This document describes the security content of iTunes 11.0.3, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.
(Toy Head-Quarters) (NASDAQ: THQI) was an international American video game developer and publisher. Founded in 1989, the company developed products for video game consoles, handheld game systems, as well as for personal computers and wireless devices. Responsible for publishing the Metro 2033 video game, they were scheduled to publishMetro: Last Light.After several years of financial. THQ was an American video game publisher.The company published both internally created and externally licensed content in its product portfolio.THQ's internally created game series included Darksiders, De Blob, Destroy All Humans!, MX vs. ATV, Red Faction, and Saints Row, among others.The company also held exclusive, long-term licensing agreements with sports and entertainment content. IOS was originally designed for use on its iPhone devices such as iPhone, iPad, iPod etc. The iOS is available only on Apple's own manufactured devices because the company does not give the license to any third party hardware. Apple iOS is derived from Apple's Mac OS X operating system.
For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.
For information about the Apple Product Security PGP Key, see 'How to use the Apple Product Security PGP Key.'
Where possible, CVE IDs are used to reference the vulnerabilities for further information.
To learn about other Security Updates, see 'Apple Security Updates'.
iTunes
Available for: Mac OS X v10.6.8 or later, Windows 7, Vista, XP SP2 or later
Impact: An attacker in a privileged network position may manipulate HTTPS server certificates, leading to the disclosure of sensitive information
Description: A certificate validation issue existed in iTunes. In certain contexts, an active network attacker could present untrusted certificates to iTunes and they would be accepted without warning. This issue was resolved by improved certificate validation.
CVE-ID
CVE-2013-1014 : Christopher of ThinkSECURE Pte Ltd, Christopher Hickstein of University of Minnesota
iTunes
Available for: Windows 7, Vista, XP SP2 or later
Impact: A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.
CVE-ID
CVE-2012-2824 : miaubiz
CVE-2012-2857 : Arthur Gerkis
CVE-2012-3748 : Joost Pol and Daan Keuper of Certified Secure working with HP TippingPoint's Zero Day Initiative
CVE-2012-5112 : Pinkie Pie working with Google's Pwnium 2 contest
CVE-2013-0879 : Atte Kettunen of OUSPG
CVE-2013-0912 : Nils and Jon from MWR Labs working with HP TippingPoint's Zero Day Initiative
CVE-2013-0948 : Abhishek Arya (Inferno) of the Google Chrome Security Team
CVE-2013-0949 : Abhishek Arya (Inferno) of the Google Chrome Security Team
CVE-2013-0950 : Abhishek Arya (Inferno) of the Google Chrome Security Team
CVE-2013-0951 : Apple
CVE-2013-0952 : Abhishek Arya (Inferno) of the Google Chrome Security Team
CVE-2013-0953 : Abhishek Arya (Inferno) of the Google Chrome Security Team
CVE-2013-0954 : Dominic Cooney of Google and Martin Barbella of the Google Chrome Security Team
CVE-2013-0955 : Apple
CVE-2013-0956 : Apple Product Security
CVE-2013-0958 : Abhishek Arya (Inferno) of the Google Chrome Security Team
CVE-2013-0959 : Abhishek Arya (Inferno) of the Google Chrome Security Team
CVE-2013-0960 : Apple
CVE-2013-0961 : wushi of team509 working with iDefense VCP
CVE-2013-0991 : Jay Civelli of the Chromium development community
CVE-2013-0992 : Google Chrome Security Team (Martin Barbella)
CVE-2013-0993 : Google Chrome Security Team (Inferno)
CVE-2013-0994 : David German of Google
CVE-2013-0995 : Google Chrome Security Team (Inferno)
CVE-2013-0996 : Google Chrome Security Team (Inferno)
CVE-2013-0997 : Vitaliy Toropov working with HP TippingPoint's Zero Day Initiative
CVE-2013-0998 : pa_kt working with HP TippingPoint's Zero Day Initiative
CVE-2013-0999 : pa_kt working with HP TippingPoint's Zero Day Initiative
CVE-2013-1000 : Fermin J. Serna of the Google Security Team
CVE-2013-1001 : Ryan Humenick
CVE-2013-1002 : Sergey Glazunov
CVE-2013-1003 : Google Chrome Security Team (Inferno)
CVE-2013-1004 : Google Chrome Security Team (Martin Barbella)
CVE-2013-1005 : Google Chrome Security Team (Martin Barbella)
CVE-2013-1006 : Google Chrome Security Team (Martin Barbella)
CVE-2013-1007 : Google Chrome Security Team (Inferno)
CVE-2013-1008 : Sergey Glazunov
CVE-2013-1010 : miaubiz
CVE-2013-1011 : Google Chrome Security Team (Inferno)
Ponybooru ain't free mate - help support us financially!
Description:
Loading...
Small thumbnail Copy
Thumbnail Copy
Preview Copy
Full size BBcode Copy
Thumbnailed BBcode Copy