October 20, 2018

Language:

CamSA12-11: Apple has released iTunes 10.6.3 to address multiple vulnerabilities.

I. Overview 

Apple has released iTunes 10.6.3 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

iTunes 10.6.3

  • iTunes

    Available for: Mac OS X v10.5.8 or later, Windows 7, Vista, XP SP2 or later

    Impact: Importing a maliciously crafted .m3u playlist may lead to an unexpected application termination or arbitrary code execution

    Description: A heap buffer overflow existed in the handling of .m3u playlists.

    CVE-ID

    CVE-2012-0677 : Gjoko Krstic of Zero Science Lab

  • WebKit

    Available for: Windows 7, Vista, XP SP2 or later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue existed in WebKit.

    CVE-ID

    CVE-2012-0672 : Adam Barth and Abhishek Arya of the Google Chrome Security Team

II. Solutions

CamCERT encourages users and administrators to review Apple Support Article HT5318 and apply any necessary updates to help mitigate the risk.

III. Contact Information

– Email: office@camcert.gov.kh

– Tel: (855) 92 335 536 – (855) 16 888 209

[message_box title=”Disclaimer” color=”yellow”]

The information provided herein is on “as is” basis, without warranty of any kind.

[/message_box]