APPLE-SA-2015-10-21-5 iTunes 12.3.1

2015-10-25T00:00:00
ID SECURITYVULNS:DOC:32567
Type securityvulns
Reporter Securityvulns
Modified 2015-10-25T00:00:00

Description

APPLE-SA-2015-10-21-5 iTunes 12.3.1

iTunes 12.3.1 is now available and addresses the following:

iTunes Available for: Windows 7 and later Impact: A man-in-the-middle attack while browsing the iTunes Store via iTunes may result in unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5928 : Apple CVE-2015-5929 : Apple CVE-2015-5930 : Apple CVE-2015-5931 CVE-2015-7002 : Apple CVE-2015-7011 : Apple CVE-2015-7012 : Apple CVE-2015-7013 : Apple CVE-2015-7014

iTunes Available for: Windows 7 and later Impact: Applications that use CoreText may be vulnerable to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in the processing of text files. These issues were addressed through improved memory handling. CVE-ID CVE-2015-6975 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6992 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7017 : John Villamil (@day6reak), Yahoo Pentest Team

Installation note:

iTunes 12.3.1 may be obtained from: http://www.apple.com/itunes/download/

You may also update to the latest version of iTunes via Apple Software Update, which can be found in the Start menu.

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/