[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [FD] APPLE-SA-2021-09-20-9 iTunes U 3.8.3
From:       product-security-noreply--- via Fulldisclosure <fulldisclosure () seclists ! org>
Date:       2021-09-20 21:44:37
Message-ID: F5124BA2-D8CC-437F-9486-F1EC009E6B76 () lists ! apple ! com
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2021-09-20-9 iTunes U 3.8.3

iTunes U 3.8.3 addresses the following issues. Information about
the security content is also available at
https://support.apple.com/HT212809.

iTunes U
Available for: iOS 12.4 and later or iPadOS 12.4 and later
Impact: Processing a maliciously crafted URL may lead to arbitrary
javascript code execution
Description: A validation issue was addressed with improved input
sanitization.
CVE-2021-30862: Giyas Umarov (@3h6_1) of Holmdel High School

Installation note:

iTunes U 3.8.3 for iOS may be obtained from the App Store.

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmFI888ACgkQeC9qKD1p
rhjucBAAo/VGsbEPr5OuaH7BLssGjchFhRQeyuT5d2H50dyE7Y0Os3ryZFdkPfo9
Sg2gX2A5jToz5EIXEddSWO+Ecaa80Iek/Gq4/HT5YzAenOlTYHaCn5cXbsa1jgfs
0VEyGLur1j/GRb6fSENh+cXphllCuizzkIxBwMSfG36HuMmFNiAakS/hbUwBe6Fz
QaejFaKip84ZKl5xpZEQdGVMKeLwrY4zdW1Qz3KV5HPw9s20xZgmHshIf3Vn7TrN
OPZcJHYmC957IgONt+pdLq2jvIX/D7cWgx+FTgoIfyl3NpSfc0cVOUixBvnAQ+ci
SM17NRMyQuht2BNjBVePWAjHTORHuYO0o8fXFWI4GkaqzXeDJfa8G6APWOujPRQr
1u6vfc8q4ztfTEaEetZU6K0tbsF72l28QGE6yctZD91i7qOLjK53u5hEX7N/s6AR
Q2MEpWte6+3NuAWngBp65d59oCLNsm5WRuVbynxS0m743bX9yAhPSPe5gRxsTMS1
7ebusKl1CDsJ65uUc8QtmYZg2lPL+em/cvhny8h6/xYYg+YFWlJ7X2/bKnp1EPZK
6PVCd9qG8hucQq1kRpsbfCrzApAsVHZJHJibNgmYD98Au7nTCLZxMq7h9IVF5uzN
AnG5yF6UWps2UlZhB3k2P5lqTHurOU1r3gcBL7+QUcD6H48x8lc=
=M9XX
-----END PGP SIGNATURE-----


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]