Apple Security Advisory 2016-03-31-1 - iBooks Author 2.4.1 is now available and addresses a user information disclosure issue.
b55befebaaba63ec80fb713093a046f8b3619d5c9ad4dd7308d2a7175d0a176b
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-03-31-1 iBooks Author 2.4.1
iBooks Author 2.4.1 is now available and addresses the following:
iBooks Author
Available for: OS X Yosemite v10.10 or later
Impact: Parsing a maliciously crafted iBooks Author file may lead to
disclosure of user information
Description: An XML external entity reference issue existed with
iBook Author parsing. This issue was addressed through improved
parsing.
CVE-ID
CVE-2016-1789 : Behrouz Sadeghipour (@Nahamsec) and Patrik Fehrenbach
(@ITSecurityguard)
iBooks Author 2.4.1 may be obtained from the App Store.
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT201222
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJW/ZD8AAoJEBcWfLTuOo7t0tEP/jOndtapfdeu3rZ9jz8kvC0U
llXs4fFSacP++PWNAtLbh5zVf619YIicylTUVtGI2jAv2HPZNQN0r3K48e6Oa7Pr
LOPk1zR+jcU+0pn72lnO/0OzUdpa+lWoY+K2pnEbP40dBMM8OBO6oQzhHhWquZSE
N8jM+A2eO+UoxpfHFSopNmOnrVqvJCFTUYhlS8e2uYAPsZglZkPA20Z7VSju+sLA
HGvu3TB771dv3TpL+3kScYhH/yChEmFFHa5rG51C7UHgTLbfSYLcABRGpmNyyufa
p+nfqGuRc5CY67XacmcXqxJ3iqYjDlCNqcQl0HtCf+wZFky2xdBJ6G7ASbyDDeFP
APkisPOt6O+sYtfRiDKs8bqZiey2PR6ft2/1n4FMJv19VOTmhnlG7J1RWQm2ObOg
HCEYej6D21uzpRwbL9Ott5LF7uguHIW96g/ezZw7Q3TAWVbSDaFmxy8y1Fu5xSyo
+5vivMoPo4NME6NYU0SYxb/FzzcPv6VyeP+et2rgADcOwYieN3lQiRJRLWgODwgt
jcw/QVViq9hNIYIocjr4kXpD324SPhJdm55oDA98xJenlcxV7Uy8pEsbr2j2/+yK
E9Fn633U8YttSnqHqKgjQVLv5mBuDLzEG4HbR3FQNWMUBN6btUL9gY6acH75FP4p
/9/+EO8HZte9pHuNjeTk
=/Ihd
-----END PGP SIGNATURE-----