Apple Releases iTunes 8.2 and QuickTime 7.6.2
Apple has released iTunes 8.2 and QuickTime 7.6.2 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.
US-CERT encourages users to review Apple articles HT3592 and HT3591 and apply any necessary updates to help mitigate the risks.
Available for: Mac OS X v10.4.10 or later, Mac OS X Server v10.4.10 or later, Windows Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A stack buffer overflow exists in iTunes when parsing “itms:” URLs. Accessing a maliciously crafted “itms:” URL may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Will Drewry for reporting this issue.
Comments Off
Mac OS X Includes Known Vulnerable Version of Java
Current releases of Mac OS X (version 10.5.7 and version 10.4.11 with security update 2009-002) include a version of Java Runtime Environment (JRE) containing known security vulnerabilities. US-CERT is aware of publicly available exploit code for one of these vulnerabilities. This vulnerability may allow untrusted applets to obtain read, write, and execute permissions to local files and applications with the privileges of the local user. A fix for this vulnerability has been released by Sun, but Mac OS X users cannot apply the fix directly. Mac OS X users must use Apple updates to obtain updated JRE versions. At this time, Apple has not yet released an update to address this issue.
US-CERT encourages Mac OS X users to disable Java in each web browser they use until a patch is available from Apple. Guidance for disabling Java can be found in the Securing Your Web Browser document. Please note that disabling Java may affect the functionality of websites that use Java.
US-CERT will provide additional information as it becomes available.
Comments Off