[VIM] VUPEN Security Research - Apple iTunes ColorSync Profile Integer Overflow Vulnerability

security curmudgeon jericho at attrition.org
Sat Apr 3 00:18:55 UTC 2010


Hi Apple,

: VUPEN Security Research - Apple iTunes ColorSync Profile Integer 
: Overflow Vulnerability
: 
: "iTunes is a free application for Mac or PC. It organizes and plays 
: digital music and video on computers. It syncs all media files with 
: iPod, iPhone, and Apple TV." from Apple.com

The apple advisory says this is a Safari vuln, while the VUPEN advisory 
says iTunes:

http://support.apple.com/kb/HT4070

Safari 4.0.5
ColorSync
CVE-ID: CVE-2010-0040
Available for: Windows 7, Vista, XP

The VUPEN timeline says both are affected:

: 2010-03-12 - Vulnerability Fixed in Safari v4.0.5
: 2010-03-31 - Vulnerability Fixed in iTunes v9.1

Can Apple confirm this affects both, and if the iTunes is a Windows only 
issue?

Brian
OSVDB.org


More information about the VIM mailing list