-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-09-20-7 iTunes 12.5.1 for Windows
The iTunes 12.5.1 for Windows advisory has been released to describe the entries below: WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A parsing issue existed in the handling of error prototypes. This was addressed through improved validation. CVE-2016-4728: Daniel Divricean Entry added September 20, 2016 WebKit Available for: Windows 7 and later Impact: Visiting a maliciously crafted website may leak sensitive data Description: A permissions issue existed in the handling of the location variable. This was addressed though additional ownership checks. CVE-2016-4758: Masato Kinugawa of Cure53 Entry added September 20, 2016 WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4759: Tongbo Luo of Palo Alto Networks CVE-2016-4762: Zheng Huang of Baidu Security Lab CVE-2016-4766: Apple CVE-2016-4767: Apple CVE-2016-4768: Anonymous working with Trend Micro's Zero Day Initiative Entry added September 20, 2016 WebKit Available for: Windows 7 and later Impact: A malicious website may be able to access non-HTTP services Description: Safari's support of HTTP/0.9 allowed cross-protocol exploitation of non-HTTP services using DNS rebinding. The issue was addressed by restricting HTTP/0.9 responses to default ports and canceling resource loads if the document was loaded with a different HTTP protocol version. CVE-2016-4760: Jordan Milne Entry added September 20, 2016 WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved state management. CVE-2016-4765: Apple Entry added September 20, 2016 WebKit Available for: Windows 7 and later Impact: An attacker in a privileged network position may be able to intercept and alter network traffic to applications using WKWebView with HTTPS Description: A certificate validation issue existed in the handling of WKWebView. This issue was addressed through improved validation. CVE-2016-4763: an anonymous researcher Entry added September 20, 2016 WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4769: Tongbo Luo of Palo Alto Networks Entry added September 20, 2016 iTunes 12.5.1 for Windows may be obtained from: https://www.apple.com/itunes/download/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJX4YajAAoJEIOj74w0bLRGr/wQAIHNxCUBqgM8tAzB/NSHg1ya QNXaeYT93j0CfzBHfuc9oAOSBfYbV0DM9/Vtj6MbYBl+z2NjEG1tBqEGpUP4m8Pj 9rCyVTyAbpK83xO3gArEmxR6YgE7DIdlP69dX3Fn4xIC96K71anYDIkdNaseml5S +nagEtS2KFcDKrIrKFZCzyuKxyiWKqhEKBgo4WQpjsFvXTf/gZCd7wjMQgVRBxUM NczHETeWAFg3uUoIB6R7bDwAJoEP7edWvQQUSd/vHQqcqJfqf98HwJnRXsrfIUVr wcyX0HIDbwdmw87CiQyqWwZ9TDc5PRg1PRp4b+wxnerNVocYxJOE7Nwpnk9JBvEj IuG6IsM9qEWwajvS35w9tQ0YObITXo/ilFRImqg/NwoCVl3BOS1niiyZA5Kc4ghI eXTbPHRL/9sRSxGWuEpkl1PSTsKpXx0FRm2q67bG/9VQmexPdM4ghzae4ENhOSWv pc8mvLH9cp1XKAbc1Qhsk5tJSH3RHM9GFtMbeVAFMsYbVMD+tVssj4WYr8BiJg1x q+zaYpMF9mMtZONtr7KUJUuNLKKyvv4nZBm1GbZ9gz8glLQGlykmWU3dcXhxfulL hzAnk3FHVvGs6yYoJASY0WFMPLNz/7XZMS+Pm5MkTCdUJ1H6wvmUGdgchFp2bR2P tOUXttL4qy5/8JByAW2+ =Ijgf -----END PGP SIGNATURE----- _______________________________________________ Do not post admin requests to the list. They will be ignored. Security-announce mailing list (Security-announce@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/security-announce/archive%40mail-archive.com This email sent to arch...@mail-archive.com