I. Overview
Apple has released iTunes 10.6.3 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.
iTunes 10.6.3
- iTunes
Available for: Mac OS X v10.5.8 or later, Windows 7, Vista, XP SP2 or later
Impact: Importing a maliciously crafted .m3u playlist may lead to an unexpected application termination or arbitrary code execution
Description: A heap buffer overflow existed in the handling of .m3u playlists.
CVE-ID
CVE-2012-0677 : Gjoko Krstic of Zero Science Lab
- WebKit
Available for: Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in WebKit.
CVE-ID
CVE-2012-0672 : Adam Barth and Abhishek Arya of the Google Chrome Security Team
II. Solutions
CamCERT encourages users and administrators to review Apple Support Article HT5318 and apply any necessary updates to help mitigate the risk.
III. Contact Information
– Email: office@camcert.gov.kh
– Tel: (855) 92 335 536 – (855) 16 888 209
[message_box title=”Disclaimer” color=”yellow”]
The information provided herein is on “as is” basis, without warranty of any kind.
[/message_box]
***Disclaimer: CamCERT own some of the content. Our purpose is pure to help spread the awareness, tips or other information related to security to everyone. Even though every information is true, accurate, completed and appropriate, we make no responsibility nor warranty since everything could go wrong.
