Twenty Year Anniversary

Apple Security Advisory 2015-09-16-3

Apple Security Advisory 2015-09-16-3
Posted Sep 19, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-09-16-3 - iTunes 12.3 is now available and addresses code execution, application termination, memory corruption, and various other vulnerabilities.

tags | advisory, vulnerability, code execution
systems | apple
advisories | CVE-2010-3190, CVE-2014-8146, CVE-2015-1152, CVE-2015-1153, CVE-2015-1157, CVE-2015-1205, CVE-2015-3686, CVE-2015-3687, CVE-2015-3688, CVE-2015-3730, CVE-2015-3731, CVE-2015-3733, CVE-2015-3734, CVE-2015-3735, CVE-2015-3736, CVE-2015-3737, CVE-2015-3738, CVE-2015-3739, CVE-2015-3740, CVE-2015-3741, CVE-2015-3742, CVE-2015-3743, CVE-2015-3744, CVE-2015-3745, CVE-2015-3746, CVE-2015-3747, CVE-2015-3748, CVE-2015-3749
MD5 | a6d608f78e70efc46b371a2d2b52f21a

Apple Security Advisory 2015-09-16-3

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2015-09-16-3 iTunes 12.3

iTunes 12.3 is now available and addresses the following:

iTunes
Available for: Windows 7 and later
Impact: Applications that use CoreText may be vulnerable to
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in the
processing of text files. These issues were addressed through
improved memory handling.
CVE-ID
CVE-2015-1157 : Apple
CVE-2015-3686 : John Villamil (@day6reak), Yahoo Pentest Team
CVE-2015-3687 : John Villamil (@day6reak), Yahoo Pentest Team
CVE-2015-3688 : John Villamil (@day6reak), Yahoo Pentest Team
CVE-2015-5755 : John Villamil (@day6reak), Yahoo Pentest Team
CVE-2015-5761 : John Villamil (@day6reak), Yahoo Pentest Team
CVE-2015-5874 : John Villamil (@day6reak), Yahoo Pentest Team

iTunes
Available for: Windows 7 and later
Impact: Applications that use ICU may be vulnerable to unexpected
application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in the
processing of unicode strings. These issues were addressed by
updating ICU to version 55.
CVE-ID
CVE-2014-8146
CVE-2015-1205

iTunes
Available for: Windows 7 and later
Impact: Opening a media file may lead to arbitrary code execution
Description: A security issue existed in Microsoft Foundation
Class's handling of library loading. This issue was addressed by
updating to the latest version of the Microsoft Visual C++
Redistributable Package.
CVE-ID
CVE-2010-3190 : Stefan Kanthak

iTunes
Available for: Windows 7 and later
Impact: A man-in-the-middle attack while browsing the iTunes Store
via iTunes may result in unexpected application termination or
arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-1152 : Apple
CVE-2015-1153 : Apple
CVE-2015-3730 : Apple
CVE-2015-3731 : Apple
CVE-2015-3733 : Apple
CVE-2015-3734 : Apple
CVE-2015-3735 : Apple
CVE-2015-3736 : Apple
CVE-2015-3737 : Apple
CVE-2015-3738 : Apple
CVE-2015-3739 : Apple
CVE-2015-3740 : Apple
CVE-2015-3741 : Apple
CVE-2015-3742 : Apple
CVE-2015-3743 : Apple
CVE-2015-3744 : Apple
CVE-2015-3745 : Apple
CVE-2015-3746 : Apple
CVE-2015-3747 : Apple
CVE-2015-3748 : Apple
CVE-2015-3749 : Apple
CVE-2015-5789 : Apple
CVE-2015-5790 : Apple
CVE-2015-5791 : Apple
CVE-2015-5792 : Apple
CVE-2015-5793 : Apple
CVE-2015-5794 : Apple
CVE-2015-5795 : Apple
CVE-2015-5796 : Apple
CVE-2015-5797 : Apple
CVE-2015-5798 : Apple
CVE-2015-5799 : Apple
CVE-2015-5800 : Apple
CVE-2015-5801 : Apple
CVE-2015-5802 : Apple
CVE-2015-5803 : Apple
CVE-2015-5804 : Apple
CVE-2015-5805
CVE-2015-5806 : Apple
CVE-2015-5807 : Apple
CVE-2015-5808 : Joe Vennix
CVE-2015-5809 : Apple
CVE-2015-5810 : Apple
CVE-2015-5811 : Apple
CVE-2015-5812 : Apple
CVE-2015-5813 : Apple
CVE-2015-5814 : Apple
CVE-2015-5815 : Apple
CVE-2015-5816 : Apple
CVE-2015-5817 : Apple
CVE-2015-5818 : Apple
CVE-2015-5819 : Apple
CVE-2015-5821 : Apple
CVE-2015-5822 : Mark S. Miller of Google
CVE-2015-5823 : Apple

Software Update
Impact: An attacker in a privileged network position may be able to
obtain encrypted SMB credentials
Description: A redirection issue existed in the handling of certain
network connections. This issue was addressed through improved
resource validation.
CVE-ID
CVE-2015-5920 : Cylance


iTunes 12.3 may be obtained from:
http://www.apple.com/itunes/download/

You may also update to the latest version of iTunes via Apple
Software Update, which can be found in the Start menu.

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJV+axbAAoJEBcWfLTuOo7tLSYP/1NCYHZeWYxqLnLgHgCcNRF/
iqZ7hq9UgxomXxoDVknvvWc61Z+UW6VIgGzEfzSlO9APIGC7ia1tdKl66oMEYSal
aGt5AJc9c55RuuvgF/IxgICRsuXjHsAmlQb5FPqwe2gSJYxggCfhObdQ/ShbP2kp
mV8sYiJJiKkYZqFDH17fvtAWV3GZ7CtXfneWDHlerJunbuUzWLpjWcYwbaiD/1C2
5CTohgHbTMtG2MGRacFXeYAXFhbnr6mXcxy+7Zee3B6x33/ypA/Q+KaIxPv4bssr
7XXzYin8bdMHlW6MWuCmyzJd2P/4opKvzNeyoZb1BM02k0Fb7SWDMwFA9UVovsX5
yCNKn0rg1nMhbXLjpob7G0GYfHNeGOy5PqKu3PXF++R4H5kGr9v2CZH+8dIU5+J7
LFyDSBZ4vlMsCYTRfI1PEUM6w3d+whrBl9vagVeJZG5gkSrZXftALjZsQXUhgqZH
mKDcSj/leCTbbbHMPq/NngQuUXzVRe+SJwVtSJEfQSg2yGCdBGTsjqftcOeDgVUL
vHR0KkZ4lVx5Aq48XFfXXvn5d3g+kP5pTeVbGdWFmf7XNDp3Vap5ATlTF5UF4EKt
jHPGMzWZwvEkdzDryynsTzrMR3TjTb7dDtXH6LEoKfOwIyxnH6+g8K1DbgdXgiJo
dL48EUi+MBq820BzP1fp
=cz5N
-----END PGP SIGNATURE-----

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

December 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    1 Files
  • 3
    Dec 3rd
    18 Files
  • 4
    Dec 4th
    40 Files
  • 5
    Dec 5th
    16 Files
  • 6
    Dec 6th
    50 Files
  • 7
    Dec 7th
    12 Files
  • 8
    Dec 8th
    1 Files
  • 9
    Dec 9th
    1 Files
  • 10
    Dec 10th
    15 Files
  • 11
    Dec 11th
    30 Files
  • 12
    Dec 12th
    25 Files
  • 13
    Dec 13th
    15 Files
  • 14
    Dec 14th
    14 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close