Threat Level: green Handler on Duty: Mark Hofman

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Apple updates iPod Touch + Bonjour for Windows

Published: 2008-09-10
Last Updated: 2008-09-10 04:15:16 UTC
by Adrien de Beaupre (Version: 1)
0 comment(s)

APPLE-SA-2008-09-09 iPod touch v2.1 and APPLE-SA-2009-09-09 Bonjour for Windows 1.0.5 issued today.

Bonjour for Windows 1.0.5 is now available and addresses the following issues:
mDNSResponder CVE-ID:  CVE-2008-2326 and CVE-2008-3630

Impact is DNS cache poisoning and application termination. Download here.

iPod touch v2.1 is now available and addresses the following issues:
Application Sandbox CVE-ID:  CVE-2008-3631
CoreGraphics CVE-ID:  CVE-2008-1806, CVE-2008-1807, CVE-2008-1808
mDNSResponder CVE-ID:  CVE-2008-1447
Networking CVE-ID:  CVE-2008-3612
WebKit CVE-ID:  CVE-2008-3632

Impact varies from arbitrary code execution, disclosure of data, session hijacking, and DNS cache poisoning.

"Installation note:

This update is only available through iTunes, and will not appear in
your computer's Software Update application, or in the Apple
Downloads site. Make sure you have an internet connection and have
installed the latest version of iTunes from www.apple.com/itunes/ "

Information will also be posted to the Apple Security Updates
web site:  http://support.apple.com/kb/HT1222

Patch now!

Cheers,
Adrien de Beaupré
intru-shun.ca

0 comment(s)
Diary Archives