Knowledge base

About the security content of iTunes 10.5

Posted in Apple iTunes

WebKit

Available for: Windows 7, Vista, XP SP2 or later

Impact: A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution.

Description: Multiple memory corruption issues existed in WebKit.

CVE-ID

CVE-2010-1823 : David Weston of Microsoft and Microsoft Vulnerability Research (MSVR), wushi of team509, and Yong Li of Research In Motion Ltd.

CVE-2011-0164 : Apple.

CVE-2011-0218 : SkyLined of Google Chrome Security Team.

CVE-2011-0221 : Abhishek Arya (Inferno) of Google Chrome Security Team.

CVE-2011-0222 : Nikita Tarakanov and Alex Bazhanyuk of the CISS Research Team, and Abhishek Arya (Inferno) of Google Chrome Security Team.

CVE-2011-0223 : Jose A. Vazquez of spa-s3c.blogspot.com working with iDefense VCP.

CVE-2011-0225 : Abhishek Arya (Inferno) of Google Chrome Security Team.

CVE-2011-0232 : J23 working with TippingPoint's Zero Day Initiative.

CVE-2011-0233 : wushi of team509 working with TippingPoint's Zero Day Initiative.

CVE-2011-0234 : Rob King working with TippingPoint's Zero Day Initiative, wushi of team509 working with TippingPoint's Zero Day Initiative, wushi of team509 working with iDefense VCP.

CVE-2011-0235 : Abhishek Arya (Inferno) of Google Chrome Security Team.

CVE-2011-0237 : wushi of team509 working with iDefense VCP.

CVE-2011-0238 : Adam Barth of Google Chrome Security Team.

CVE-2011-0240 : wushi of team509 working with iDefense VCP.

CVE-2011-0253 : Richard Keen.

CVE-2011-0254 : An anonymous researcher working with TippingPoint's Zero Day Initiative.

CVE-2011-0255 : An anonymous researcher working with TippingPoint's Zero Day Initiative.

CVE-2011-0981 : Rik Cabanier of Adobe Systems, Inc.

CVE-2011-0983 : Martin Barbella.

CVE-2011-1109 : Sergey Glazunov.

CVE-2011-1114 : Martin Barbella.

CVE-2011-1115 : Martin Barbella.

CVE-2011-1117 : wushi of team509.

CVE-2011-1121 : miaubiz.

CVE-2011-1188 : Martin Barbella.

CVE-2011-1203 : Sergey Glazunov.

CVE-2011-1204 : Sergey Glazunov.

CVE-2011-1288 : Andreas Kling of Nokia.

CVE-2011-1293 : Sergey Glazunov.

CVE-2011-1296 : Sergey Glazunov.

CVE-2011-1440 : Jose A. Vazquez of spa-s3c.blogspot.com.

CVE-2011-1449 : Marek Majkowski.

CVE-2011-1451 : Sergey Glazunov.

CVE-2011-1453 : wushi of team509 working with TippingPoint's Zero Day Initiative.

CVE-2011-1457 : John Knottenbelt of Google.

CVE-2011-1462 : wushi of team509.

CVE-2011-1797 : wushi of team509.

CVE-2011-2338 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer.

CVE-2011-2339 : Cris Neckar of the Google Chrome Security Team.

CVE-2011-2341 : Apple.

CVE-2011-2351 : miaubiz.

CVE-2011-2352 : Apple.

CVE-2011-2354 : Apple.

CVE-2011-2356 : Adam Barth and Abhishek Arya of Google Chrome Security Team using AddressSanitizer.

CVE-2011-2359 : miaubiz.

CVE-2011-2788 : Mikolaj Malecki of Samsung.

CVE-2011-2790 : miaubiz.

CVE-2011-2792 : miaubiz.

CVE-2011-2797 : miaubiz.

CVE-2011-2799 : miaubiz.

CVE-2011-2809 : Abhishek Arya (Inferno) of Google Chrome Security Team.

CVE-2011-2811 : Apple.

CVE-2011-2813 : Cris Neckar of Google Chrome Security Team using AddressSanitizer.

CVE-2011-2814 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer.

CVE-2011-2815 : SkyLined of Google Chrome Security Team.

CVE-2011-2816 : Apple.

CVE-2011-2817 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer.

CVE-2011-2818 : Martin Barbella.

CVE-2011-2820 : Raman Tenneti and Philip Rogers of Google.

CVE-2011-2823 : SkyLined of Google Chrome Security Team.

CVE-2011-2827 : miaubiz.

CVE-2011-2831 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer.

CVE-2011-3232 : Aki Helin of OUSPG.

CVE-2011-3233 : Sadrul Habib Chowdhury of the Chromium development community, Cris Neckar and Abhishek Arya (Inferno) of Google Chrome Security Team.

CVE-2011-3234 : miaubiz.

CVE-2011-3235 : Dimitri Glazkov, Kent Tamura, Dominic Cooney of the Chromium development community, and Abhishek Arya (Inferno) of Google Chrome Security Team.

CVE-2011-3236 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer.

CVE-2011-3237 : Dimitri Glazkov, Kent Tamura, Dominic Cooney of the Chromium development community, and Abhishek Arya (Inferno) of Google Chrome Security Team.

CVE-2011-3238 : Martin Barbella.

CVE-2011-3239 : Slawomir Blazek.

CVE-2011-3241 : Apple.

CVE-2011-3244 : vkouchna.

Read more http://support.apple.com/kb/HT4981