[VIM] VUPEN Security Research - Apple iTunes ColorSync Profile Integer Overflow Vulnerability
security curmudgeon
jericho at attrition.org
Sat Apr 3 00:18:55 UTC 2010
Hi Apple,
: VUPEN Security Research - Apple iTunes ColorSync Profile Integer
: Overflow Vulnerability
:
: "iTunes is a free application for Mac or PC. It organizes and plays
: digital music and video on computers. It syncs all media files with
: iPod, iPhone, and Apple TV." from Apple.com
The apple advisory says this is a Safari vuln, while the VUPEN advisory
says iTunes:
http://support.apple.com/kb/HT4070
Safari 4.0.5
ColorSync
CVE-ID: CVE-2010-0040
Available for: Windows 7, Vista, XP
The VUPEN timeline says both are affected:
: 2010-03-12 - Vulnerability Fixed in Safari v4.0.5
: 2010-03-31 - Vulnerability Fixed in iTunes v9.1
Can Apple confirm this affects both, and if the iTunes is a Windows only
issue?
Brian
OSVDB.org
More information about the VIM
mailing list