Apple Releases iTunes 8.2 and QuickTime 7.6.2
Apple has released iTunes 8.2 and QuickTime 7.6.2 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.
US-CERT encourages users to review Apple articles HT3592 and HT3591 and apply any necessary updates to help mitigate the risks.
Available for: Mac OS X v10.4.10 or later, Mac OS X Server v10.4.10 or later, Windows Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A stack buffer overflow exists in iTunes when parsing “itms:” URLs. Accessing a maliciously crafted “itms:” URL may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Will Drewry for reporting this issue.
Comments Off
Research In Motion has released security advisory KB18327 to address multiple vulnerabilities in the PDF distiller of the BlackBerry Attachment Service. By convincing a user to open a specially crafted PDF file on a BlackBerry smartphone, an attacker may be able to execute arbitrary code on the computer hosting the BlackBerry Attachment Service.
US-CERT encourages users and administrators to review BlackBerry security advisory KB18327 and apply the update or implement the workarounds provided in the document to help mitigate the risks.
Comments Off
Research In Motion has released a Security Advisory to address a vulnerability in the BlackBerry Application Web Loader ActiveX control. By convincing a user to view a specially crafted HTML document, an attacker may be able to execute arbitrary code with the privileges of the user. The attacker could also cause Internet Explorer to crash.
US-CERT encourages users to review BlackBerry Security Advisory KB16248 and apply the resolution or implement the workaround listed in the document to help mitigate the risk.
Comments Off