iTunes 12.5.4 업데이트

iTunes 12.5.4 for Windows

Released December 13, 2016

WebKit

Available for: Windows 7 and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: Multiple memory corruption issues were addressed through improved memory handling.

CVE-2016-4692: Apple

CVE-2016-7635: Apple

CVE-2016-7652: Apple

WebKit

Available for: Windows 7 and later

Impact: Processing maliciously crafted web content may result in the disclosure of process memory

Description: A memory corruption issue was addressed through improved state management.

CVE-2016-7656: Keen Lab working with Trend Micro’s Zero Day Initiative

WebKit

Available for: Windows 7 and later

Impact: Processing maliciously crafted web content may result in the disclosure of process memory

Description: A memory corruption issue was addressed through improved input validation.

CVE-2016-4743: Alan Cutter

WebKit

Available for: Windows 7 and later

Impact: Processing maliciously crafted web content may result in the disclosure of user information

Description: A validation issue was addressed through improved state management.

CVE-2016-7586: Boris Zbarsky

WebKit

Available for: Windows 7 and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: Multiple memory corruption issues were addressed through improved state management.

CVE-2016-7587: Adam Klein

CVE-2016-7610: Zheng Huang of the Baidu Security Lab working with Trend Micro's Zero Day Initiative

CVE-2016-7611: an anonymous researcher working with Trend Micro's Zero Day Initiative

CVE-2016-7639: Tongbo Luo of Palo Alto Networks

CVE-2016-7640: Kai Kang of Tencent's Xuanwu Lab (tencent.com)

CVE-2016-7641: Kai Kang of Tencent's Xuanwu Lab (tencent.com)

CVE-2016-7642: Tongbo Luo of Palo Alto Networks

CVE-2016-7645: Kai Kang of Tencent's Xuanwu Lab (tencent.com)

CVE-2016-7646: Kai Kang of Tencent's Xuanwu Lab (tencent.com)

CVE-2016-7648: Kai Kang of Tencent's Xuanwu Lab (tencent.com)

CVE-2016-7649: Kai Kang of Tencent's Xuanwu Lab (tencent.com)

CVE-2016-7654: Keen Lab working with Trend Micro’s Zero Day Initiative

WebKit

Available for: Windows 7 and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory corruption issue was addressed through improved state management.

CVE-2016-7589: Apple

WebKit

Available for: Windows 7 and later

Impact: Visiting a maliciously crafted website may compromise user information

Description: An issue existed in handling of JavaScript prompts. This was addressed through improved state management.

CVE-2016-7592: xisigr of Tencent's Xuanwu Lab (tencent.com)

WebKit

Available for: Windows 7 and later

Impact: Processing maliciously crafted web content may result in the disclosure of process memory

Description: An uninitialized memory access issue was addressed through improved memory initialization.

CVE-2016-7598: Samuel Groß

WebKit

Available for: Windows 7 and later

Impact: Processing maliciously crafted web content may result in the disclosure of user information

Description: An issue existed in the handling of HTTP redirects. This issue was addressed through improved cross origin validation.

CVE-2016-7599: Muneaki Nishimura (nishimunea) of Recruit Technologies Co., Ltd.

WebKit

Available for: Windows 7 and later

Impact: Visiting a maliciously crafted webpage may lead to an unexpected application termination or arbitrary code execution

Description: A memory corruption issue was addressed through improved state management.

CVE-2016-7632: Jeonghoon Shin