Twenty Year Anniversary

Apple Security Advisory 2015-09-16-3

Apple Security Advisory 2015-09-16-3
Posted Sep 19, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-09-16-3 - iTunes 12.3 is now available and addresses code execution, application termination, memory corruption, and various other vulnerabilities.

tags | advisory, vulnerability, code execution
systems | apple
advisories | CVE-2010-3190, CVE-2014-8146, CVE-2015-1152, CVE-2015-1153, CVE-2015-1157, CVE-2015-1205, CVE-2015-3686, CVE-2015-3687, CVE-2015-3688, CVE-2015-3730, CVE-2015-3731, CVE-2015-3733, CVE-2015-3734, CVE-2015-3735, CVE-2015-3736, CVE-2015-3737, CVE-2015-3738, CVE-2015-3739, CVE-2015-3740, CVE-2015-3741, CVE-2015-3742, CVE-2015-3743, CVE-2015-3744, CVE-2015-3745, CVE-2015-3746, CVE-2015-3747, CVE-2015-3748, CVE-2015-3749
MD5 | a6d608f78e70efc46b371a2d2b52f21a

Apple Security Advisory 2015-09-16-3

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2015-09-16-3 iTunes 12.3

iTunes 12.3 is now available and addresses the following:

iTunes
Available for: Windows 7 and later
Impact: Applications that use CoreText may be vulnerable to
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in the
processing of text files. These issues were addressed through
improved memory handling.
CVE-ID
CVE-2015-1157 : Apple
CVE-2015-3686 : John Villamil (@day6reak), Yahoo Pentest Team
CVE-2015-3687 : John Villamil (@day6reak), Yahoo Pentest Team
CVE-2015-3688 : John Villamil (@day6reak), Yahoo Pentest Team
CVE-2015-5755 : John Villamil (@day6reak), Yahoo Pentest Team
CVE-2015-5761 : John Villamil (@day6reak), Yahoo Pentest Team
CVE-2015-5874 : John Villamil (@day6reak), Yahoo Pentest Team

iTunes
Available for: Windows 7 and later
Impact: Applications that use ICU may be vulnerable to unexpected
application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in the
processing of unicode strings. These issues were addressed by
updating ICU to version 55.
CVE-ID
CVE-2014-8146
CVE-2015-1205

iTunes
Available for: Windows 7 and later
Impact: Opening a media file may lead to arbitrary code execution
Description: A security issue existed in Microsoft Foundation
Class's handling of library loading. This issue was addressed by
updating to the latest version of the Microsoft Visual C++
Redistributable Package.
CVE-ID
CVE-2010-3190 : Stefan Kanthak

iTunes
Available for: Windows 7 and later
Impact: A man-in-the-middle attack while browsing the iTunes Store
via iTunes may result in unexpected application termination or
arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-1152 : Apple
CVE-2015-1153 : Apple
CVE-2015-3730 : Apple
CVE-2015-3731 : Apple
CVE-2015-3733 : Apple
CVE-2015-3734 : Apple
CVE-2015-3735 : Apple
CVE-2015-3736 : Apple
CVE-2015-3737 : Apple
CVE-2015-3738 : Apple
CVE-2015-3739 : Apple
CVE-2015-3740 : Apple
CVE-2015-3741 : Apple
CVE-2015-3742 : Apple
CVE-2015-3743 : Apple
CVE-2015-3744 : Apple
CVE-2015-3745 : Apple
CVE-2015-3746 : Apple
CVE-2015-3747 : Apple
CVE-2015-3748 : Apple
CVE-2015-3749 : Apple
CVE-2015-5789 : Apple
CVE-2015-5790 : Apple
CVE-2015-5791 : Apple
CVE-2015-5792 : Apple
CVE-2015-5793 : Apple
CVE-2015-5794 : Apple
CVE-2015-5795 : Apple
CVE-2015-5796 : Apple
CVE-2015-5797 : Apple
CVE-2015-5798 : Apple
CVE-2015-5799 : Apple
CVE-2015-5800 : Apple
CVE-2015-5801 : Apple
CVE-2015-5802 : Apple
CVE-2015-5803 : Apple
CVE-2015-5804 : Apple
CVE-2015-5805
CVE-2015-5806 : Apple
CVE-2015-5807 : Apple
CVE-2015-5808 : Joe Vennix
CVE-2015-5809 : Apple
CVE-2015-5810 : Apple
CVE-2015-5811 : Apple
CVE-2015-5812 : Apple
CVE-2015-5813 : Apple
CVE-2015-5814 : Apple
CVE-2015-5815 : Apple
CVE-2015-5816 : Apple
CVE-2015-5817 : Apple
CVE-2015-5818 : Apple
CVE-2015-5819 : Apple
CVE-2015-5821 : Apple
CVE-2015-5822 : Mark S. Miller of Google
CVE-2015-5823 : Apple

Software Update
Impact: An attacker in a privileged network position may be able to
obtain encrypted SMB credentials
Description: A redirection issue existed in the handling of certain
network connections. This issue was addressed through improved
resource validation.
CVE-ID
CVE-2015-5920 : Cylance


iTunes 12.3 may be obtained from:
http://www.apple.com/itunes/download/

You may also update to the latest version of iTunes via Apple
Software Update, which can be found in the Start menu.

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJV+axbAAoJEBcWfLTuOo7tLSYP/1NCYHZeWYxqLnLgHgCcNRF/
iqZ7hq9UgxomXxoDVknvvWc61Z+UW6VIgGzEfzSlO9APIGC7ia1tdKl66oMEYSal
aGt5AJc9c55RuuvgF/IxgICRsuXjHsAmlQb5FPqwe2gSJYxggCfhObdQ/ShbP2kp
mV8sYiJJiKkYZqFDH17fvtAWV3GZ7CtXfneWDHlerJunbuUzWLpjWcYwbaiD/1C2
5CTohgHbTMtG2MGRacFXeYAXFhbnr6mXcxy+7Zee3B6x33/ypA/Q+KaIxPv4bssr
7XXzYin8bdMHlW6MWuCmyzJd2P/4opKvzNeyoZb1BM02k0Fb7SWDMwFA9UVovsX5
yCNKn0rg1nMhbXLjpob7G0GYfHNeGOy5PqKu3PXF++R4H5kGr9v2CZH+8dIU5+J7
LFyDSBZ4vlMsCYTRfI1PEUM6w3d+whrBl9vagVeJZG5gkSrZXftALjZsQXUhgqZH
mKDcSj/leCTbbbHMPq/NngQuUXzVRe+SJwVtSJEfQSg2yGCdBGTsjqftcOeDgVUL
vHR0KkZ4lVx5Aq48XFfXXvn5d3g+kP5pTeVbGdWFmf7XNDp3Vap5ATlTF5UF4EKt
jHPGMzWZwvEkdzDryynsTzrMR3TjTb7dDtXH6LEoKfOwIyxnH6+g8K1DbgdXgiJo
dL48EUi+MBq820BzP1fp
=cz5N
-----END PGP SIGNATURE-----

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

May 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    15 Files
  • 2
    May 2nd
    17 Files
  • 3
    May 3rd
    30 Files
  • 4
    May 4th
    29 Files
  • 5
    May 5th
    2 Files
  • 6
    May 6th
    3 Files
  • 7
    May 7th
    13 Files
  • 8
    May 8th
    27 Files
  • 9
    May 9th
    17 Files
  • 10
    May 10th
    15 Files
  • 11
    May 11th
    8 Files
  • 12
    May 12th
    2 Files
  • 13
    May 13th
    8 Files
  • 14
    May 14th
    7 Files
  • 15
    May 15th
    43 Files
  • 16
    May 16th
    19 Files
  • 17
    May 17th
    16 Files
  • 18
    May 18th
    15 Files
  • 19
    May 19th
    3 Files
  • 20
    May 20th
    7 Files
  • 21
    May 21st
    15 Files
  • 22
    May 22nd
    40 Files
  • 23
    May 23rd
    64 Files
  • 24
    May 24th
    55 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close