of FLC
encoded movie files.
CVE-ID
CVE-2011-3249 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero
Day Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow issue existed in the handling of
JPEG2000 encoded movie files.
CVE-ID
CVE-2011-3250 : Luigi Auriemma working with TippingPoint's Zero Day
Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
TKHD atoms in QuickTime movie files.
CVE-ID
CVE-2011-3251 : Damian Put working with TippingPoint's Zero Day
Initiative
QuickTime 7.7.1 may be obtained from the QuickTime Downloads site:
http://www.apple.com/quicktime/download/
The download file is named: "QuickTimeInstaller.exe"
Its SHA-1 digest is: 9bf0e5da752663d1b8d8a415f938dc2d3b04eee5
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
iQEcBAEBAgAGBQJOqH2VAAoJEGnF2JsdZQeecGQIAIY4HmK221wqZEuxnTFYZdnv
CFnX2vc1cn22XODSXQV5x38zEd5RV1X/Crh3QcG/rSmhOKxckCJG5G4cRk9dNmdu
vpaU3+cceDTWieSmgwZX0QRScqdn6+rMHzJqWnR8i1E+bfDKhB5fl4eB1IGmRnAk
W4wZvUd06pMwSKm35d7whBBsiIz0gmIGz2Ktf7ft6wObHyy0Gq/eHWZFm2/VdX1p
Z+gXnbKTsYsgSeE33IGqgbA6+yFpA41ueKqR6084n6aUWdpb7GHpTNI5v3h7Sq53
i3BxkfDIOpgHyd7/G/b1Rmmv9k6fO64GCyvvuxr6laIstfCPYqROoajx1tsFStU=
=LmVu
-----END PGP SIGNATURE-----
| VAR-201110-0344 | CVE-2011-3241 | Apple iTunes Used in WebKit Vulnerable to arbitrary code execution |
CVSS V2: 7.6 CVSS V3: - Severity: HIGH |
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. WebKit is prone to multiple unspecified remote code-execution vulnerabilities.
Attackers can exploit these issues by performing a man-in-the-middle attack. Successful attacks will result in arbitrary code execution; failed attacks may cause denial-of-service conditions. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach?
Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM:
http://secunia.com/products/corporate/vim/ovum_2011_request/
----------------------------------------------------------------------
TITLE:
Apple iTunes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA46339
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/46339/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=46339
RELEASE DATE:
2011-10-13
DISCUSS ADVISORY:
http://secunia.com/advisories/46339/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/46339/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46339
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Apple has reported multiple vulnerabilities in Apple iTunes, which
can be exploited by malicious people to disclose sensitive
information, manipulate certain data, conduct cross-site scripting
and spoofing attacks, bypass certain security restrictions, and
compromise a user's system.
For more information:
SA44375 (#8)
SA45097 (#2)
SA45325
SA45498
SA45698 (#2)
SA46049 (#11)
SA46171 (#6)
1) An error in the CoreFoundation component when handling string
tokenization can be exploited to corrupt memory via a MitM
(Man-in-the-Middle) attack.
2) An error in the CoreAudio component when handling Advanced Audio
Coding (AAC) streams can be exploited to cause a buffer overflow.
NOTE: Vulnerabilities #1 and #2 do not affect the application on OS X
Lion systems.
3) An error in the CoreMedia component when handling H.264 encoded
movie files can be exploited to cause a buffer overflow.
4) Some errors in the WebKit component when using the
AddressSanitizer can be exploited to corrupt memory.
SOLUTION:
Update to version 10.5.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
1) Reported by the vendor.
The vendor also credits:
2) Luigi Auriemma via ZDI.
3) Damian Put via ZDI.
4) Cris Neckar, Adam Barth, and Abhishek Arya (Inferno), Google
Chrome Security Team.
The vendor provides a bundled list of credits for vulnerabilities in
#5:
* Cris Neckar, Google Chrome Security Team
* Abhishek Arya (Inferno), Google Chrome Security Team
* SkyLined, Google Chrome Security Team
* Raman Tenneti and Philip Rogers, Google
* Sadrul Habib Chowdhury, Chromium development community
* Cris Neckar and Abhishek Arya (Inferno), Google Chrome Security
Team
* Dimitri Glazkov, Kent Tamura, Dominic Cooney, Chromium development
community
* Martin Barbella
* Slawomir Blazek
* vkouchna
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT4981
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201110-0342 | CVE-2011-3238 | Apple iTunes Used in WebKit Vulnerable to arbitrary code execution |
CVSS V2: 7.6 CVSS V3: - Severity: HIGH |
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. WebKit is prone to multiple unspecified remote code-execution vulnerabilities.
Attackers can exploit these issues by performing a man-in-the-middle attack. Successful attacks will result in arbitrary code execution; failed attacks may cause denial-of-service conditions. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach?
Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM:
http://secunia.com/products/corporate/vim/ovum_2011_request/
----------------------------------------------------------------------
TITLE:
Apple iTunes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA46339
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/46339/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=46339
RELEASE DATE:
2011-10-13
DISCUSS ADVISORY:
http://secunia.com/advisories/46339/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/46339/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46339
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Apple has reported multiple vulnerabilities in Apple iTunes, which
can be exploited by malicious people to disclose sensitive
information, manipulate certain data, conduct cross-site scripting
and spoofing attacks, bypass certain security restrictions, and
compromise a user's system.
For more information:
SA44375 (#8)
SA45097 (#2)
SA45325
SA45498
SA45698 (#2)
SA46049 (#11)
SA46171 (#6)
1) An error in the CoreFoundation component when handling string
tokenization can be exploited to corrupt memory via a MitM
(Man-in-the-Middle) attack.
2) An error in the CoreAudio component when handling Advanced Audio
Coding (AAC) streams can be exploited to cause a buffer overflow.
NOTE: Vulnerabilities #1 and #2 do not affect the application on OS X
Lion systems.
3) An error in the CoreMedia component when handling H.264 encoded
movie files can be exploited to cause a buffer overflow.
4) Some errors in the WebKit component when using the
AddressSanitizer can be exploited to corrupt memory.
SOLUTION:
Update to version 10.5.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
1) Reported by the vendor.
The vendor also credits:
2) Luigi Auriemma via ZDI.
3) Damian Put via ZDI.
4) Cris Neckar, Adam Barth, and Abhishek Arya (Inferno), Google
Chrome Security Team.
The vendor provides a bundled list of credits for vulnerabilities in
#5:
* Cris Neckar, Google Chrome Security Team
* Abhishek Arya (Inferno), Google Chrome Security Team
* SkyLined, Google Chrome Security Team
* Raman Tenneti and Philip Rogers, Google
* Sadrul Habib Chowdhury, Chromium development community
* Cris Neckar and Abhishek Arya (Inferno), Google Chrome Security
Team
* Dimitri Glazkov, Kent Tamura, Dominic Cooney, Chromium development
community
* Martin Barbella
* Slawomir Blazek
* vkouchna
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT4981
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201110-0340 | CVE-2011-3236 | plural Apple Used in products WebKit Service disruption in (DoS) Vulnerabilities |
CVSS V2: 7.6 CVSS V3: - Severity: HIGH |
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. WebKit is prone to multiple unspecified remote code-execution vulnerabilities.
Attackers can exploit these issues by performing a man-in-the-middle attack. Successful attacks will result in arbitrary code execution; failed attacks may cause denial-of-service conditions. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach?
Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM:
http://secunia.com/products/corporate/vim/ovum_2011_request/
----------------------------------------------------------------------
TITLE:
Apple iTunes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA46339
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/46339/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=46339
RELEASE DATE:
2011-10-13
DISCUSS ADVISORY:
http://secunia.com/advisories/46339/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/46339/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46339
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Apple has reported multiple vulnerabilities in Apple iTunes, which
can be exploited by malicious people to disclose sensitive
information, manipulate certain data, conduct cross-site scripting
and spoofing attacks, bypass certain security restrictions, and
compromise a user's system.
For more information:
SA44375 (#8)
SA45097 (#2)
SA45325
SA45498
SA45698 (#2)
SA46049 (#11)
SA46171 (#6)
1) An error in the CoreFoundation component when handling string
tokenization can be exploited to corrupt memory via a MitM
(Man-in-the-Middle) attack.
2) An error in the CoreAudio component when handling Advanced Audio
Coding (AAC) streams can be exploited to cause a buffer overflow.
NOTE: Vulnerabilities #1 and #2 do not affect the application on OS X
Lion systems.
3) An error in the CoreMedia component when handling H.264 encoded
movie files can be exploited to cause a buffer overflow.
4) Some errors in the WebKit component when using the
AddressSanitizer can be exploited to corrupt memory.
SOLUTION:
Update to version 10.5.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
1) Reported by the vendor.
The vendor also credits:
2) Luigi Auriemma via ZDI.
3) Damian Put via ZDI.
4) Cris Neckar, Adam Barth, and Abhishek Arya (Inferno), Google
Chrome Security Team.
The vendor provides a bundled list of credits for vulnerabilities in
#5:
* Cris Neckar, Google Chrome Security Team
* Abhishek Arya (Inferno), Google Chrome Security Team
* SkyLined, Google Chrome Security Team
* Raman Tenneti and Philip Rogers, Google
* Sadrul Habib Chowdhury, Chromium development community
* Cris Neckar and Abhishek Arya (Inferno), Google Chrome Security
Team
* Dimitri Glazkov, Kent Tamura, Dominic Cooney, Chromium development
community
* Martin Barbella
* Slawomir Blazek
* vkouchna
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT4981
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201110-0339 | CVE-2011-3235 | Apple iTunes Used in WebKit Vulnerable to arbitrary code execution |
CVSS V2: 7.6 CVSS V3: - Severity: HIGH |
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. WebKit is prone to multiple unspecified remote code-execution vulnerabilities.
Attackers can exploit these issues by performing a man-in-the-middle attack. Successful attacks will result in arbitrary code execution; failed attacks may cause denial-of-service conditions. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach?
Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM:
http://secunia.com/products/corporate/vim/ovum_2011_request/
----------------------------------------------------------------------
TITLE:
Apple iTunes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA46339
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/46339/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=46339
RELEASE DATE:
2011-10-13
DISCUSS ADVISORY:
http://secunia.com/advisories/46339/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/46339/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46339
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Apple has reported multiple vulnerabilities in Apple iTunes, which
can be exploited by malicious people to disclose sensitive
information, manipulate certain data, conduct cross-site scripting
and spoofing attacks, bypass certain security restrictions, and
compromise a user's system.
For more information:
SA44375 (#8)
SA45097 (#2)
SA45325
SA45498
SA45698 (#2)
SA46049 (#11)
SA46171 (#6)
1) An error in the CoreFoundation component when handling string
tokenization can be exploited to corrupt memory via a MitM
(Man-in-the-Middle) attack.
2) An error in the CoreAudio component when handling Advanced Audio
Coding (AAC) streams can be exploited to cause a buffer overflow.
NOTE: Vulnerabilities #1 and #2 do not affect the application on OS X
Lion systems.
3) An error in the CoreMedia component when handling H.264 encoded
movie files can be exploited to cause a buffer overflow.
4) Some errors in the WebKit component when using the
AddressSanitizer can be exploited to corrupt memory.
SOLUTION:
Update to version 10.5.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
1) Reported by the vendor.
The vendor also credits:
2) Luigi Auriemma via ZDI.
3) Damian Put via ZDI.
4) Cris Neckar, Adam Barth, and Abhishek Arya (Inferno), Google
Chrome Security Team.
The vendor provides a bundled list of credits for vulnerabilities in
#5:
* Cris Neckar, Google Chrome Security Team
* Abhishek Arya (Inferno), Google Chrome Security Team
* SkyLined, Google Chrome Security Team
* Raman Tenneti and Philip Rogers, Google
* Sadrul Habib Chowdhury, Chromium development community
* Cris Neckar and Abhishek Arya (Inferno), Google Chrome Security
Team
* Dimitri Glazkov, Kent Tamura, Dominic Cooney, Chromium development
community
* Martin Barbella
* Slawomir Blazek
* vkouchna
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT4981
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201110-0341 | CVE-2011-3237 | plural Apple Used in products WebKit Service disruption in (DoS) Vulnerabilities |
CVSS V2: 7.6 CVSS V3: - Severity: HIGH |
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. WebKit is prone to multiple unspecified remote code-execution vulnerabilities.
Attackers can exploit these issues by performing a man-in-the-middle attack. Successful attacks will result in arbitrary code execution; failed attacks may cause denial-of-service conditions. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. Apple has
released updates to address these vulnerabilities.
I. Apple has released updates to address these
vulnerabilities.
II. Impact
A remote, unauthenticated attacker could execute arbitrary code,
cause a denial of service, or gain unauthorized access to your
files or system.
III. This advisory describes any known issues related to the
updates and the specific impacts for each vulnerability.
Administrators are encouraged to note these issues and impacts and
test for any potentially adverse effects before wide-scale
deployment.
IV. References
* OS X Lion v10.7.2 and Security Update 2011-006 -
<http://support.apple.com/kb/HT5002>
* Mac OS X: Updating your software -
<http://support.apple.com/kb/HT1338>
____________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA11-286A.html>
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA11-286A Feedback VU#421739" in
the subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2011 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
October 13, 2011: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBTpb8zj/GkGVXE7GMAQI21Af/SHWzIangqPW9vtuG/MQWSBMy9nG4wIZS
DUEAWBEMPTKF3fLrIy6TVpRLN3q/q4dCYXzM4lec4IzKvEbV/bUyg15xEfYdxB0v
s/vARGNwf7tjSbjo+PaHLuSZ1HLn/GLO3CXaf+ut/Kb8y9Fsir5klMgrCX/N0JkY
dLoV9R6zGs1aQzmF9ULB1IQ2/lUkg6CGnyARh0prfhRFwKfu7NZXb8yz5ex68q6V
NF6j9l+XK0Cl4K7R+0ESD4e47jLCg6iN175O8VzrlxiRvBRAyTaFycdMB4uSkmii
xu8SqU2QFhsIJy8J+i1Bb6kuWkaxAnUbxO4tRrmXoqTXl9m0CtpnWA==
=3Wp2
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach?
Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM:
http://secunia.com/products/corporate/vim/ovum_2011_request/
----------------------------------------------------------------------
TITLE:
Apple iTunes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA46339
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/46339/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=46339
RELEASE DATE:
2011-10-13
DISCUSS ADVISORY:
http://secunia.com/advisories/46339/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/46339/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46339
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Apple has reported multiple vulnerabilities in Apple iTunes, which
can be exploited by malicious people to disclose sensitive
information, manipulate certain data, conduct cross-site scripting
and spoofing attacks, bypass certain security restrictions, and
compromise a user's system.
For more information:
SA44375 (#8)
SA45097 (#2)
SA45325
SA45498
SA45698 (#2)
SA46049 (#11)
SA46171 (#6)
1) An error in the CoreFoundation component when handling string
tokenization can be exploited to corrupt memory via a MitM
(Man-in-the-Middle) attack.
2) An error in the CoreAudio component when handling Advanced Audio
Coding (AAC) streams can be exploited to cause a buffer overflow.
NOTE: Vulnerabilities #1 and #2 do not affect the application on OS X
Lion systems.
3) An error in the CoreMedia component when handling H.264 encoded
movie files can be exploited to cause a buffer overflow.
4) Some errors in the WebKit component when using the
AddressSanitizer can be exploited to corrupt memory.
SOLUTION:
Update to version 10.5.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
1) Reported by the vendor.
The vendor also credits:
2) Luigi Auriemma via ZDI.
3) Damian Put via ZDI.
4) Cris Neckar, Adam Barth, and Abhishek Arya (Inferno), Google
Chrome Security Team.
The vendor provides a bundled list of credits for vulnerabilities in
#5:
* Cris Neckar, Google Chrome Security Team
* Abhishek Arya (Inferno), Google Chrome Security Team
* SkyLined, Google Chrome Security Team
* Raman Tenneti and Philip Rogers, Google
* Sadrul Habib Chowdhury, Chromium development community
* Cris Neckar and Abhishek Arya (Inferno), Google Chrome Security
Team
* Dimitri Glazkov, Kent Tamura, Dominic Cooney, Chromium development
community
* Martin Barbella
* Slawomir Blazek
* vkouchna
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT4981
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201110-0328 | CVE-2011-3233 | Apple iTunes Used in WebKit Vulnerable to arbitrary code execution |
CVSS V2: 7.6 CVSS V3: - Severity: HIGH |
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. WebKit is prone to multiple unspecified remote code-execution vulnerabilities.
Attackers can exploit these issues by performing a man-in-the-middle attack. Successful attacks will result in arbitrary code execution; failed attacks may cause denial-of-service conditions. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach?
Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM:
http://secunia.com/products/corporate/vim/ovum_2011_request/
----------------------------------------------------------------------
TITLE:
Apple iTunes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA46339
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/46339/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=46339
RELEASE DATE:
2011-10-13
DISCUSS ADVISORY:
http://secunia.com/advisories/46339/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/46339/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46339
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Apple has reported multiple vulnerabilities in Apple iTunes, which
can be exploited by malicious people to disclose sensitive
information, manipulate certain data, conduct cross-site scripting
and spoofing attacks, bypass certain security restrictions, and
compromise a user's system.
For more information:
SA44375 (#8)
SA45097 (#2)
SA45325
SA45498
SA45698 (#2)
SA46049 (#11)
SA46171 (#6)
1) An error in the CoreFoundation component when handling string
tokenization can be exploited to corrupt memory via a MitM
(Man-in-the-Middle) attack.
2) An error in the CoreAudio component when handling Advanced Audio
Coding (AAC) streams can be exploited to cause a buffer overflow.
NOTE: Vulnerabilities #1 and #2 do not affect the application on OS X
Lion systems.
3) An error in the CoreMedia component when handling H.264 encoded
movie files can be exploited to cause a buffer overflow.
4) Some errors in the WebKit component when using the
AddressSanitizer can be exploited to corrupt memory.
SOLUTION:
Update to version 10.5.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
1) Reported by the vendor.
The vendor also credits:
2) Luigi Auriemma via ZDI.
3) Damian Put via ZDI.
4) Cris Neckar, Adam Barth, and Abhishek Arya (Inferno), Google
Chrome Security Team.
The vendor provides a bundled list of credits for vulnerabilities in
#5:
* Cris Neckar, Google Chrome Security Team
* Abhishek Arya (Inferno), Google Chrome Security Team
* SkyLined, Google Chrome Security Team
* Raman Tenneti and Philip Rogers, Google
* Sadrul Habib Chowdhury, Chromium development community
* Cris Neckar and Abhishek Arya (Inferno), Google Chrome Security
Team
* Dimitri Glazkov, Kent Tamura, Dominic Cooney, Chromium development
community
* Martin Barbella
* Slawomir Blazek
* vkouchna
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT4981
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201110-0327 | CVE-2011-3244 | Apple iTunes Used in WebKit Vulnerable to arbitrary code execution |
CVSS V2: 7.6 CVSS V3: - Severity: HIGH |
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. WebKit is prone to multiple unspecified remote code-execution vulnerabilities.
Attackers can exploit these issues by performing a man-in-the-middle attack. Successful attacks will result in arbitrary code execution; failed attacks may cause denial-of-service conditions. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. A security vulnerability exists in WebKit versions of Apple iTunes prior to 10.5. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach?
Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM:
http://secunia.com/products/corporate/vim/ovum_2011_request/
----------------------------------------------------------------------
TITLE:
Apple iTunes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA46339
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/46339/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=46339
RELEASE DATE:
2011-10-13
DISCUSS ADVISORY:
http://secunia.com/advisories/46339/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/46339/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46339
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Apple has reported multiple vulnerabilities in Apple iTunes, which
can be exploited by malicious people to disclose sensitive
information, manipulate certain data, conduct cross-site scripting
and spoofing attacks, bypass certain security restrictions, and
compromise a user's system.
For more information:
SA44375 (#8)
SA45097 (#2)
SA45325
SA45498
SA45698 (#2)
SA46049 (#11)
SA46171 (#6)
1) An error in the CoreFoundation component when handling string
tokenization can be exploited to corrupt memory via a MitM
(Man-in-the-Middle) attack.
2) An error in the CoreAudio component when handling Advanced Audio
Coding (AAC) streams can be exploited to cause a buffer overflow.
NOTE: Vulnerabilities #1 and #2 do not affect the application on OS X
Lion systems.
3) An error in the CoreMedia component when handling H.264 encoded
movie files can be exploited to cause a buffer overflow.
4) Some errors in the WebKit component when using the
AddressSanitizer can be exploited to corrupt memory.
SOLUTION:
Update to version 10.5.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
1) Reported by the vendor.
The vendor also credits:
2) Luigi Auriemma via ZDI.
3) Damian Put via ZDI.
4) Cris Neckar, Adam Barth, and Abhishek Arya (Inferno), Google
Chrome Security Team.
The vendor provides a bundled list of credits for vulnerabilities in
#5:
* Cris Neckar, Google Chrome Security Team
* Abhishek Arya (Inferno), Google Chrome Security Team
* SkyLined, Google Chrome Security Team
* Raman Tenneti and Philip Rogers, Google
* Sadrul Habib Chowdhury, Chromium development community
* Cris Neckar and Abhishek Arya (Inferno), Google Chrome Security
Team
* Dimitri Glazkov, Kent Tamura, Dominic Cooney, Chromium development
community
* Martin Barbella
* Slawomir Blazek
* vkouchna
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT4981
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201110-0276 | CVE-2011-2341 | Apple iTunes Used in WebKit Vulnerable to arbitrary code execution |
CVSS V2: 7.6 CVSS V3: - Severity: HIGH |
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Attackers can exploit these issues by performing a man-in-the-middle attack. WebKit is prone to a remote code-execution vulnerability.
Attackers can exploit this issue by enticing an unsuspecting user to visit a crafted web page. Successful attacks will result in arbitrary code execution; failed attacks may cause denial-of-service conditions.
NOTE: This issue was previously covered in BID 50066 (WebKit Multiple Unspecifeid Remote Code Execution Vulnerabilities) but has been given its own record to better documenting it. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2011-10-12-4 Safari 5.1.1
Safari 5.1.1 is now available and addresses the following:
Safari
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista,
XP SP2 or later
Impact: Visiting a malicious website may cause the execution of
arbitrary Javascript in the context of installed Safari Extensions
Description: A directory traversal issue existed in the handling of
safari-extension:// URLs. Visiting a malicious website may cause
execution of arbitrary Javascript in the context of installed Safari
Extensions, which may have context-dependent ramifications including
files from the user's system being sent to a remote server.
This issue does not affect Windows systems.
CVE-ID
CVE-2011-3230 : Aaron Sigel of vtty.com
Safari
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Visiting a malicious website may lead to arbitrary code
execution
Description: An uninitialized memory access issue existed in the
handling of SSL certificates.
CVE-ID
CVE-2011-3231 : Jason Broccardo of Fermi National Accelerator
Laboratory
WebKit
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista,
XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
CVE-ID
CVE-2011-1440 : Jose A.
CVE-ID
CVE-2011-2800 : Juho Nurminen
WebKit
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista,
XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A cross-origin issue existed in the handling of the
window.open method.
CVE-ID
CVE-2011-2805 : Sergey Glazunov
WebKit
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista,
XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A cross-origin issue existed in the handling of the
document.documentURI property.
CVE-ID
CVE-2011-2819 : Sergey Glazunov
WebKit
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista,
XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A cross-origin issue existed in the handling of
inactive DOM windows.
CVE-ID
CVE-2011-3243 : Sergey Glazunov
WebKit
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.2, OS X Lion Server v10.7.2
Impact: In Private Browsing mode, cookies may be set even if "Block
cookies" is set to "Always"
Description: A logic issue existed in the handling of cookies in
Private Browsing mode. This issue does not affect Windows systems.
CVE-ID
CVE-2011-3242 : John Adamczyk
Safari 5.1.1 is available via the Apple Software Update
application, or Apple's Safari download site at:
http://www.apple.com/safari/download/
Safari for OS X Lion v10.7.2
The download file is named: Safari5.1.1Lion.dmg
Its SHA-1 digest is: 368113397d35475a0a4d0b0dbf3b31f543cfb4c5
Safari for Mac OS X v10.6.8
The download file is named: Safari5.1.1SnowLeopard.dmg
Its SHA-1 digest is: 4c588d86032ab24984b721354748f028b559fb37
Safari for Windows 7, Vista or XP
The download file is named: SafariSetup.exe
Its SHA-1 digest is: 5a2d3e0c0e601938f1d64d517e6a8199cd563d10
Safari for Windows 7, Vista or XP from the Microsoft Choice Screen
The download file is named: Safari_Setup.exe
Its SHA-1 digest is: f0094f19b7a6b0a96a4fe6407b0037223ae44b15
Safari+QuickTime for Windows 7, Vista or XP
The file is named: SafariQuickTimeSetup.exe
Its SHA-1 digest is: 3dbfe52e5be6409d0ad1fcb22e747963e10db218
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
iQEcBAEBAgAGBQJOlLv6AAoJEGnF2JsdZQeeqOUH/RWDBq5xXEegxI+N92+9lB42
J6ZBcO8rrigAhYz59ZJG0NF8VGZI0DSFI+dxC8XeoKfiamvkaZo1lYGLdqWiTkxz
6ODprWbfGVcwFd9rNeCbIc9E5FV0SRbS1xCv+JnrwR2i2raqgAEWc4CpAcH5mgqT
5G2cWhwS8EMUNXZz/C0IjkfNBAjQ2c9BHVHj0Wid5vyXutju3WOcBXwqcbTpNANI
NiVHf5ucaRep6110riIYazuCdFLCcwZDaySw2n2ZhelliTz1tpCa7uVoJfZjyeyw
xwY/QjLDBTSpUYDTPC//XG7ZswptKHFjrX4KtxD9XTltq5wNGJavJzKf2qa4jrM=
=ZXdu
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach?
Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM:
http://secunia.com/products/corporate/vim/ovum_2011_request/
----------------------------------------------------------------------
TITLE:
Apple iTunes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA46339
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/46339/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=46339
RELEASE DATE:
2011-10-13
DISCUSS ADVISORY:
http://secunia.com/advisories/46339/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/46339/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46339
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Apple has reported multiple vulnerabilities in Apple iTunes, which
can be exploited by malicious people to disclose sensitive
information, manipulate certain data, conduct cross-site scripting
and spoofing attacks, bypass certain security restrictions, and
compromise a user's system.
For more information:
SA44375 (#8)
SA45097 (#2)
SA45325
SA45498
SA45698 (#2)
SA46049 (#11)
SA46171 (#6)
1) An error in the CoreFoundation component when handling string
tokenization can be exploited to corrupt memory via a MitM
(Man-in-the-Middle) attack.
2) An error in the CoreAudio component when handling Advanced Audio
Coding (AAC) streams can be exploited to cause a buffer overflow.
NOTE: Vulnerabilities #1 and #2 do not affect the application on OS X
Lion systems.
3) An error in the CoreMedia component when handling H.264 encoded
movie files can be exploited to cause a buffer overflow.
4) Some errors in the WebKit component when using the
AddressSanitizer can be exploited to corrupt memory.
SOLUTION:
Update to version 10.5.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
1) Reported by the vendor.
The vendor also credits:
2) Luigi Auriemma via ZDI.
3) Damian Put via ZDI.
4) Cris Neckar, Adam Barth, and Abhishek Arya (Inferno), Google
Chrome Security Team.
The vendor provides a bundled list of credits for vulnerabilities in
#5:
* Cris Neckar, Google Chrome Security Team
* Abhishek Arya (Inferno), Google Chrome Security Team
* SkyLined, Google Chrome Security Team
* Raman Tenneti and Philip Rogers, Google
* Sadrul Habib Chowdhury, Chromium development community
* Cris Neckar and Abhishek Arya (Inferno), Google Chrome Security
Team
* Dimitri Glazkov, Kent Tamura, Dominic Cooney, Chromium development
community
* Martin Barbella
* Slawomir Blazek
* vkouchna
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT4981
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201110-0277 | CVE-2011-2352 | Apple iTunes Used in WebKit Vulnerable to arbitrary code execution |
CVSS V2: 7.6 CVSS V3: - Severity: HIGH |
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. WebKit is prone to multiple unspecified remote code-execution vulnerabilities.
Attackers can exploit these issues by performing a man-in-the-middle attack. Successful attacks will result in arbitrary code execution; failed attacks may cause denial-of-service conditions. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2011-10-12-4 Safari 5.1.1
Safari 5.1.1 is now available and addresses the following:
Safari
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista,
XP SP2 or later
Impact: Visiting a malicious website may cause the execution of
arbitrary Javascript in the context of installed Safari Extensions
Description: A directory traversal issue existed in the handling of
safari-extension:// URLs. Visiting a malicious website may cause
execution of arbitrary Javascript in the context of installed Safari
Extensions, which may have context-dependent ramifications including
files from the user's system being sent to a remote server.
This issue does not affect Windows systems.
CVE-ID
CVE-2011-3230 : Aaron Sigel of vtty.com
Safari
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Visiting a malicious website may lead to arbitrary code
execution
Description: An uninitialized memory access issue existed in the
handling of SSL certificates.
CVE-ID
CVE-2011-3231 : Jason Broccardo of Fermi National Accelerator
Laboratory
WebKit
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista,
XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
CVE-ID
CVE-2011-1440 : Jose A.
CVE-ID
CVE-2011-2800 : Juho Nurminen
WebKit
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista,
XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A cross-origin issue existed in the handling of the
window.open method.
CVE-ID
CVE-2011-2805 : Sergey Glazunov
WebKit
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista,
XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A cross-origin issue existed in the handling of the
document.documentURI property.
CVE-ID
CVE-2011-2819 : Sergey Glazunov
WebKit
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista,
XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A cross-origin issue existed in the handling of
inactive DOM windows.
CVE-ID
CVE-2011-3243 : Sergey Glazunov
WebKit
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.2, OS X Lion Server v10.7.2
Impact: In Private Browsing mode, cookies may be set even if "Block
cookies" is set to "Always"
Description: A logic issue existed in the handling of cookies in
Private Browsing mode. This issue does not affect Windows systems.
CVE-ID
CVE-2011-3242 : John Adamczyk
Safari 5.1.1 is available via the Apple Software Update
application, or Apple's Safari download site at:
http://www.apple.com/safari/download/
Safari for OS X Lion v10.7.2
The download file is named: Safari5.1.1Lion.dmg
Its SHA-1 digest is: 368113397d35475a0a4d0b0dbf3b31f543cfb4c5
Safari for Mac OS X v10.6.8
The download file is named: Safari5.1.1SnowLeopard.dmg
Its SHA-1 digest is: 4c588d86032ab24984b721354748f028b559fb37
Safari for Windows 7, Vista or XP
The download file is named: SafariSetup.exe
Its SHA-1 digest is: 5a2d3e0c0e601938f1d64d517e6a8199cd563d10
Safari for Windows 7, Vista or XP from the Microsoft Choice Screen
The download file is named: Safari_Setup.exe
Its SHA-1 digest is: f0094f19b7a6b0a96a4fe6407b0037223ae44b15
Safari+QuickTime for Windows 7, Vista or XP
The file is named: SafariQuickTimeSetup.exe
Its SHA-1 digest is: 3dbfe52e5be6409d0ad1fcb22e747963e10db218
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
iQEcBAEBAgAGBQJOlLv6AAoJEGnF2JsdZQeeqOUH/RWDBq5xXEegxI+N92+9lB42
J6ZBcO8rrigAhYz59ZJG0NF8VGZI0DSFI+dxC8XeoKfiamvkaZo1lYGLdqWiTkxz
6ODprWbfGVcwFd9rNeCbIc9E5FV0SRbS1xCv+JnrwR2i2raqgAEWc4CpAcH5mgqT
5G2cWhwS8EMUNXZz/C0IjkfNBAjQ2c9BHVHj0Wid5vyXutju3WOcBXwqcbTpNANI
NiVHf5ucaRep6110riIYazuCdFLCcwZDaySw2n2ZhelliTz1tpCa7uVoJfZjyeyw
xwY/QjLDBTSpUYDTPC//XG7ZswptKHFjrX4KtxD9XTltq5wNGJavJzKf2qa4jrM=
=ZXdu
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach?
Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM:
http://secunia.com/products/corporate/vim/ovum_2011_request/
----------------------------------------------------------------------
TITLE:
Apple iTunes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA46339
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/46339/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=46339
RELEASE DATE:
2011-10-13
DISCUSS ADVISORY:
http://secunia.com/advisories/46339/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/46339/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46339
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Apple has reported multiple vulnerabilities in Apple iTunes, which
can be exploited by malicious people to disclose sensitive
information, manipulate certain data, conduct cross-site scripting
and spoofing attacks, bypass certain security restrictions, and
compromise a user's system.
For more information:
SA44375 (#8)
SA45097 (#2)
SA45325
SA45498
SA45698 (#2)
SA46049 (#11)
SA46171 (#6)
1) An error in the CoreFoundation component when handling string
tokenization can be exploited to corrupt memory via a MitM
(Man-in-the-Middle) attack.
2) An error in the CoreAudio component when handling Advanced Audio
Coding (AAC) streams can be exploited to cause a buffer overflow.
NOTE: Vulnerabilities #1 and #2 do not affect the application on OS X
Lion systems.
3) An error in the CoreMedia component when handling H.264 encoded
movie files can be exploited to cause a buffer overflow.
4) Some errors in the WebKit component when using the
AddressSanitizer can be exploited to corrupt memory.
SOLUTION:
Update to version 10.5.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
1) Reported by the vendor.
The vendor also credits:
2) Luigi Auriemma via ZDI.
3) Damian Put via ZDI.
4) Cris Neckar, Adam Barth, and Abhishek Arya (Inferno), Google
Chrome Security Team.
The vendor provides a bundled list of credits for vulnerabilities in
#5:
* Cris Neckar, Google Chrome Security Team
* Abhishek Arya (Inferno), Google Chrome Security Team
* SkyLined, Google Chrome Security Team
* Raman Tenneti and Philip Rogers, Google
* Sadrul Habib Chowdhury, Chromium development community
* Cris Neckar and Abhishek Arya (Inferno), Google Chrome Security
Team
* Dimitri Glazkov, Kent Tamura, Dominic Cooney, Chromium development
community
* Martin Barbella
* Slawomir Blazek
* vkouchna
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT4981
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201110-0275 | CVE-2011-2339 | Apple iTunes Used in WebKit Vulnerable to arbitrary code execution |
CVSS V2: 7.6 CVSS V3: - Severity: HIGH |
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. WebKit is prone to multiple unspecified remote code-execution vulnerabilities.
Attackers can exploit these issues by performing a man-in-the-middle attack. Successful attacks will result in arbitrary code execution; failed attacks may cause denial-of-service conditions. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2011-10-12-4 Safari 5.1.1
Safari 5.1.1 is now available and addresses the following:
Safari
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista,
XP SP2 or later
Impact: Visiting a malicious website may cause the execution of
arbitrary Javascript in the context of installed Safari Extensions
Description: A directory traversal issue existed in the handling of
safari-extension:// URLs. Visiting a malicious website may cause
execution of arbitrary Javascript in the context of installed Safari
Extensions, which may have context-dependent ramifications including
files from the user's system being sent to a remote server.
This issue does not affect Windows systems.
CVE-ID
CVE-2011-3230 : Aaron Sigel of vtty.com
Safari
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Visiting a malicious website may lead to arbitrary code
execution
Description: An uninitialized memory access issue existed in the
handling of SSL certificates.
CVE-ID
CVE-2011-3231 : Jason Broccardo of Fermi National Accelerator
Laboratory
WebKit
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista,
XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
CVE-ID
CVE-2011-1440 : Jose A.
CVE-ID
CVE-2011-2800 : Juho Nurminen
WebKit
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista,
XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A cross-origin issue existed in the handling of the
window.open method.
CVE-ID
CVE-2011-2805 : Sergey Glazunov
WebKit
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista,
XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A cross-origin issue existed in the handling of the
document.documentURI property.
CVE-ID
CVE-2011-2819 : Sergey Glazunov
WebKit
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista,
XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A cross-origin issue existed in the handling of
inactive DOM windows.
CVE-ID
CVE-2011-3243 : Sergey Glazunov
WebKit
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.2, OS X Lion Server v10.7.2
Impact: In Private Browsing mode, cookies may be set even if "Block
cookies" is set to "Always"
Description: A logic issue existed in the handling of cookies in
Private Browsing mode. This issue does not affect Windows systems.
CVE-ID
CVE-2011-3242 : John Adamczyk
Safari 5.1.1 is available via the Apple Software Update
application, or Apple's Safari download site at:
http://www.apple.com/safari/download/
Safari for OS X Lion v10.7.2
The download file is named: Safari5.1.1Lion.dmg
Its SHA-1 digest is: 368113397d35475a0a4d0b0dbf3b31f543cfb4c5
Safari for Mac OS X v10.6.8
The download file is named: Safari5.1.1SnowLeopard.dmg
Its SHA-1 digest is: 4c588d86032ab24984b721354748f028b559fb37
Safari for Windows 7, Vista or XP
The download file is named: SafariSetup.exe
Its SHA-1 digest is: 5a2d3e0c0e601938f1d64d517e6a8199cd563d10
Safari for Windows 7, Vista or XP from the Microsoft Choice Screen
The download file is named: Safari_Setup.exe
Its SHA-1 digest is: f0094f19b7a6b0a96a4fe6407b0037223ae44b15
Safari+QuickTime for Windows 7, Vista or XP
The file is named: SafariQuickTimeSetup.exe
Its SHA-1 digest is: 3dbfe52e5be6409d0ad1fcb22e747963e10db218
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
iQEcBAEBAgAGBQJOlLv6AAoJEGnF2JsdZQeeqOUH/RWDBq5xXEegxI+N92+9lB42
J6ZBcO8rrigAhYz59ZJG0NF8VGZI0DSFI+dxC8XeoKfiamvkaZo1lYGLdqWiTkxz
6ODprWbfGVcwFd9rNeCbIc9E5FV0SRbS1xCv+JnrwR2i2raqgAEWc4CpAcH5mgqT
5G2cWhwS8EMUNXZz/C0IjkfNBAjQ2c9BHVHj0Wid5vyXutju3WOcBXwqcbTpNANI
NiVHf5ucaRep6110riIYazuCdFLCcwZDaySw2n2ZhelliTz1tpCa7uVoJfZjyeyw
xwY/QjLDBTSpUYDTPC//XG7ZswptKHFjrX4KtxD9XTltq5wNGJavJzKf2qa4jrM=
=ZXdu
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach?
Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM:
http://secunia.com/products/corporate/vim/ovum_2011_request/
----------------------------------------------------------------------
TITLE:
Apple iTunes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA46339
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/46339/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=46339
RELEASE DATE:
2011-10-13
DISCUSS ADVISORY:
http://secunia.com/advisories/46339/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/46339/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46339
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Apple has reported multiple vulnerabilities in Apple iTunes, which
can be exploited by malicious people to disclose sensitive
information, manipulate certain data, conduct cross-site scripting
and spoofing attacks, bypass certain security restrictions, and
compromise a user's system.
For more information:
SA44375 (#8)
SA45097 (#2)
SA45325
SA45498
SA45698 (#2)
SA46049 (#11)
SA46171 (#6)
1) An error in the CoreFoundation component when handling string
tokenization can be exploited to corrupt memory via a MitM
(Man-in-the-Middle) attack.
2) An error in the CoreAudio component when handling Advanced Audio
Coding (AAC) streams can be exploited to cause a buffer overflow.
NOTE: Vulnerabilities #1 and #2 do not affect the application on OS X
Lion systems.
3) An error in the CoreMedia component when handling H.264 encoded
movie files can be exploited to cause a buffer overflow.
4) Some errors in the WebKit component when using the
AddressSanitizer can be exploited to corrupt memory.
SOLUTION:
Update to version 10.5.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
1) Reported by the vendor.
The vendor also credits:
2) Luigi Auriemma via ZDI.
3) Damian Put via ZDI.
4) Cris Neckar, Adam Barth, and Abhishek Arya (Inferno), Google
Chrome Security Team.
The vendor provides a bundled list of credits for vulnerabilities in
#5:
* Cris Neckar, Google Chrome Security Team
* Abhishek Arya (Inferno), Google Chrome Security Team
* SkyLined, Google Chrome Security Team
* Raman Tenneti and Philip Rogers, Google
* Sadrul Habib Chowdhury, Chromium development community
* Cris Neckar and Abhishek Arya (Inferno), Google Chrome Security
Team
* Dimitri Glazkov, Kent Tamura, Dominic Cooney, Chromium development
community
* Martin Barbella
* Slawomir Blazek
* vkouchna
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT4981
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201110-0274 | CVE-2011-2338 | Apple iTunes Used in WebKit Vulnerable to arbitrary code execution |
CVSS V2: 7.6 CVSS V3: - Severity: HIGH |
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. WebKit is prone to multiple unspecified remote code-execution vulnerabilities.
Attackers can exploit these issues by performing a man-in-the-middle attack. Successful attacks will result in arbitrary code execution; failed attacks may cause denial-of-service conditions. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2011-10-12-4 Safari 5.1.1
Safari 5.1.1 is now available and addresses the following:
Safari
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista,
XP SP2 or later
Impact: Visiting a malicious website may cause the execution of
arbitrary Javascript in the context of installed Safari Extensions
Description: A directory traversal issue existed in the handling of
safari-extension:// URLs. Visiting a malicious website may cause
execution of arbitrary Javascript in the context of installed Safari
Extensions, which may have context-dependent ramifications including
files from the user's system being sent to a remote server.
This issue does not affect Windows systems.
CVE-ID
CVE-2011-3230 : Aaron Sigel of vtty.com
Safari
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Visiting a malicious website may lead to arbitrary code
execution
Description: An uninitialized memory access issue existed in the
handling of SSL certificates.
CVE-ID
CVE-2011-3231 : Jason Broccardo of Fermi National Accelerator
Laboratory
WebKit
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista,
XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
CVE-ID
CVE-2011-1440 : Jose A.
CVE-ID
CVE-2011-2800 : Juho Nurminen
WebKit
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista,
XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A cross-origin issue existed in the handling of the
window.open method.
CVE-ID
CVE-2011-2805 : Sergey Glazunov
WebKit
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista,
XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A cross-origin issue existed in the handling of the
document.documentURI property.
CVE-ID
CVE-2011-2819 : Sergey Glazunov
WebKit
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista,
XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A cross-origin issue existed in the handling of
inactive DOM windows.
CVE-ID
CVE-2011-3243 : Sergey Glazunov
WebKit
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.2, OS X Lion Server v10.7.2
Impact: In Private Browsing mode, cookies may be set even if "Block
cookies" is set to "Always"
Description: A logic issue existed in the handling of cookies in
Private Browsing mode. This issue does not affect Windows systems.
CVE-ID
CVE-2011-3242 : John Adamczyk
Safari 5.1.1 is available via the Apple Software Update
application, or Apple's Safari download site at:
http://www.apple.com/safari/download/
Safari for OS X Lion v10.7.2
The download file is named: Safari5.1.1Lion.dmg
Its SHA-1 digest is: 368113397d35475a0a4d0b0dbf3b31f543cfb4c5
Safari for Mac OS X v10.6.8
The download file is named: Safari5.1.1SnowLeopard.dmg
Its SHA-1 digest is: 4c588d86032ab24984b721354748f028b559fb37
Safari for Windows 7, Vista or XP
The download file is named: SafariSetup.exe
Its SHA-1 digest is: 5a2d3e0c0e601938f1d64d517e6a8199cd563d10
Safari for Windows 7, Vista or XP from the Microsoft Choice Screen
The download file is named: Safari_Setup.exe
Its SHA-1 digest is: f0094f19b7a6b0a96a4fe6407b0037223ae44b15
Safari+QuickTime for Windows 7, Vista or XP
The file is named: SafariQuickTimeSetup.exe
Its SHA-1 digest is: 3dbfe52e5be6409d0ad1fcb22e747963e10db218
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
iQEcBAEBAgAGBQJOlLv6AAoJEGnF2JsdZQeeqOUH/RWDBq5xXEegxI+N92+9lB42
J6ZBcO8rrigAhYz59ZJG0NF8VGZI0DSFI+dxC8XeoKfiamvkaZo1lYGLdqWiTkxz
6ODprWbfGVcwFd9rNeCbIc9E5FV0SRbS1xCv+JnrwR2i2raqgAEWc4CpAcH5mgqT
5G2cWhwS8EMUNXZz/C0IjkfNBAjQ2c9BHVHj0Wid5vyXutju3WOcBXwqcbTpNANI
NiVHf5ucaRep6110riIYazuCdFLCcwZDaySw2n2ZhelliTz1tpCa7uVoJfZjyeyw
xwY/QjLDBTSpUYDTPC//XG7ZswptKHFjrX4KtxD9XTltq5wNGJavJzKf2qa4jrM=
=ZXdu
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach?
Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM:
http://secunia.com/products/corporate/vim/ovum_2011_request/
----------------------------------------------------------------------
TITLE:
Apple iTunes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA46339
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/46339/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=46339
RELEASE DATE:
2011-10-13
DISCUSS ADVISORY:
http://secunia.com/advisories/46339/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/46339/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46339
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Apple has reported multiple vulnerabilities in Apple iTunes, which
can be exploited by malicious people to disclose sensitive
information, manipulate certain data, conduct cross-site scripting
and spoofing attacks, bypass certain security restrictions, and
compromise a user's system.
For more information:
SA44375 (#8)
SA45097 (#2)
SA45325
SA45498
SA45698 (#2)
SA46049 (#11)
SA46171 (#6)
1) An error in the CoreFoundation component when handling string
tokenization can be exploited to corrupt memory via a MitM
(Man-in-the-Middle) attack.
2) An error in the CoreAudio component when handling Advanced Audio
Coding (AAC) streams can be exploited to cause a buffer overflow.
NOTE: Vulnerabilities #1 and #2 do not affect the application on OS X
Lion systems.
3) An error in the CoreMedia component when handling H.264 encoded
movie files can be exploited to cause a buffer overflow.
4) Some errors in the WebKit component when using the
AddressSanitizer can be exploited to corrupt memory.
SOLUTION:
Update to version 10.5.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
1) Reported by the vendor.
The vendor also credits:
2) Luigi Auriemma via ZDI.
3) Damian Put via ZDI.
4) Cris Neckar, Adam Barth, and Abhishek Arya (Inferno), Google
Chrome Security Team.
The vendor provides a bundled list of credits for vulnerabilities in
#5:
* Cris Neckar, Google Chrome Security Team
* Abhishek Arya (Inferno), Google Chrome Security Team
* SkyLined, Google Chrome Security Team
* Raman Tenneti and Philip Rogers, Google
* Sadrul Habib Chowdhury, Chromium development community
* Cris Neckar and Abhishek Arya (Inferno), Google Chrome Security
Team
* Dimitri Glazkov, Kent Tamura, Dominic Cooney, Chromium development
community
* Martin Barbella
* Slawomir Blazek
* vkouchna
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT4981
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201110-0317 | CVE-2011-3252 | Apple iTunes Used in CoreAudio Vulnerable to buffer overflow |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Buffer overflow in CoreAudio, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Advanced Audio Coding (AAC) stream. Authentication is not required to exploit this vulnerability. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within how the application parses an audio stream encoded with the advanced audio codec. A field will be read from the file in order to calculate a length that is later used in a memory copy operation into a statically sized buffer. Successful exploitation can lead to code execution under the context of the application. Apple iTunes is prone to a buffer-overflow vulnerability that affects the CoreAudio component. Failed exploit attempts will likely result in a denial-of-service condition. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2012-02-01-1 OS X Lion v10.7.3 and Security Update 2012-001
OS X Lion v10.7.3 and Security Update 2012-001 is now available and
addresses the following:
Address Book
Available for: OS X Lion v10.7 to v10.7.2,
OS X Lion Server v10.7 to v10.7.2
Impact: An attacker in a privileged network position may intercept
CardDAV data
Description: Address Book supports Secure Sockets Layer (SSL) for
accessing CardDAV. A downgrade issue caused Address Book to attempt
an unencrypted connection if an encrypted connection failed. An
attacker in a privileged network position could abuse this behavior
to intercept CardDAV data. This issue is addressed by not downgrading
to an unencrypted connection without user approval.
CVE-ID
CVE-2011-3444 : Bernard Desruisseaux of Oracle Corporation
Apache
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact: Multiple vulnerabilities in Apache
Description: Apache is updated to version 2.2.21 to address several
vulnerabilities, the most serious of which may lead to a denial of
service. Further information is available via the Apache web site at
http://httpd.apache.org/
CVE-ID
CVE-2011-3348
Apache
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact: An attacker may be able to decrypt data protected by SSL
Description: There are known attacks on the confidentiality of SSL
3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode.
Apache disabled the 'empty fragment' countermeasure which prevented
these attacks. This issue is addressed by providing a configuration
parameter to control the countermeasure and enabling it by default.
CVE-ID
CVE-2011-3389
CFNetwork
Available for: OS X Lion v10.7 to v10.7.2,
OS X Lion Server v10.7 to v10.7.2
Impact: Visiting a maliciously crafted website may lead to the
disclosure of sensitive information
Description: An issue existed in CFNetwork's handling of malformed
URLs. When accessing a maliciously crafted URL, CFNetwork could send
the request to an incorrect origin server. This issue does not affect
systems prior to OS X Lion.
CVE-ID
CVE-2011-3246 : Erling Ellingsen of Facebook
CFNetwork
Available for: OS X Lion v10.7 to v10.7.2,
OS X Lion Server v10.7 to v10.7.2
Impact: Visiting a maliciously crafted website may lead to the
disclosure of sensitive information
Description: An issue existed in CFNetwork's handling of malformed
URLs. When accessing a maliciously crafted URL, CFNetwork could send
unexpected request headers. This issue does not affect systems prior
to OS X Lion.
CVE-ID
CVE-2011-3447 : Erling Ellingsen of Facebook
ColorSync
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Viewing a maliciously crafted image with an embedded
ColorSync profile may lead to an unexpected application termination
or arbitrary code execution
Description: An integer overflow existed in the handling of images
with an embedded ColorSync profile, which may lead to a heap buffer
overflow. This issue does not affect OS X Lion systems.
CVE-ID
CVE-2011-0200 : binaryproof working with TippingPoint's Zero Day
Initiative
CoreAudio
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Playing maliciously crafted audio content may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of AAC
encoded audio streams. This issue does not affect OS X Lion systems.
CVE-ID
CVE-2011-3252 : Luigi Auriemma working with TippingPoint's Zero Day
Initiative
CoreMedia
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow existed in CoreMedia's handling
of H.264 encoded movie files.
CVE-ID
CVE-2011-3448 : Scott Stender of iSEC Partners
CoreText
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact: Viewing or downloading a document containing a maliciously
crafted embedded font may lead to an unexpected application
termination or arbitrary code execution
Description: A use after free issue existed in the handling of font
files.
CVE-ID
CVE-2011-3449 : Will Dormann of the CERT/CC
CoreUI
Available for: OS X Lion v10.7 to v10.7.2,
OS X Lion Server v10.7 to v10.7.2
Impact: Visiting a malicious website may lead to an unexpected
application termination or arbitrary code execution
Description: An unbounded stack allocation issue existed in the
handling of long URLs. This issue does not affect systems prior to OS
X Lion.
CVE-ID
CVE-2011-3450 : Ben Syverson
curl
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact: A remote server may be able to impersonate clients via
GSSAPI requests
Description: When doing GSSAPI authentication, libcurl
unconditionally performs credential delegation. This issue is
addressed by disabling GSSAPI credential delegation.
CVE-ID
CVE-2011-2192
Data Security
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact: An attacker with a privileged network position may intercept
user credentials or other sensitive information
Description: Two certificate authorities in the list of trusted root
certificates have independently issued intermediate certificates to
DigiCert Malaysia. DigiCert Malaysia has issued certificates with
weak keys that it is unable to revoke. An attacker with a privileged
network position could intercept user credentials or other sensitive
information intended for a site with a certificate issued by DigiCert
Malaysia. This issue is addressed by configuring default system trust
settings so that DigiCert Malaysia's certificates are not trusted. We
would like to acknowledge Bruce Morton of Entrust, Inc. for reporting
this issue.
dovecot
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact: An attacker may be able to decrypt data protected by SSL
Description: There are known attacks on the confidentiality of SSL
3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode.
Dovecot disabled the 'empty fragment' countermeasure which prevented
these attacks. This issue is addressed by enabling the
countermeasure.
CVE-ID
CVE-2011-3389 : Apple
filecmds
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact: Decompressing a maliciously crafted compressed file may lead
to an unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the 'uncompress' command
line tool.
CVE-ID
CVE-2011-2895
ImageIO
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Viewing a maliciously crafted TIFF file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in ImageIO's handling of
CCITT Group 4 encoded TIFF files. This issue does not affect OS X
Lion systems.
CVE-ID
CVE-2011-0241 : Cyril CATTIAUX of Tessi Technologies
ImageIO
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact: Viewing a maliciously crafted TIFF file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in libtiff's handling of
ThunderScan encoded TIFF images. This issue is address by updating
libtiff to version 3.9.5.
CVE-ID
CVE-2011-1167
ImageIO
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact: Multiple vulnerabilities in libpng 1.5.4
Description: libpng is updated to version 1.5.5 to address multiple
vulnerabilities, the most serious of which may lead to arbitrary code
execution. Further information is available via the libpng website at
http://www.libpng.org/pub/png/libpng.html
CVE-ID
CVE-2011-3328
Internet Sharing
Available for: OS X Lion v10.7 to v10.7.2,
OS X Lion Server v10.7 to v10.7.2
Impact: A Wi-Fi network created by Internet Sharing may lose
security settings after a system update
Description: After updating to a version of OS X Lion prior to
10.7.3, the Wi-Fi configuration used by Internet Sharing may revert
to factory defaults, which disables the WEP password. This issue only
affects systems with Internet Sharing enabled and sharing the
connection to Wi-Fi. This issue is addressed by preserving the Wi-Fi
configuration during a system update.
CVE-ID
CVE-2011-3452 : an anonymous researcher
Libinfo
Available for: OS X Lion v10.7 to v10.7.2,
OS X Lion Server v10.7 to v10.7.2
Impact: Visiting a maliciously crafted website may lead to the
disclosure of sensitive information
Description: An issue existed in Libinfo's handling of hostname
lookup requests. Libinfo could return incorrect results for a
maliciously crafted hostname. This issue does not affect systems
prior to OS X Lion.
CVE-ID
CVE-2011-3441 : Erling Ellingsen of Facebook
libresolv
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact: Applications that use OS X's libresolv library may be
vulnerable to an unexpected application termination or arbitrary code
execution
Description: An integer overflow existed in the parsing of DNS
resource records, which may lead to heap memory corruption.
CVE-ID
CVE-2011-3453 : Ilja van Sprundel of IOActive
libsecurity
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact: Some EV certificates may be trusted even if the
corresponding root has been marked as untrusted
Description: The certificate code trusted a root certificate to sign
EV certificates if it was on the list of known EV issuers, even if
the user had marked it as 'Never Trust' in Keychain. The root would
not be trusted to sign non-EV certificates.
CVE-ID
CVE-2011-3422 : Alastair Houghton
OpenGL
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact: Applications that use OS X's OpenGL implementation may be
vulnerable to an unexpected application termination or arbitrary code
execution
Description: Multiple memory corruption issues existed in the
handling of GLSL compilation.
CVE-ID
CVE-2011-3457 : Chris Evans of the Google Chrome Security Team, and
Marc Schoenefeld of the Red Hat Security Response Team
PHP
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact: Multiple vulnerabilities in PHP 5.3.6
Description: PHP is updated to version 5.3.8 to address several
vulnerabilities, the most serious of which may lead to arbitrary code
execution. Further information is available via the PHP web site at
http://www.php.net
CVE-ID
CVE-2011-1148
CVE-2011-1657
CVE-2011-1938
CVE-2011-2202
CVE-2011-2483
CVE-2011-3182
CVE-2011-3189
CVE-2011-3267
CVE-2011-3268
PHP
Available for: OS X Lion v10.7 to v10.7.2,
OS X Lion Server v10.7 to v10.7.2
Impact: Viewing a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in FreeType's
handling of Type 1 fonts. This issue is addressed by updating
FreeType to version 2.4.7. Further information is available via the
FreeType site at http://www.freetype.org/
CVE-ID
CVE-2011-3256 : Apple
PHP
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact: Multiple vulnerabilities in libpng 1.5.4
Description: libpng is updated to version 1.5.5 to address multiple
vulnerabilities, the most serious of which may lead to arbitrary code
execution. Further information is available via the libpng website at
http://www.libpng.org/pub/png/libpng.html
CVE-ID
CVE-2011-3328
QuickTime
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact: Opening a maliciously crafted MP4 encoded file may lead to
an unexpected application termination or arbitrary code execution
Description: An uninitialized memory access issue existed in the
handling of MP4 encoded files.
CVE-ID
CVE-2011-3458 : Luigi Auriemma and pa_kt both working with
TippingPoint's Zero Day Initiative
QuickTime
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A signedness issue existed in the handling of font
tables embedded in QuickTime movie files.
CVE-ID
CVE-2011-3248 : Luigi Auriemma working with TippingPoint's Zero Day
Initiative
QuickTime
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: An off by one buffer overflow existed in the handling
of rdrf atoms in QuickTime movie files.
CVE-ID
CVE-2011-3459 : Luigi Auriemma working with TippingPoint's Zero Day
Initiative
QuickTime
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact: Viewing a maliciously crafted JPEG2000 image file may lead
to an unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of JPEG2000
files.
CVE-ID
CVE-2011-3250 : Luigi Auriemma working with TippingPoint's Zero Day
Initiative
QuickTime
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact: Processing a maliciously crafted PNG image may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of PNG files.
CVE-ID
CVE-2011-3460 : Luigi Auriemma working with TippingPoint's Zero Day
Initiative
QuickTime
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of FLC
encoded movie files
CVE-ID
CVE-2011-3249 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero
Day Initiative
SquirrelMail
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Multiple vulnerabilities in SquirrelMail
Description: SquirrelMail is updated to version 1.4.22 to address
several vulnerabilities, the most serious of which is a cross-site
scripting issue. This issue does not affect OS X Lion systems.
Further information is available via the SquirrelMail web site at
http://www.SquirrelMail.org/
CVE-ID
CVE-2010-1637
CVE-2010-2813
CVE-2010-4554
CVE-2010-4555
CVE-2011-2023
Subversion
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact: Accessing a Subversion repository may lead to the disclosure
of sensitive information
Description: Subversion is updated to version 1.6.17 to address
multiple vulnerabilities, the most serious of which may lead to the
disclosure of sensitive information. Further information is available
via the Subversion web site at http://subversion.tigris.org/
CVE-ID
CVE-2011-1752
CVE-2011-1783
CVE-2011-1921
Time Machine
Available for: OS X Lion v10.7 to v10.7.2,
OS X Lion Server v10.7 to v10.7.2
Impact: A remote attacker may access new backups created by the
user's system
Description: The user may designate a remote AFP volume or Time
Capsule to be used for Time Machine backups. Time Machine did not
verify that the same device was being used for subsequent backup
operations. An attacker who is able to spoof the remote volume could
gain access to new backups created by the user's system. This issue
is addressed by verifying the unique identifier associated with a
disk for backup operations.
CVE-ID
CVE-2011-3462 : Michael Roitzsch of the Technische Universitat
Dresden
Tomcat
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Multiple vulnerabilities in Tomcat 6.0.32
Description: Tomcat is updated to version 6.0.33 to address multiple
vulnerabilities, the most serious of which may lead to the disclosure
of sensitive information. Tomcat is only provided on Mac OS X Server
systems. This issue does not affect OS X Lion systems. Further
information is available via the Tomcat site at
http://tomcat.apache.org/
CVE-ID
CVE-2011-2204
WebDAV Sharing
Available for: OS X Lion Server v10.7 to v10.7.2
Impact: Local users may obtain system privileges
Description: An issue existed in WebDAV Sharing's handling of user
authentication. A user with a valid account on the server or one of
its bound directories could cause the execution of arbitrary code
with system privileges. This issue does not affect systems prior to
OS X Lion.
CVE-ID
CVE-2011-3463 : Gordon Davisson of Crywolf
Webmail
Available for: OS X Lion v10.7 to v10.7.2,
OS X Lion Server v10.7 to v10.7.2
Impact: Viewing a maliciously crafted e-mail message may lead to the
disclosure of message content
Description: A cross-site scripting vulnerability existed in the
handling of mail messages. This issue is addressed by updating
Roundcube Webmail to version 0.6. This issue does not affect systems
prior to OS X Lion. Further information is available via the
Roundcube site at http://trac.roundcube.net/
CVE-ID
CVE-2011-2937
X11
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact: Viewing a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in FreeType's
handling of Type 1 fonts. This issue is addressed by updating
FreeType to version 2.4.7. Further information is available via the
FreeType site at http://www.freetype.org/
CVE-ID
CVE-2011-3256 : Apple
OS X Lion v10.7.3 and Security Update 2012-001 may be obtained from
the Software Update pane in System Preferences, or Apple's Software
Downloads web site:
http://www.apple.com/support/downloads/
The Software Update utility will present the update that applies
to your system configuration. Only one is needed, either
Security Update 2021-001 or OS X v10.7.3.
For OS X Lion v10.7.2
The download file is named: MacOSXUpd10.7.3.dmg
Its SHA-1 digest is: 7102fe8f9f47286c45dfa35f6e84e7f730493a7c
For OS X Lion v10.7 and v10.7.1
The download file is named: MacOSXUpdCombo10.7.3.dmg
Its SHA-1 digest is: 07dfce300f6801eb63d9ac13e0bec84e1862a16c
For OS X Lion Server v10.7.2
The download file is named: MacOSXServerUpd10.7.3.dmg
Its SHA-1 digest is: 55a9571635d4ec088c142d68132d0d69fcb8867d
For OS X Lion Server v10.7 and v10.7.1
The download file is named: MacOSXServerUpdCombo10.7.3.dmg
Its SHA-1 digest is: 2c87824f09734499ea166ea0617a3ac21ecf832b
For Mac OS X v10.6.8
The download file is named: SecUpd2012-001Snow.dmg
Its SHA-1 digest is: 40875ee8cb609bbaefc8f421a9c34cc353db42b8
For Mac OS X Server v10.6.8
The download file is named: SecUpdSrvr2012-001.dmg
Its SHA-1 digest is: 53b3ca5548001a9920aeabed4a034c6e4657fe20
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
iQEcBAEBAgAGBQJPKYxNAAoJEGnF2JsdZQeeLiIIAMLhH2ipDFrhCsw/n4VDeF1V
P6jSkGXC9tBBVMvw1Xq4c2ok4SI34bDfMlURAVR+dde/h6nIZR24aLQVoDLjJuIp
RrO2dm1nQeozLJSx2NbxhVh54BucJdKp4xS1GkDNxkqcdh04RE9hRURXdKagnfGy
9P8QQPOQmKAiWos/LYhCPDInMfrpVNvEVwP8MCDP15g6hylN4De/Oyt7ZshPshSf
MnAFObfBTGX5KioVqTyfdlBkKUfdXHJux61QEFHn8eadX6+/6IuKbUvK9B0icc8E
pvbjOxQatFRps0KNWeIsKQc5i6iQoJhocAiIy6Y6LCuZQuSXCImY2RWXkVYzbWo=
=c1eU
-----END PGP SIGNATURE-----
.
-- Vendor Response:
Apple has issued an update to correct this vulnerability. More details
can be found at:
http://support.apple.com/kb/HT4981
-- Disclosure Timeline:
2011-04-11 - Vulnerability reported to vendor
2011-10-26 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
* Luigi Auriemma
-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is
used. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
Follow the ZDI on Twitter:
http://twitter.com/thezdi
. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach?
Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM:
http://secunia.com/products/corporate/vim/ovum_2011_request/
----------------------------------------------------------------------
TITLE:
Apple iTunes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA46339
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/46339/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=46339
RELEASE DATE:
2011-10-13
DISCUSS ADVISORY:
http://secunia.com/advisories/46339/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/46339/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46339
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Apple has reported multiple vulnerabilities in Apple iTunes, which
can be exploited by malicious people to disclose sensitive
information, manipulate certain data, conduct cross-site scripting
and spoofing attacks, bypass certain security restrictions, and
compromise a user's system.
Multiple vulnerabilities exist within the WebKit and ColorSync
components.
For more information:
SA44375 (#8)
SA45097 (#2)
SA45325
SA45498
SA45698 (#2)
SA46049 (#11)
SA46171 (#6)
1) An error in the CoreFoundation component when handling string
tokenization can be exploited to corrupt memory via a MitM
(Man-in-the-Middle) attack.
3) An error in the CoreMedia component when handling H.264 encoded
movie files can be exploited to cause a buffer overflow.
4) Some errors in the WebKit component when using the
AddressSanitizer can be exploited to corrupt memory.
5) Multiple unspecified errors in the WebKit component can be
exploited to corrupt memory.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
1) Reported by the vendor.
The vendor also credits:
2) Luigi Auriemma via ZDI.
3) Damian Put via ZDI.
4) Cris Neckar, Adam Barth, and Abhishek Arya (Inferno), Google
Chrome Security Team.
The vendor provides a bundled list of credits for vulnerabilities in
#5:
* Cris Neckar, Google Chrome Security Team
* Abhishek Arya (Inferno), Google Chrome Security Team
* SkyLined, Google Chrome Security Team
* Raman Tenneti and Philip Rogers, Google
* Sadrul Habib Chowdhury, Chromium development community
* Cris Neckar and Abhishek Arya (Inferno), Google Chrome Security
Team
* Dimitri Glazkov, Kent Tamura, Dominic Cooney, Chromium development
community
* Martin Barbella
* Slawomir Blazek
* vkouchna
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT4981
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201110-0241 | CVE-2011-2356 | Apple iTunes Used in WebKit Vulnerable to arbitrary code execution |
CVSS V2: 7.6 CVSS V3: - Severity: HIGH |
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. WebKit is prone to multiple unspecified remote code-execution vulnerabilities.
Attackers can exploit these issues by performing a man-in-the-middle attack. Successful attacks will result in arbitrary code execution; failed attacks may cause denial-of-service conditions. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2011-10-12-4 Safari 5.1.1
Safari 5.1.1 is now available and addresses the following:
Safari
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista,
XP SP2 or later
Impact: Visiting a malicious website may cause the execution of
arbitrary Javascript in the context of installed Safari Extensions
Description: A directory traversal issue existed in the handling of
safari-extension:// URLs. Visiting a malicious website may cause
execution of arbitrary Javascript in the context of installed Safari
Extensions, which may have context-dependent ramifications including
files from the user's system being sent to a remote server.
This issue does not affect Windows systems.
CVE-ID
CVE-2011-3230 : Aaron Sigel of vtty.com
Safari
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Visiting a malicious website may lead to arbitrary code
execution
Description: An uninitialized memory access issue existed in the
handling of SSL certificates.
CVE-ID
CVE-2011-3231 : Jason Broccardo of Fermi National Accelerator
Laboratory
WebKit
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista,
XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
CVE-ID
CVE-2011-1440 : Jose A.
CVE-ID
CVE-2011-2800 : Juho Nurminen
WebKit
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista,
XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A cross-origin issue existed in the handling of the
window.open method.
CVE-ID
CVE-2011-2805 : Sergey Glazunov
WebKit
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista,
XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A cross-origin issue existed in the handling of the
document.documentURI property.
CVE-ID
CVE-2011-2819 : Sergey Glazunov
WebKit
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista,
XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A cross-origin issue existed in the handling of
inactive DOM windows.
CVE-ID
CVE-2011-3243 : Sergey Glazunov
WebKit
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.2, OS X Lion Server v10.7.2
Impact: In Private Browsing mode, cookies may be set even if "Block
cookies" is set to "Always"
Description: A logic issue existed in the handling of cookies in
Private Browsing mode. This issue does not affect Windows systems.
CVE-ID
CVE-2011-3242 : John Adamczyk
Safari 5.1.1 is available via the Apple Software Update
application, or Apple's Safari download site at:
http://www.apple.com/safari/download/
Safari for OS X Lion v10.7.2
The download file is named: Safari5.1.1Lion.dmg
Its SHA-1 digest is: 368113397d35475a0a4d0b0dbf3b31f543cfb4c5
Safari for Mac OS X v10.6.8
The download file is named: Safari5.1.1SnowLeopard.dmg
Its SHA-1 digest is: 4c588d86032ab24984b721354748f028b559fb37
Safari for Windows 7, Vista or XP
The download file is named: SafariSetup.exe
Its SHA-1 digest is: 5a2d3e0c0e601938f1d64d517e6a8199cd563d10
Safari for Windows 7, Vista or XP from the Microsoft Choice Screen
The download file is named: Safari_Setup.exe
Its SHA-1 digest is: f0094f19b7a6b0a96a4fe6407b0037223ae44b15
Safari+QuickTime for Windows 7, Vista or XP
The file is named: SafariQuickTimeSetup.exe
Its SHA-1 digest is: 3dbfe52e5be6409d0ad1fcb22e747963e10db218
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
iQEcBAEBAgAGBQJOlLv6AAoJEGnF2JsdZQeeqOUH/RWDBq5xXEegxI+N92+9lB42
J6ZBcO8rrigAhYz59ZJG0NF8VGZI0DSFI+dxC8XeoKfiamvkaZo1lYGLdqWiTkxz
6ODprWbfGVcwFd9rNeCbIc9E5FV0SRbS1xCv+JnrwR2i2raqgAEWc4CpAcH5mgqT
5G2cWhwS8EMUNXZz/C0IjkfNBAjQ2c9BHVHj0Wid5vyXutju3WOcBXwqcbTpNANI
NiVHf5ucaRep6110riIYazuCdFLCcwZDaySw2n2ZhelliTz1tpCa7uVoJfZjyeyw
xwY/QjLDBTSpUYDTPC//XG7ZswptKHFjrX4KtxD9XTltq5wNGJavJzKf2qa4jrM=
=ZXdu
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach?
Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM:
http://secunia.com/products/corporate/vim/ovum_2011_request/
----------------------------------------------------------------------
TITLE:
Apple iTunes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA46339
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/46339/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=46339
RELEASE DATE:
2011-10-13
DISCUSS ADVISORY:
http://secunia.com/advisories/46339/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/46339/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46339
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Apple has reported multiple vulnerabilities in Apple iTunes, which
can be exploited by malicious people to disclose sensitive
information, manipulate certain data, conduct cross-site scripting
and spoofing attacks, bypass certain security restrictions, and
compromise a user's system.
For more information:
SA44375 (#8)
SA45097 (#2)
SA45325
SA45498
SA45698 (#2)
SA46049 (#11)
SA46171 (#6)
1) An error in the CoreFoundation component when handling string
tokenization can be exploited to corrupt memory via a MitM
(Man-in-the-Middle) attack.
2) An error in the CoreAudio component when handling Advanced Audio
Coding (AAC) streams can be exploited to cause a buffer overflow.
NOTE: Vulnerabilities #1 and #2 do not affect the application on OS X
Lion systems.
3) An error in the CoreMedia component when handling H.264 encoded
movie files can be exploited to cause a buffer overflow.
4) Some errors in the WebKit component when using the
AddressSanitizer can be exploited to corrupt memory.
SOLUTION:
Update to version 10.5.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
1) Reported by the vendor.
The vendor also credits:
2) Luigi Auriemma via ZDI.
3) Damian Put via ZDI.
4) Cris Neckar, Adam Barth, and Abhishek Arya (Inferno), Google
Chrome Security Team.
The vendor provides a bundled list of credits for vulnerabilities in
#5:
* Cris Neckar, Google Chrome Security Team
* Abhishek Arya (Inferno), Google Chrome Security Team
* SkyLined, Google Chrome Security Team
* Raman Tenneti and Philip Rogers, Google
* Sadrul Habib Chowdhury, Chromium development community
* Cris Neckar and Abhishek Arya (Inferno), Google Chrome Security
Team
* Dimitri Glazkov, Kent Tamura, Dominic Cooney, Chromium development
community
* Martin Barbella
* Slawomir Blazek
* vkouchna
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT4981
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201110-0240 | CVE-2011-2354 | Apple iTunes Used in WebKit Vulnerable to arbitrary code execution |
CVSS V2: 7.6 CVSS V3: - Severity: HIGH |
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. WebKit is prone to multiple unspecified remote code-execution vulnerabilities.
Attackers can exploit these issues by performing a man-in-the-middle attack. Successful attacks will result in arbitrary code execution; failed attacks may cause denial-of-service conditions. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2011-10-12-4 Safari 5.1.1
Safari 5.1.1 is now available and addresses the following:
Safari
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista,
XP SP2 or later
Impact: Visiting a malicious website may cause the execution of
arbitrary Javascript in the context of installed Safari Extensions
Description: A directory traversal issue existed in the handling of
safari-extension:// URLs. Visiting a malicious website may cause
execution of arbitrary Javascript in the context of installed Safari
Extensions, which may have context-dependent ramifications including
files from the user's system being sent to a remote server.
This issue does not affect Windows systems.
CVE-ID
CVE-2011-3230 : Aaron Sigel of vtty.com
Safari
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Visiting a malicious website may lead to arbitrary code
execution
Description: An uninitialized memory access issue existed in the
handling of SSL certificates.
CVE-ID
CVE-2011-3231 : Jason Broccardo of Fermi National Accelerator
Laboratory
WebKit
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista,
XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
CVE-ID
CVE-2011-1440 : Jose A.
CVE-ID
CVE-2011-2800 : Juho Nurminen
WebKit
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista,
XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A cross-origin issue existed in the handling of the
window.open method.
CVE-ID
CVE-2011-2805 : Sergey Glazunov
WebKit
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista,
XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A cross-origin issue existed in the handling of the
document.documentURI property.
CVE-ID
CVE-2011-2819 : Sergey Glazunov
WebKit
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista,
XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A cross-origin issue existed in the handling of
inactive DOM windows.
CVE-ID
CVE-2011-3243 : Sergey Glazunov
WebKit
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.2, OS X Lion Server v10.7.2
Impact: In Private Browsing mode, cookies may be set even if "Block
cookies" is set to "Always"
Description: A logic issue existed in the handling of cookies in
Private Browsing mode. This issue does not affect Windows systems.
CVE-ID
CVE-2011-3242 : John Adamczyk
Safari 5.1.1 is available via the Apple Software Update
application, or Apple's Safari download site at:
http://www.apple.com/safari/download/
Safari for OS X Lion v10.7.2
The download file is named: Safari5.1.1Lion.dmg
Its SHA-1 digest is: 368113397d35475a0a4d0b0dbf3b31f543cfb4c5
Safari for Mac OS X v10.6.8
The download file is named: Safari5.1.1SnowLeopard.dmg
Its SHA-1 digest is: 4c588d86032ab24984b721354748f028b559fb37
Safari for Windows 7, Vista or XP
The download file is named: SafariSetup.exe
Its SHA-1 digest is: 5a2d3e0c0e601938f1d64d517e6a8199cd563d10
Safari for Windows 7, Vista or XP from the Microsoft Choice Screen
The download file is named: Safari_Setup.exe
Its SHA-1 digest is: f0094f19b7a6b0a96a4fe6407b0037223ae44b15
Safari+QuickTime for Windows 7, Vista or XP
The file is named: SafariQuickTimeSetup.exe
Its SHA-1 digest is: 3dbfe52e5be6409d0ad1fcb22e747963e10db218
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
iQEcBAEBAgAGBQJOlLv6AAoJEGnF2JsdZQeeqOUH/RWDBq5xXEegxI+N92+9lB42
J6ZBcO8rrigAhYz59ZJG0NF8VGZI0DSFI+dxC8XeoKfiamvkaZo1lYGLdqWiTkxz
6ODprWbfGVcwFd9rNeCbIc9E5FV0SRbS1xCv+JnrwR2i2raqgAEWc4CpAcH5mgqT
5G2cWhwS8EMUNXZz/C0IjkfNBAjQ2c9BHVHj0Wid5vyXutju3WOcBXwqcbTpNANI
NiVHf5ucaRep6110riIYazuCdFLCcwZDaySw2n2ZhelliTz1tpCa7uVoJfZjyeyw
xwY/QjLDBTSpUYDTPC//XG7ZswptKHFjrX4KtxD9XTltq5wNGJavJzKf2qa4jrM=
=ZXdu
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach?
Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM:
http://secunia.com/products/corporate/vim/ovum_2011_request/
----------------------------------------------------------------------
TITLE:
Apple iTunes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA46339
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/46339/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=46339
RELEASE DATE:
2011-10-13
DISCUSS ADVISORY:
http://secunia.com/advisories/46339/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/46339/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46339
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Apple has reported multiple vulnerabilities in Apple iTunes, which
can be exploited by malicious people to disclose sensitive
information, manipulate certain data, conduct cross-site scripting
and spoofing attacks, bypass certain security restrictions, and
compromise a user's system.
For more information:
SA44375 (#8)
SA45097 (#2)
SA45325
SA45498
SA45698 (#2)
SA46049 (#11)
SA46171 (#6)
1) An error in the CoreFoundation component when handling string
tokenization can be exploited to corrupt memory via a MitM
(Man-in-the-Middle) attack.
2) An error in the CoreAudio component when handling Advanced Audio
Coding (AAC) streams can be exploited to cause a buffer overflow.
NOTE: Vulnerabilities #1 and #2 do not affect the application on OS X
Lion systems.
3) An error in the CoreMedia component when handling H.264 encoded
movie files can be exploited to cause a buffer overflow.
4) Some errors in the WebKit component when using the
AddressSanitizer can be exploited to corrupt memory.
SOLUTION:
Update to version 10.5.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
1) Reported by the vendor.
The vendor also credits:
2) Luigi Auriemma via ZDI.
3) Damian Put via ZDI.
4) Cris Neckar, Adam Barth, and Abhishek Arya (Inferno), Google
Chrome Security Team.
The vendor provides a bundled list of credits for vulnerabilities in
#5:
* Cris Neckar, Google Chrome Security Team
* Abhishek Arya (Inferno), Google Chrome Security Team
* SkyLined, Google Chrome Security Team
* Raman Tenneti and Philip Rogers, Google
* Sadrul Habib Chowdhury, Chromium development community
* Cris Neckar and Abhishek Arya (Inferno), Google Chrome Security
Team
* Dimitri Glazkov, Kent Tamura, Dominic Cooney, Chromium development
community
* Martin Barbella
* Slawomir Blazek
* vkouchna
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT4981
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201110-0173 | CVE-2011-0259 | Apple iTunes Used in CoreFoundation Service disruption in (DoS) Vulnerabilities |
CVSS V2: 7.6 CVSS V3: - Severity: HIGH |
CoreFoundation, as used in Apple iTunes before 10.5, does not properly perform string tokenization, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. Apple Mac OS X is prone to a memory-corruption vulnerability.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. A vulnerability exists in CoreFoundation in Apple iTunes versions prior to 10.5.
Description: Multiple memory corruption issues existed in WebKit. Apple has
released updates to address these vulnerabilities.
I. Apple has released updates to address these
vulnerabilities.
II.
III. This advisory describes any known issues related to the
updates and the specific impacts for each vulnerability.
Administrators are encouraged to note these issues and impacts and
test for any potentially adverse effects before wide-scale
deployment.
IV. Please send
email to <cert@cert.org> with "TA11-286A Feedback VU#421739" in
the subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2011 by US-CERT, a government organization. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2011-10-12-3 OS X Lion v10.7.2 and Security Update 2011-006
OS X Lion v10.7.2 and Security Update 2011-006 is now available and
addresses the following:
Apache
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1
Impact: Multiple vulnerabilities in Apache
Description: Apache is updated to version 2.2.20 to address several
vulnerabilities, the most serious of which may lead to a denial of
service. Further
information is available via the Apache web site at
http://httpd.apache.org/
CVE-ID
CVE-2011-0419
CVE-2011-3192
Application Firewall
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1
Impact: Executing a binary with a maliciously crafted name may lead
to arbitrary code execution with elevated privileges
Description: A format string vulnerability existed in Application
Firewall's debug logging.
CVE-ID
CVE-2011-0185 : an anonymous reporter
ATS
Available for: OS X Lion v10.7 and v10.7.1,
OS X Lion Server v10.7 and v10.7.1
Impact: Viewing or downloading a document containing a maliciously
crafted embedded font may lead to arbitrary code execution
Description: A signedness issue existed in ATS' handling of Type 1
fonts. This issue does not affect systems prior to OS X Lion.
CVE-ID
CVE-2011-3437
ATS
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Viewing or downloading a document containing a maliciously
crafted embedded font may lead to arbitrary code execution
Description: An out of bounds memory access issue existed in ATS'
handling of Type 1 fonts. This issue does not affect OS X Lion
systems.
CVE-ID
CVE-2011-0229 : Will Dormann of the CERT/CC
ATS
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1
Impact: Applications which use the ATSFontDeactivate API may be
vulnerable to an unexpected application termination or arbitrary code
execution
Description: A buffer overflow issue existed in the
ATSFontDeactivate API.
CVE-ID
CVE-2011-0230 : Steven Michaud of Mozilla
BIND
Available for: OS X Lion v10.7 and v10.7.1,
OS X Lion Server v10.7 and v10.7.1
Impact: Multiple vulnerabilities in BIND 9.7.3
Description: Multiple denial of service issues existed in BIND
9.7.3. These issues are addressed by updating BIND to version
9.7.3-P3.
CVE-ID
CVE-2011-1910
CVE-2011-2464
BIND
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Multiple vulnerabilities in BIND
Description: Multiple denial of service issues existed in BIND.
These issues are addressed by updating BIND to version 9.6-ESV-R4-P3.
Impact: Root certificates have been updated
Description: Several trusted certificates were added to the list of
system roots. Several existing certificates were updated to their
most recent version. The complete list of recognized system roots may
be viewed via the Keychain Access application.
CFNetwork
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Safari may store cookies it is not configured to accept
Description: A synchronization issue existed in CFNetwork's handling
of cookie policies. Safari's cookie preferences may not be honored,
allowing websites to set cookies that would be blocked were the
preference enforced. This update addresses the issue through improved
handling of cookie storage.
CVE-ID
CVE-2011-0231 : Martin Tessarek, Steve Riggins of Geeks R Us, Justin
C. Walker, and Stephen Creswell
CFNetwork
Available for: OS X Lion v10.7 and v10.7.1,
OS X Lion Server v10.7 and v10.7.1
Impact: Visiting a maliciously crafted website may lead to the
disclosure of sensitive information
Description: An issue existed in CFNetwork's handling of HTTP
cookies. When accessing a maliciously crafted HTTP or HTTPS URL,
CFNetwork could incorrectly send the cookies for a domain to a server
outside that domain. This issue does not affect systems prior to OS X
Lion.
CVE-ID
CVE-2011-3246 : Erling Ellingsen of Facebook
CoreFoundation
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Viewing a maliciously crafted website or e-mail message may
lead to an unexpected application termination or arbitrary code
execution
Description: A memory corruption issue existed in CoreFoundation's
handling of string tokenization. This issue does not affect OS X Lion
systems. This update addresses the issue through improved bounds
checking.
CVE-ID
CVE-2011-0259 : Apple
CoreMedia
Available for: OS X Lion v10.7 and v10.7.1,
OS X Lion Server v10.7 and v10.7.1
Impact: Visiting a maliciously crafted website may lead to the
disclosure of video data from another site
Description: A cross-origin issue existed in CoreMedia's handling of
cross-site redirects. This issue is addressed through improved origin
tracking.
CVE-ID
CVE-2011-0187 : Nirankush Panchbhai and Microsoft Vulnerability
Research (MSVR)
CoreMedia
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in the
handling of QuickTime movie files. These issues do not affect OS X
Lion systems.
CVE-ID
CVE-2011-0224 : Apple
CoreProcesses
Available for: OS X Lion v10.7 and v10.7.1,
OS X Lion Server v10.7 and v10.7.1
Impact: A person with physical access to a system may partially
bypass the screen lock
Description: A system window, such as a VPN password prompt, that
appeared while the screen was locked may have accepted keystrokes
while the screen was locked. This issue is addressed by preventing
system windows from requesting keystrokes while the screen is locked.
This issue does not affect systems prior to OS X Lion.
CVE-ID
CVE-2011-0260 : Clint Tseng of the University of Washington, Michael
Kobb, and Adam Kemp
CoreStorage
Available for: OS X Lion v10.7 and v10.7.1,
OS X Lion Server v10.7 and v10.7.1
Impact: Converting to FileVault does not erase all existing data
Description: After enabling FileVault, approximately 250MB at the
start of the volume was left unencrypted on the disk in an unused
area. Only data which was present on the volume before FileVault was
enabled was left unencrypted. This issue is addressed by erasing this
area when enabling FileVault, and on the first use of an encrypted
volume affected by this issue. This issue does not affect systems
prior to OS X Lion.
CVE-ID
CVE-2011-3212 : Judson Powers of ATC-NY
File Systems
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1
Impact: An attacker in a privileged network position may manipulate
HTTPS server certificates, leading to the disclosure of sensitive
information
Description: An issue existed in the handling of WebDAV volumes on
HTTPS servers. If the server presented a certificate chain that could
not be automatically verified, a warning was displayed and the
connection was closed. If the user clicked the "Continue" button in
the warning dialog, any certificate was accepted on the following
connection to that server. An attacker in a privileged network
position may have manipulated the connection to obtain sensitive
information or take action on the server on the user's behalf. This
update addresses the issue by validating that the certificate
received on the second connection is the same certificate originally
presented to the user.
CVE-ID
CVE-2011-3213 : Apple
IOGraphics
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: A person with physical access may be able to bypass the
screen lock
Description: An issue existed with the screen lock when used with
Apple Cinema Displays. When a password is required to wake from
sleep, a person with physical access may be able to access the system
without entering a password if the system is in display sleep mode.
This update addresses the issue by ensuring that the lock screen is
correctly activated in display sleep mode. This issue does not affect
OS X Lion systems.
CVE-ID
CVE-2011-3214 : Apple
iChat Server
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1
Impact: A remote attacker may cause the Jabber server to consume
system resources disproportionately
Description: An issue existed in the handling of XML external
entities in jabberd2, a server for the Extensible Messaging and
Presence Protocol (XMPP). jabberd2 expands external entities in
incoming requests. This allows an attacker to consume system
resources very quickly, denying service to legitimate users of the
server. This update addresses the issue by disabling entity expansion
in incoming requests.
CVE-ID
CVE-2011-1755
Kernel
Available for: OS X Lion v10.7 and v10.7.1,
OS X Lion Server v10.7 and v10.7.1
Impact: A person with physical access may be able to access the
user's password
Description: A logic error in the kernel's DMA protection permitted
firewire DMA at loginwindow, boot, and shutdown, although not at
screen lock. This update addresses the issue by preventing firewire
DMA at all states where the user is not logged in.
CVE-ID
CVE-2011-3215 : Passware, Inc.
Kernel
Available for: OS X Lion v10.7 and v10.7.1,
OS X Lion Server v10.7 and v10.7.1
Impact: An unprivileged user may be able to delete another user's
files in a shared directory
Description: A logic error existed in the kernel's handling of file
deletions in directories with the sticky bit.
CVE-ID
CVE-2011-3216 : Gordon Davisson of Crywolf, Linc Davis, R. Dormer,
and Allan Schmid and Oliver Jeckel of brainworks Training
libsecurity
Available for: OS X Lion v10.7 and v10.7.1,
OS X Lion Server v10.7 and v10.7.1
Impact: Viewing a maliciously crafted website or e-mail message may
lead to an unexpected application termination or arbitrary code
execution
Description: An error handling issue existed when parsing a
nonstandard certificate revocation list extension.
CVE-ID
CVE-2011-3227 : Richard Godbee of Virginia Tech
Mailman
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Multiple vulnerabilities in Mailman 2.1.14
Description: Multiple cross-site scripting issues existed in Mailman
2.1.14. These issues are addressed by improved encoding of characters
in HTML output. Further information is available via the Mailman site
at http://mail.python.org/pipermail/mailman-
announce/2011-February/000158.html This issue does not affect OS X
Lion systems.
CVE-ID
CVE-2011-0707
MediaKit
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Opening a maliciously crafted disk image may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in the
handling of disk images. These issues do not affect OS X Lion
systems.
CVE-ID
CVE-2011-3217 : Apple
Open Directory
Available for: OS X Lion v10.7 and v10.7.1,
OS X Lion Server v10.7 and v10.7.1
Impact: Any user may read another local user's password data
Description: An access control issue existed in Open Directory. This
issue does not affect systems prior to OS X Lion.
CVE-ID
CVE-2011-3435 : Arek Dreyer of Dreyer Network Consultants, Inc, and
Patrick Dunstan at defenseindepth.net
Open Directory
Available for: OS X Lion v10.7 and v10.7.1,
OS X Lion Server v10.7 and v10.7.1
Impact: An authenticated user may change that account's password
without providing the current password
Description: An access control issue existed in Open Directory. This
issue does not affect systems prior to OS X Lion.
CVE-ID
CVE-2011-3436 : Patrick Dunstan at defenceindepth.net
Open Directory
Available for: OS X Lion v10.7 and v10.7.1,
OS X Lion Server v10.7 and v10.7.1
Impact: A user may be able to log in without a password
Description: When Open Directory is bound to an LDAPv3 server using
RFC2307 or custom mappings, such that there is no
AuthenticationAuthority attribute for a user, an LDAP user may be
allowed to log in without a password. This issue does not affect
systems prior to OS X Lion.
CVE-ID
CVE-2011-3226 : Jeffry Strunk of The University of Texas at Austin,
Steven Eppler of Colorado Mesa University, Hugh Cole-Baker, and
Frederic Metoz of Institut de Biologie Structurale
PHP
Available for: OS X Lion v10.7 and v10.7.1,
OS X Lion Server v10.7 and v10.7.1
Impact: Viewing a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A signedness issue existed in FreeType's handling of
Type 1 fonts. This issue is addressed by updating FreeType to version
2.4.6. This issue does not affect systems prior to OS X Lion. Further
information is available via the FreeType site at
http://www.freetype.org/
CVE-ID
CVE-2011-0226
PHP
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1
Impact: Multiple vulnerabilities in libpng 1.4.3
Description: libpng is updated to version 1.5.4 to address multiple
vulnerabilities, the most serious of which may lead to arbitrary code
execution. Further information is available via the libpng website at
http://www.libpng.org/pub/png/libpng.html
CVE-ID
CVE-2011-2690
CVE-2011-2691
CVE-2011-2692
PHP
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Multiple vulnerabilities in PHP 5.3.4
Description: PHP is updated to version 5.3.6 to address multiple
vulnerabilities, the most serious of which may lead to arbitrary code
execution. This issues do not affect OS X Lion systems. Further
information is available via the PHP website at http://www.php.net/
CVE-ID
CVE-2010-3436
CVE-2010-4645
CVE-2011-0420
CVE-2011-0421
CVE-2011-0708
CVE-2011-1092
CVE-2011-1153
CVE-2011-1466
CVE-2011-1467
CVE-2011-1468
CVE-2011-1469
CVE-2011-1470
CVE-2011-1471
postfix
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: An attacker in a privileged network position may manipulate
mail sessions, resulting in the disclosure of sensitive information
Description: A logic issue existed in Postfix in the handling of the
STARTTLS command. After receiving a STARTTLS command, Postfix may
process other plain-text commands. An attacker in a privileged
network position may manipulate the mail session to obtain sensitive
information from the encrypted traffic. This update addresses the
issue by clearing the command queue after processing a STARTTLS
command. This issue does not affect OS X Lion systems. Further
information is available via the Postfix site at
http://www.postfix.org/announcements/postfix-2.7.3.html
CVE-ID
CVE-2011-0411
python
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1
Impact: Multiple vulnerabilities in python
Description: Multiple vulnerabilities existed in python, the most
serious of which may lead to arbitrary code execution. This update
addresses the issues by applying patches from the python project.
Further information is available via the python site at
http://www.python.org/download/releases/
CVE-ID
CVE-2010-1634
CVE-2010-2089
CVE-2011-1521
QuickTime
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in
QuickTime's handling of movie files.
CVE-ID
CVE-2011-3228 : Apple
QuickTime
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow existed in the handling of STSC
atoms in QuickTime movie files. This issue does not affect OS X Lion
systems.
CVE-ID
CVE-2011-0249 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero
Day Initiative
QuickTime
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow existed in the handling of STSS
atoms in QuickTime movie files. This issue does not affect OS X Lion
systems.
CVE-ID
CVE-2011-0250 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero
Day Initiative
QuickTime
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow existed in the handling of STSZ
atoms in QuickTime movie files. This issue does not affect OS X Lion
systems.
CVE-ID
CVE-2011-0251 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero
Day Initiative
QuickTime
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow existed in the handling of STTS
atoms in QuickTime movie files. This issue does not affect OS X Lion
systems.
CVE-ID
CVE-2011-0252 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero
Day Initiative
QuickTime
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: An attacker in a privileged network position may inject
script in the local domain when viewing template HTML
Description: A cross-site scripting issue existed in QuickTime
Player's "Save for Web" export. The template HTML files generated by
this feature referenced a script file from a non-encrypted origin. An
attacker in a privileged network position may be able to inject
malicious scripts in the local domain if the user views a template
file locally. This issue is resolved by removing the reference to an
online script. This issue does not affect OS X Lion systems.
CVE-ID
CVE-2011-3218 : Aaron Sigel of vtty.com
QuickTime
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in QuickTime's handling of
H.264 encoded movie files.
CVE-ID
CVE-2011-3219 : Damian Put working with TippingPoint's Zero Day
Initiative
QuickTime
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1
Impact: Viewing a maliciously crafted movie file may lead to the
disclosure of memory contents
Description: An uninitialized memory access issue existed in
QuickTime's handling of URL data handlers within movie files.
CVE-ID
CVE-2011-3220 : Luigi Auriemma working with TippingPoint's Zero Day
Initiative
QuickTime
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: An implementation issue existed in QuickTime's handling
of the atom hierarchy within a movie file.
CVE-ID
CVE-2011-3221 : an anonymous researcher working with TippingPoint's
Zero Day Initiative
QuickTime
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1
Impact: Viewing a maliciously crafted FlashPix file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in QuickTime's handling of
FlashPix files.
CVE-ID
CVE-2011-3222 : Damian Put working with TippingPoint's Zero Day
Initiative
QuickTime
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in QuickTime's handling of
FLIC files.
CVE-ID
CVE-2011-3223 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero
Day Initiative
SMB File Server
Available for: OS X Lion v10.7 and v10.7.1,
OS X Lion Server v10.7 and v10.7.1
Impact: A guest user may browse shared folders
Description: An access control issue existed in the SMB File Server.
Disallowing guest access to the share point record for a folder
prevented the '_unknown' user from browsing the share point but not
guests (user 'nobody'). This issue is addressed by applying the
access control to the guest user. This issue does not affect systems
prior to OS X Lion.
CVE-ID
CVE-2011-3225
Tomcat
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Multiple vulnerabilities in Tomcat 6.0.24
Description: Tomcat is updated to version 6.0.32 to address multiple
vulnerabilities, the most serious of which may lead to a cross site
scripting attack.
This issue does not affect OS X Lion systems. Further information is
available via the Tomcat site at http://tomcat.apache.org/
CVE-ID
CVE-2010-1157
CVE-2010-2227
CVE-2010-3718
CVE-2010-4172
CVE-2011-0013
CVE-2011-0534
User Documentation
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: An attacker in a privileged network position may manipulate
App Store help content, leading to arbitrary code execution
Description: App Store help content was updated over HTTP. This
update addresses the issue by updating App Store help content over
HTTPS. This issue does not affect OS X Lion systems.
CVE-ID
CVE-2011-3224 : Aaron Sigel of vtty.com
Web Server
Available for: Mac OS X Server v10.6.8
Impact: Clients may be unable to access web services that require
digest authentication
Description: An issue in the handling of HTTP Digest authentication
was addressed. Users may be denied access to the server's resources,
when the server configuration should have allowed the access. This
issue does not represent a security risk, and was addressed to
facilitate the use of stronger authentication mechanisms. Systems
running OS X Lion Server are not affected by this issue. These issues
are addressed by updating libpng to version 1.5.4 on OS Lion systems,
and to 1.2.46 on Mac OS X v10.6 systems. Further information is
available via the libpng website at
http://www.libpng.org/pub/png/libpng.html
CVE-ID
CVE-2011-2690
CVE-2011-2691
CVE-2011-2692
OS X Lion v10.7.2 also includes Safari 5.1.1. For information on
the security content of Safari 5.1.1, please visit:
http://support.apple.com/kb/HT5000
OS X Lion v10.7.2 and Security Update 2011-006 may be obtained from
the Software Update pane in System Preferences, or Apple's Software
Downloads web site:
http://www.apple.com/support/downloads/
The Software Update utility will present the update that applies
to your system configuration.
For OS X Lion v10.7.1
The download file is named: MacOSXUpd10.7.2.dmg
Its SHA-1 digest is: 37f784e08d4461e83a891a7f8b8af24c2ceb8229
For OS X Lion v10.7
The download file is named: MacOSXUpdCombo10.7.2.dmg
Its SHA-1 digest is: accd06d610af57df24f62ce7af261395944620eb
For OS X Lion Server v10.7.1
The download file is named: MacOSXServerUpd10.7.2.dmg
Its SHA-1 digest is: e4084bf1dfa295a42f619224d149e515317955da
For OS X Lion Server v10.7
The download file is named: MacOSXServerUpdCombo10.7.2.dmg
Its SHA-1 digest is: 25e86f5cf97b6644c7a025230431b1992962ec4a
For Mac OS X v10.6.8
The download file is named: SecUpd2011-006Snow.dmg
Its SHA-1 digest is: 0f9c29610a06370d0c85a4c92dc278a48ba17a84
For Mac OS X Server v10.6.8
The download file is named: SecUpdSrvr2011-006.dmg
Its SHA-1 digest is: 12de3732710bb03059f93527189d221c97ef8a06
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
iQEcBAEBAgAGBQJOlc/zAAoJEGnF2JsdZQeeWFcH/RDHS+dCP8T4a92uYRIbs9T3
TFbT7hnOoTB0H+2eN3oziLNime2N4mO921heHobiAKSXv/luU41ZPHxVd6rE77Md
/BHDqLv65RA0XFTIPmrTcfpLhI5UgXDLfOLrsmdwTm52l5zQZkoxufYFf3mB3h7U
ZJUD1s081Pjy45/Cbao097+JrDwS7ahhgkvTmpmSvJK/wWRz4JtZkvIYcQ2uQFR4
sTg4l6pmi3d8sJJ4wzrEaxDpclRjvjURI4DiBMYwGAXeCMRgYi0y03tYtkjXoaSG
69h2yD8EXQBuJkDyouak7/M/eMwUfb2S6o1HyXTldjdvFBFvvwvl+Y3xp8YmDzU=
=gsvn
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach?
Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM:
http://secunia.com/products/corporate/vim/ovum_2011_request/
----------------------------------------------------------------------
TITLE:
Apple iTunes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA46339
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/46339/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=46339
RELEASE DATE:
2011-10-13
DISCUSS ADVISORY:
http://secunia.com/advisories/46339/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/46339/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46339
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Apple has reported multiple vulnerabilities in Apple iTunes, which
can be exploited by malicious people to disclose sensitive
information, manipulate certain data, conduct cross-site scripting
and spoofing attacks, bypass certain security restrictions, and
compromise a user's system.
For more information:
SA44375 (#8)
SA45097 (#2)
SA45325
SA45498
SA45698 (#2)
SA46049 (#11)
SA46171 (#6)
1) An error in the CoreFoundation component when handling string
tokenization can be exploited to corrupt memory via a MitM
(Man-in-the-Middle) attack.
2) An error in the CoreAudio component when handling Advanced Audio
Coding (AAC) streams can be exploited to cause a buffer overflow.
3) An error in the CoreMedia component when handling H.264 encoded
movie files can be exploited to cause a buffer overflow.
Successful exploitation of vulnerabilities #1 through #5 may allow
execution of arbitrary code.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
1) Reported by the vendor.
The vendor also credits:
2) Luigi Auriemma via ZDI.
3) Damian Put via ZDI.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
CVE-ID
CVE-2011-3254 : Rick Deacon
CFNetwork
Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,
iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,
iOS 3.2 through 4.3.5 for iPad
Impact: User's AppleID password may be logged to a local file
Description: A user's AppleID password and username were logged to a
file that was readable by applications on the system. This is
resolved by no longer logging these credentials.
CVE-ID
CVE-2011-0187 : Nirankush Panchbhai and Microsoft Vulnerability
Research (MSVR)
Data Access
Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,
iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,
iOS 3.2 through 4.3.5 for iPad
Impact: An exchange mail cookie management issue could incorrectly
cause data synchronization across different accounts
Description: When multiple mail exchange accounts are configured
which connect to the same server, a session could potentially receive
a valid cookie corresponding to a different account. This issue is
addressed by ensuring that cookies are separated across different
accounts.
CVE-ID
CVE-2011-3257 : Bob Sielken of IBM
Data Security
Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,
iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,
iOS 3.2 through 4.3.5 for iPad
Impact: An attacker with a privileged network position may intercept
user credentials or other sensitive information
Description: Fraudulent certificates were issued by multiple
certificate authorities operated by DigiNotar.
Data Security
Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,
iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,
iOS 3.2 through 4.3.5 for iPad
Impact: Support for X.509 certificates with MD5 hashes may expose
users to spoofing and information disclosure as attacks improve
Description: Certificates signed using the MD5 hash algorithm were
accepted by iOS. This algorithm has known cryptographic weaknesses.
Further research or a misconfigured certificate authority could have
allowed the creation of X.509 certificates with attacker controlled
values that would have been trusted by the system. This would have
exposed X.509 based protocols to spoofing, man in the middle attacks,
and information disclosure.
CVE-ID
CVE-2011-3427
Data Security
Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,
iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,
iOS 3.2 through 4.3.5 for iPad
Impact: An attacker could decrypt part of a SSL connection
Description: Only the SSLv3 and TLS 1.0 versions of SSL were
supported. These versions are subject to a protocol weakness when
using block ciphers. A man-in-the-middle attacker could have injected
invalid data, causing the connection to close but revealing some
information about the previous data. If the same connection was
attempted repeatedly the attacker may eventually have been able to
decrypt the data being sent, such as a password.
CVE-ID
CVE-2011-3389
Home screen
Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,
iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,
iOS 3.2 through 4.3.5 for iPad
Impact: Switching between applications may lead to the disclosure of
sensitive application information
Description: When switching between applications with the four-
finger app switching gesture, the display could have revealed the
previous application state. This issue is addressed by ensuring that
the system properly calls the applicationWillResignActive: method
when transitioning between applications.
CVE-ID
CVE-2011-3431 : Abe White of Hedonic Software Inc.
CVE-ID
CVE-2011-0206 : David Bienvenu of Mozilla
Kernel
Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,
iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,
iOS 3.2 through 4.3.5 for iPad
Impact: A remote attacker may cause a device reset
Description: The kernel failed to promptly reclaim memory from
incomplete TCP connections.
CVE-ID
CVE-2011-3259 : Wouter van der Veer of Topicus I&I, and Josh Enders
Kernel
Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,
iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,
iOS 3.2 through 4.3.5 for iPad
Impact: A local user may be able to cause a system reset
Description: A null dereference issue existed in the handling of
IPV6 socket options.
CVE-ID
CVE-2011-1132 : Thomas Clement of Intego
Keyboards
Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,
iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,
iOS 3.2 through 4.3.5 for iPad
Impact: A user may be able to determine information about the last
character of a password
Description: The keyboard used to type the last character of a
password was briefly displayed the next time the keyboard was used.
CVE-ID
CVE-2011-0184 : Tobias Klein working with iDefense VCP
Safari
Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,
iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,
iOS 3.2 through 4.3.5 for iPad
Impact: Opening maliciously crafted files on certain websites may
lead to a cross-site scripting attack
Description: iOS did not support the 'attachment' value for the HTTP
Content-Disposition header. This header is used by many websites to
serve files that were uploaded to the site by a third-party, such as
attachments in web-based e-mail applications.
CVE-ID
CVE-2011-3426 : Christian Matthies working with iDefense VCP,
Yoshinori Oota from Business Architects Inc working with JP/CERT
Settings
Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,
iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,
iOS 3.2 through 4.3.5 for iPad
Impact: An attacker with physical access to a device may be able to
recover the restrictions passcode
Description: The parental restrictions functionality enforces UI
restrictions. Configuring parental restrictions is protected by a
passcode, which was previously stored in plaintext on disk. This
issue is addressed by securely storing the parental restrictions
passcode in the system keychain.
CVE-ID
CVE-2011-3429 : an anonymous reporter
Settings
Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,
iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,
iOS 3.2 through 4.3.5 for iPad
Impact: Misleading UI
Description: Configurations and settings applied via configuration
profiles did not appear to function properly under any non-English
language. Settings could be improperly displayed as a result.
CVE-ID
CVE-2011-3430 : Florian Kreitmaier of Siemens CERT
UIKit Alerts
Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,
iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,
iOS 3.2 through 4.3.5 for iPad
Impact: Visiting a malicious website may cause an unexpected device
hang
Description: An excessive maximum text layout length permitted
malicious websites to cause iOS to hang when drawing acceptance
dialogs for very long tel: URIs.
CVE-ID
CVE-2011-0218 : SkyLined of Google Chrome Security Team
CVE-2011-0221 : Abhishek Arya (Inferno) of Google Chrome Security
Team
CVE-2011-0222 : Nikita Tarakanov and Alex Bazhanyuk of the CISS
Research Team, and Abhishek Arya (Inferno) of Google Chrome Security
Team
CVE-2011-0225 : Abhishek Arya (Inferno) of Google Chrome Security
Team
CVE-2011-0232 : J23 working with TippingPoint's Zero Day Initiative
CVE-2011-0233 : wushi of team509 working with TippingPoint's Zero Day
Initiative
CVE-2011-0234 : Rob King working with TippingPoint's Zero Day
Initiative, wushi of team509 working with TippingPoint's Zero Day
Initiative
CVE-2011-0235 : Abhishek Arya (Inferno) of Google Chrome Security
Team
CVE-2011-0238 : Adam Barth of Google Chrome Security Team
CVE-2011-0254 : An anonymous researcher working with TippingPoint's
Zero Day Initiative
CVE-2011-0255 : An anonymous reporter working with TippingPoint's
Zero Day Initiative
CVE-2011-0981 : Rik Cabanier of Adobe Systems, Inc
CVE-2011-0983 : Martin Barbella
CVE-2011-1109 : Sergey Glazunov
CVE-2011-1114 : Martin Barbella
CVE-2011-1115 : Martin Barbella
CVE-2011-1117 : wushi of team509
CVE-2011-1121 : miaubiz
CVE-2011-1188 : Martin Barbella
CVE-2011-1203 : Sergey Glazunov
CVE-2011-1204 : Sergey Glazunov
CVE-2011-1288 : Andreas Kling of Nokia
CVE-2011-1293 : Sergey Glazunov
CVE-2011-1296 : Sergey Glazunov
CVE-2011-1449 : Marek Majkowski
CVE-2011-1451 : Sergey Glazunov
CVE-2011-1453 : wushi of team509 working with TippingPoint's Zero Day
Initiative
CVE-2011-1457 : John Knottenbelt of Google
CVE-2011-1462 : wushi of team509
CVE-2011-1797 : wushi of team509
CVE-2011-2338 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2011-2339 : Cris Neckar of the Google Chrome Security Team
CVE-2011-2341 : Apple
CVE-2011-2351 : miaubiz
CVE-2011-2352 : Apple
CVE-2011-2354 : Apple
CVE-2011-2356 : Adam Barth and Abhishek Arya of Google Chrome
Security Team using AddressSanitizer
CVE-2011-2359 : miaubiz
CVE-2011-2788 : Mikolaj Malecki of Samsung
CVE-2011-2790 : miaubiz
CVE-2011-2792 : miaubiz
CVE-2011-2797 : miaubiz
CVE-2011-2799 : miaubiz
CVE-2011-2809 : Abhishek Arya (Inferno) of Google Chrome Security
Team
CVE-2011-2813 : Cris Neckar of Google Chrome Security Team using
AddressSanitizer
CVE-2011-2814 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2011-2816 : Apple
CVE-2011-2817 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2011-2818 : Martin Barbella
CVE-2011-2820 : Raman Tenneti and Philip Rogers of Google
CVE-2011-2823 : SkyLined of Google Chrome Security Team
CVE-2011-2827 : miaubiz
CVE-2011-2831 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2011-3232 : Aki Helin of OUSPG
CVE-2011-3234 : miaubiz
CVE-2011-3235 : Dimitri Glazkov, Kent Tamura, Dominic Cooney of the
Chromium development community, and Abhishek Arya (Inferno) of Google
Chrome Security Team
CVE-2011-3236 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2011-3237 : Dimitri Glazkov, Kent Tamura, Dominic Cooney of the
Chromium development community, and Abhishek Arya (Inferno) of Google
Chrome Security Team
CVE-2011-3244 : vkouchna
WebKit
Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,
iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,
iOS 3.2 through 4.3.5 for iPad
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A cross-origin issue existed in the handling of URLs
with an embedded username.
CVE-ID
CVE-2011-1295 : Sergey Glazunov
WebKit
Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,
iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,
iOS 3.2 through 4.3.5 for iPad
Impact: A maliciously crafted website may be able to cause a
different URL to be shown in the address bar
Description: A URL spoofing issue existed in the handling of the DOM
history object. Visiting a maliciously crafted website may lead to arbitrary
files being created with the privileges of the user, which may lead
to arbitrary code execution.
CVE-ID
CVE-2011-0166 : Michal Zalewski of Google Inc.
CVE-ID
CVE-2011-2800 : Juho Nurminen
WiFi
Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,
iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,
iOS 3.2 through 4.3.5 for iPad
Impact: WiFi credentials may be logged to a local file
Description: WiFi credentials including the passphrase and
encryption keys were logged to a file that was readable by
applications on the system. This is resolved by no longer logging
these credentials. Make sure you have an Internet connection and have
installed the latest version of iTunes from www.apple.com/itunes/
iTunes will automatically check Apple's update server on its weekly
schedule. When an update is detected, it will download it. When
the iPhone, iPod touch or iPad is docked, iTunes will present the
user with the option to install the update. We recommend applying
the update immediately if possible. Selecting Don't Install will
present the option the next time you connect your iPhone, iPod touch,
or iPad.
The automatic update process may take up to a week depending on the
day that iTunes checks for updates. You may manually obtain the
update via the Check for Updates button within iTunes. After doing
this, the update can be applied when your iPhone, iPod touch, or iPad
is docked to your computer.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update will be
"5 (9A334)"
| VAR-201110-0198 | CVE-2011-3155 | HP Onboard Administrator Vulnerable to access restrictions |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
Unspecified vulnerability in HP Onboard Administrator (OA) 3.21 through 3.31 allows remote attackers to bypass intended access restrictions via unknown vectors. The HP Onboard Administrator is a chassis controller.
An attacker can exploit this issue to bypass certain security restrictions and gain unauthorized access. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03048779
Version: 1
HPSBMU02710 SSRT100601 rev.1 - HP Onboard Administrator (OA), Remote Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
References: CVE-2011-3155
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
Onboard Administrator (OA) v3.32 is available here:
http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareIndex.jsp?lang=en&cc=us&prodNameId=3188475&prodTypeId=329290&prodSeriesId=3188465&swLang=8&taskId=135&swEnvOID=1113
HISTORY
Version:1 (rev.1) - 10 October 2011 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2011 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk6TJqoACgkQ4B86/C0qfVn/WgCfSyJvjcLYhAuK4IWi+LdmbqXJ
EFAAnR+uzG3ZZ28dtLdIt7tMhO+1XGVK
=MTwS
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach?
Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM:
http://secunia.com/products/corporate/vim/ovum_2011_request/
----------------------------------------------------------------------
TITLE:
HP Onboard Administrator Unspecified Security Bypass Vulnerability
SECUNIA ADVISORY ID:
SA46385
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/46385/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=46385
RELEASE DATE:
2011-10-15
DISCUSS ADVISORY:
http://secunia.com/advisories/46385/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/46385/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46385
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in HP Onboard Administrator, which
can be exploited by malicious people to bypass certain security
restrictions.
SOLUTION:
Update to version 3.32.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
HPSBMU02710 SSRT100601:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03048779
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201110-0518 | No CVE | IRAI AUTOMGEN Use-After-Free Multiple Remote Code Execution Vulnerabilities |
CVSS V2: - CVSS V3: - Severity: - |
IRAI AUTOMGEN is prone to multiple remote code-execution vulnerabilities because it fails to properly validate user-supplied input.
Attackers can exploit these issues to execute arbitrary code in the context of the user running the affected application. Failed exploits can trigger a denial-of-service condition.
AUTOMGEN 8.0.0.7 is vulnerable; other versions may also be affected.
| VAR-201110-0085 | CVE-2010-4914 | PHP Classifieds of tools/phpmailer/class.phpmailer.php In any PHP Code execution vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
PHP remote file inclusion vulnerability in tools/phpmailer/class.phpmailer.php in PHP Classifieds 7.3 allows remote attackers to execute arbitrary PHP code via a URL in the lang_path parameter
| VAR-201110-0454 | CVE-2011-3305 | Cisco Network Admission Control (NAC) Manager Vulnerable to directory traversal |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Directory traversal vulnerability in Cisco Network Admission Control (NAC) Manager 4.8.x allows remote attackers to read arbitrary files via crafted traffic to TCP port 443, aka Bug ID CSCtq10755.
Exploiting this issue will allow an attacker to access sensitive information, including password files and system logs. This could help the attacker launch further attacks.
This issue is tracked by Cisco BugID CSCtq10755. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach?
Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM:
http://secunia.com/products/corporate/vim/ovum_2011_request/
----------------------------------------------------------------------
TITLE:
Cisco Network Admission Control Directory Traversal Vulnerability
SECUNIA ADVISORY ID:
SA46309
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/46309/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=46309
RELEASE DATE:
2011-10-23
DISCUSS ADVISORY:
http://secunia.com/advisories/46309/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/46309/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46309
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in Cisco Network Admission Control
(NAC), which can be exploited by malicious people to disclose
sensitive information.
Certain input passed to the management interface via the URL is not
properly verified before being used. This can be exploited to
disclose the contents of arbitrary files via directory traversal
sequences.
SOLUTION:
Update to version 4.9.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Nenad Stojanovski, Macedonian Telekom.
ORIGINAL ADVISORY:
http://www.cisco.com/warp/public/707/cisco-sa-20111005-nac.shtml
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
There are no workarounds to mitigate this vulnerability.
Cisco has released free software updates that address this
vulnerability.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20111005-nac.shtml. Cisco NAC Manager software versions 4.7.X and earlier
are not affected.
Products Confirmed Not Vulnerable
+--------------------------------
The Cisco NAC Server (Appliance) is not affected. The Cisco Identity
Services Engine (ISE) is not affected. No other Cisco products are
currently known to be affected by this vulnerability.
Details
=======
The Cisco NAC (formerly Cisco Clean Access) solution allows network
administrators to authenticate, authorize, evaluate, and remediate
wired, wireless, and remote users and their machines prior to
allowing users onto the network. The solution identifies whether
machines are compliant with security policies and repairs
vulnerabilities before permitting access to the network. You can use
the NAC Manager server and its web-based administration console to
manage multiple NAC Appliances in a deployment. The
management interface uses TCP port 443. This vulnerability is documented in Cisco bug
ID CSCtq10755 and has been assigned Common Vulnerabilities and Exposures
(CVE) ID CVE-2011-3305.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerability in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at:
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at:
http://intellishield.cisco.com/security/alertmanager/cvss
* CSCtq10755 ("Directory Traversal in CCA")
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - Complete
Integrity Impact - None
Availability Impact - None
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
Impact
======
An unauthenticated attacker could exploit this vulnerability to
access sensitive information, including password files and system
logs, that could be leveraged to launch subsequent attacks.
Software Versions and Fixes
===========================
When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to determine
exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.
Additional mitigation techniques that can be deployed on Cisco
devices within the network are available in the Cisco Applied
Mitigation Bulletin companion document for this advisory:
http://www.cisco.com/warp/public/707/cisco-amb-20111005-nac.shtml.
Obtaining Fixed Software
========================
Cisco has released free software updates that address this
vulnerability. Prior to deploying software, customers should consult
their maintenance provider or check the software for feature set
compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature
sets they have purchased. By installing, downloading, accessing
or otherwise using such software upgrades, customers agree to be
bound by the terms of Cisco's software license terms found at
http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html,
or as otherwise set forth at Cisco.com Downloads at
http://www.cisco.com/public/sw-center/sw-usingswc.shtml.
Do not contact psirt@cisco.com or security-alert@cisco.com for
software upgrades.
Customers with Service Contracts
+-------------------------------
Customers with contracts should obtain upgraded software through
their regular update channels. For most customers, this means that
upgrades should be obtained through the Software Center on Cisco's
worldwide website at http://www.cisco.com.
Customers using Third Party Support Organizations
+------------------------------------------------
Customers whose Cisco products are provided or maintained through
prior or existing agreements with third-party support organizations,
such as Cisco Partners, authorized resellers, or service providers
should contact that support organization for guidance and assistance
with the appropriate course of action in regards to this advisory.
The effectiveness of any workaround or fix is dependent on specific
customer situations, such as product mix, network topology, traffic
behavior, and organizational mission. Due to the variety of affected
products and releases, customers should consult with their service
provider or support organization to ensure any applied workaround or
fix is the most appropriate for use in the intended network before it
is deployed.
Customers without Service Contracts
+----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco
service contract, and customers who purchase through third-party
vendors but are unsuccessful in obtaining fixed software through
their point of sale should acquire upgrades by contacting the Cisco
Technical Assistance Center (TAC). TAC contacts are as follows.
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac@cisco.com
Customers should have their product serial number available and be
prepared to give the URL of this notice as evidence of entitlement to
a free upgrade. Free upgrades for non-contract customers must be
requested through the TAC.
Refer to
http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html
for additional TAC contact information, including localized telephone
numbers, and instructions and e-mail addresses for use in various
languages.
Exploitation and Public Announcements
=====================================
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerability described in this advisory.
Status of this Notice: FINAL
============================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Distribution
============
This advisory is posted on Cisco's worldwide website at:
http://www.cisco.com/warp/public/707/cisco-sa-20111005-nac.shtml
In addition to worldwide web posting, a text version of this notice
is clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-bulletins@lists.first.org
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.grok.org.uk
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+------------------------------------------------------------+
| Revision 1.0 | 2011-October-05 | Initial public release. |
+------------------------------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities
in Cisco products, obtaining assistance with security
incidents, and registering to receive security information
from Cisco, is available on Cisco's worldwide website at
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html.
This includes instructions for press inquiries regarding
Cisco security notices. All Cisco security advisories are available at
http://www.cisco.com/go/psirt. All rights reserved.
+--------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iF4EAREIAAYFAk6Lea8ACgkQQXnnBKKRMNA0ngD/YTrCWJcqWdQPhUgRQJ6JDiJ3
lHmHHV2R88T0nBkizSoA/1Ikga6duN8/E+n1LJjk7LznS8uLqJ3I5X6JBZTyxSf8
=kF3r
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/