-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-10-07-2 iTunes for Windows 12.10.1 iTunes for Windows 12.10.1 is now available and addresses the following: UIFoundation Available for: Windows 7 and later Impact: Processing a maliciously crafted text file may lead to arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-8745: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved state management. CVE-2019-8625: Sergei Glazunov of Google Project Zero CVE-2019-8719: Sergei Glazunov of Google Project Zero WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-8707: an anonymous researcher working with Trend Micro's Zero Day Initiative, cc working with Trend Micro Zero Day Initiative CVE-2019-8720: Wen Xu of SSLab at Georgia Tech CVE-2019-8726: Jihui Lu of Tencent KeenLab CVE-2019-8733: Sergei Glazunov of Google Project Zero CVE-2019-8735: G. Geshev working with Trend Micro Zero Day Initiative CVE-2019-8763: Sergei Glazunov of Google Project Zero Additional recognition Software Update We would like to acknowledge Michael Gorelik (@smgoreli) of Morphisec (morphisec.com) for their assistance. WebKit We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) and Zhihua Yao of DBAPPSecurity Zion Lab for their assistance. Installation note: iTunes for Windows 12.10.1 may be obtained from: https://www.apple.com/itunes/download/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl2biHQpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQBz4uGe3y0M2l2w/8 CFBwglpJCrfPpY9BoPkHRgMEWB+9hPfa3PQ5R4+OhXkT19UKFDwkhCFqgDgPS98o e7QVX9224AIdVDK3ZiViq7O4ToFiJDOYUEu9xdMAqH3qhY7lvBbaUijs3fH6DNFQ KhiNHhhbZyMc73p9wd03ykASA0VFwLXg0YS0SdQNlKCqKe988+87t02NlvDuVlQB VR47deoDbeYg51HmUU2a3sD5l/IVHWan9Vzya+rCUpdUpOHTI2kow0B2+AQbZT0C FUx0qBze8i6WE8An3E/rEJ2gz2wLpyGXDwQfNyZ/4cmyV7U6PjiYf9JIWE3T2nOm FHZUEYvYejNqaFe0tIulsq4IqEE8f3vszKPkRkYsuFYASN/3EYVSlqoHEEpw58bm 8JvRDloxlJwIgA6hRaDalzDDRJaDOR2oWL4L0vhi+JEO57cKZb6KciUEsOX4xb7Z 6BxCVAFzz2NFn8qnVx8QHP+L5DMFioJTkyhx+hxjYpKSpygrXob1BZnwnqlP1aS0 9tjZhQx4+/lULGoh88ICJWDQDwQmyTxgWGuYj5VZ1HYjSuBzlZ7/+CZiD6dM37jS CYSFG7xRV3bb+mHQaBmEa8pKUkpjbU8hVOcipT5kEPb2MLlakNrjtxo/VYA4aPKI n1x9sk0QBlyxN1hI/ayKHV0JsnnXFJHArIiBTcLm/lc= =kwOT -----END PGP SIGNATURE-----
