Apple Security Advisory 2015-10-21-5 - iTunes 12.3.1 is now available and addresses multiple memory corruption vulnerabilities.
63fc1ae7492cff25005f313015f56cd3c31cf5cb82252a94357d21d3ef7330c2
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2015-10-21-5 iTunes 12.3.1
iTunes 12.3.1 is now available and addresses the following:
iTunes
Available for: Windows 7 and later
Impact: A man-in-the-middle attack while browsing the iTunes Store
via iTunes may result in unexpected application termination or
arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-5928 : Apple
CVE-2015-5929 : Apple
CVE-2015-5930 : Apple
CVE-2015-5931
CVE-2015-7002 : Apple
CVE-2015-7011 : Apple
CVE-2015-7012 : Apple
CVE-2015-7013 : Apple
CVE-2015-7014
iTunes
Available for: Windows 7 and later
Impact: Applications that use CoreText may be vulnerable to
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in the
processing of text files. These issues were addressed through
improved memory handling.
CVE-ID
CVE-2015-6975 : John Villamil (@day6reak), Yahoo Pentest Team
CVE-2015-6992 : John Villamil (@day6reak), Yahoo Pentest Team
CVE-2015-7017 : John Villamil (@day6reak), Yahoo Pentest Team
Installation note:
iTunes 12.3.1 may be obtained from:
http://www.apple.com/itunes/download/
You may also update to the latest version of iTunes via Apple
Software Update, which can be found in the Start menu.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJWJuK0AAoJEBcWfLTuOo7tFqsP/i4hhZ9050OUg8jdzLx7ql9b
pw0VB3uCssp4c7m6U/Dr90sgAAG1BRqNZF5jE0ItWfaeVxUtny9iHvj9MF5mhU4O
1hd/+f9iVeA2chOi63jVBYl/RTON/HLG0EukNAt57H7UNcnpGOJMwPxciDgHb5mi
GEQEo3Q9bM2B9ReMcxCenVWBJ+e02l4iAqFBeV09BgAYvbaTvAQamjSeXkKyodI3
AkHmUuq6qWx9ka3EcMkEtm/agI2fKewlfI3WgpotkBx2lrZGUeFiuD21Nmq0diL8
O6tWt3FG4FsdrbPN7rm1NtPQq+fAnHn3EWCrpz32LB6Dh6NTqTLLesVDD5BCCK4p
TanM1TlaRPVuBxg6oCLreNN8IHAx25vhCLEsAw9GMl5JRhmBL9IjTczt91zFAAjX
fdW1bhq2O283MrRqZxvJW3eBti4IMr+cZtP9+OdlK+8zGx91LdvWNcuMS5Eg2W5T
Auwf4ZfHmVCX5DDe2wgeUqe14eTpDomCI4S4utyh6jVtA0+b7V7FEBVlqc760ThO
Gj7W4it3Ljosw6/VQodEPDiesbvhw+Cn7FcTHKxV7fgz+tLFSlEcox5BU0m/ardJ
xWJ6c7qrT8TKkE4wYGHWljhWx7o6SkU/60BYZo5FNAYllYC1bp2rQTa7G79fjMvM
eXiT4RZimmMNlbqwFKHQ
=4LVn
-----END PGP SIGNATURE-----