Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Apple updates iPod Touch + Bonjour for Windows - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Apple updates iPod Touch + Bonjour for Windows

APPLE-SA-2008-09-09 iPod touch v2.1 and APPLE-SA-2009-09-09 Bonjour for Windows 1.0.5 issued today.

Bonjour for Windows 1.0.5 is now available and addresses the following issues:
mDNSResponder CVE-ID:  CVE-2008-2326 and CVE-2008-3630

Impact is DNS cache poisoning and application termination. Download here.

iPod touch v2.1 is now available and addresses the following issues:
Application Sandbox CVE-ID:  CVE-2008-3631
CoreGraphics CVE-ID:  CVE-2008-1806, CVE-2008-1807, CVE-2008-1808
mDNSResponder CVE-ID:  CVE-2008-1447
Networking CVE-ID:  CVE-2008-3612
WebKit CVE-ID:  CVE-2008-3632

Impact varies from arbitrary code execution, disclosure of data, session hijacking, and DNS cache poisoning.

"Installation note:

This update is only available through iTunes, and will not appear in
your computer's Software Update application, or in the Apple
Downloads site. Make sure you have an internet connection and have
installed the latest version of iTunes from "

Information will also be posted to the Apple Security Updates
web site:

Patch now!

Adrien de Beaupré

Adrien de Beaupre

353 Posts
ISC Handler
Sep 10th 2008

Sign Up for Free or Log In to start participating in the conversation!