Apple has released security updates for Apple iOS, Apple TV, and iTunes to address multiple vulnerabilities for the following products.
Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or bypass security restrictions.
- Apple TV (2nd generation)
- iPhone 3GS
- iPhone 4 and 4S
- iPod Touch (3rd generation)
- iPad and iPad 2, and
- iTunes for Windows 7, Vista, and XP service pack 2 or later.
US-CERT encourages users and administrators to review the following Apple articles and apply any necessary updates to help mitigate the risks.
- Available for: Apple TV (2nd generation)
- Impact: Applications that use the libresolv library may be vulnerable to an unexpected application termination or arbitrary code execution
- Description: An integer overflow existed in the handling of DNS resource records, which may lead to heap memory corruption.
- Available for: Windows 7, Vista, XP SP2 or later
- Impact: A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution
- Description: Multiple memory corruption issues existed in WebKit.
Includes updates for:
- Passcode Lock