Knowledge base

About the security content of iTunes 10.6

Posted in Apple iTunes

WebKit

Available for: Windows 7, Vista, XP SP2 or later

Impact: A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution

Description: Multiple memory corruption issues existed in WebKit.

CVE-ID

CVE-2011-2825 : wushi of team509 working with TippingPoint's Zero Day Initiative

CVE-2011-2833 : Apple

CVE-2011-2846 : Arthur Gerkis, miaubiz

CVE-2011-2847 : miaubiz, Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer

CVE-2011-2854 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer

CVE-2011-2855 : Arthur Gerkis, wushi of team509 working with iDefense VCP

CVE-2011-2857 : miaubiz

CVE-2011-2860 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer

CVE-2011-2866 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer

CVE-2011-2867 : Dirk Schulze

CVE-2011-2868 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer

CVE-2011-2869 : Cris Neckar of Google Chrome Security Team using AddressSanitizer

CVE-2011-2870 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer

CVE-2011-2871 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer

CVE-2011-2872 : Abhishek Arya (Inferno) and Cris Neckar of Google Chrome Security Team using AddressSanitizer

CVE-2011-2873 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer

CVE-2011-2877 : miaubiz

CVE-2011-3885 : miaubiz

CVE-2011-3888 : miaubiz

CVE-2011-3897 : pa_kt working with TippingPoint's Zero Day Initiative

CVE-2011-3908 : Aki Helin of OUSPG

CVE-2011-3909 : Google Chrome Security Team (scarybeasts) and Chu

CVE-2012-0591 : miaubiz, and Martin Barbella

CVE-2012-0592 : Alexander Gavrun working with TippingPoint's Zero Day Initiative

CVE-2012-0593 : Lei Zhang of the Chromium development community

CVE-2012-0594 : Adam Klein of the Chromium development community

CVE-2012-0595 : Apple

CVE-2012-0596 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer

CVE-2012-0597 : miaubiz

CVE-2012-0598 : Sergey Glazunov

CVE-2012-0599 : Dmytro Gorbunov of SaveSources.com

CVE-2012-0600 : Marshall Greenblatt, Dharani Govindan of Google Chrome, miaubiz, Aki Helin of OUSPG, Apple

CVE-2012-0601 : Apple

CVE-2012-0602 : Apple

CVE-2012-0603 : Apple

CVE-2012-0604 : Apple

CVE-2012-0605 : Apple

CVE-2012-0606 : Apple

CVE-2012-0607 : Apple

CVE-2012-0608 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer

CVE-2012-0609 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer

CVE-2012-0610 : miaubiz, Martin Barbella using AddressSanitizer

CVE-2012-0611 : Martin Barbella using AddressSanitizer

CVE-2012-0612 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer

CVE-2012-0613 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer

CVE-2012-0614 : miaubiz, Martin Barbella using AddressSanitizer

CVE-2012-0615 : Martin Barbella using AddressSanitizer

CVE-2012-0616 : miaubiz

CVE-2012-0617 : Martin Barbella using AddressSanitizer

CVE-2012-0618 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer

CVE-2012-0619 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer

CVE-2012-0620 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer

CVE-2012-0621 : Martin Barbella using AddressSanitizer

CVE-2012-0622 : Dave Levin and Abhishek Arya of the Google Chrome Security Team

CVE-2012-0623 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer

CVE-2012-0624 : Martin Barbella using AddressSanitizer

CVE-2012-0625 : Martin Barbella

CVE-2012-0626 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer

CVE-2012-0627 : Apple

CVE-2012-0628 : Slawomir Blazek, miaubiz, Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer

CVE-2012-0629 : Abhishek Arya (Inferno) of Google Chrome Security Team

CVE-2012-0630 : Sergio Villar Senin of Igalia

CVE-2012-0631 : Abhishek Arya (Inferno) of Google Chrome Security Team

CVE-2012-0632 : Cris Neckar of the Google Chrome Security Team using AddressSanitizer

CVE-2012-0633 : Apple

CVE-2012-0634 : wushi of team509 working with TippingPoint's Zero Day Initiative

CVE-2012-0635 : Julien Chaffraix of the Chromium development community, Martin Barbella using AddressSanitizer

CVE-2012-0636 : Jeremy Apthorp of Google, Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer

CVE-2012-0637 : Apple

CVE-2012-0638 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer

CVE-2012-0639 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer

CVE-2012-0648 : Apple

Read more http://support.apple.com/kb/HT5191