Apple Releases Multiple Security Updates

Friday, March 09, 2012

Headlines

69dafe8b58066478aea48f3d0f384820

 

Apple has released security updates for Apple iOS, Apple TV, and iTunes to address multiple vulnerabilities for the following products.

Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or bypass security restrictions.

Affected products:

  • Apple TV (2nd generation)
  • iPhone 3GS
  • iPhone 4 and 4S
  • iPod Touch (3rd generation)
  • iPad and iPad 2, and
  • iTunes for Windows 7, Vista, and XP service pack 2 or later.

US-CERT encourages users and administrators to review the following Apple articles and apply any necessary updates to help mitigate the risks.

Apple TV 5.0 - HT5193:

  • Available for: Apple TV (2nd generation)
  • Impact: Applications that use the libresolv library may be vulnerable to an unexpected application termination or arbitrary code execution
  • Description: An integer overflow existed in the handling of DNS resource records, which may lead to heap memory corruption.

iTunes 10.6 - HT5191:

  • Available for: Windows 7, Vista, XP SP2 or later
  • Impact: A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution
  • Description: Multiple memory corruption issues existed in WebKit.

iOS 5.1 Software Update - HT5192:

Includes updates for:

  • CFNetwork
  • HFS
  • Kernel
  • libresolv
  • Passcode Lock
  • Safari
  • Siri
  • VPN
  • WebKit

Source:  http://www.us-cert.gov/current/index.html#apple_releases_multiple_security_updates2

Possibly Related Articles:
5489
Operating Systems
Apple iPhone Patching Vulnerabilities Headlines CERT iOS updates Apple TV
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.