업데이트 : Apple iTunes 10.2.0.34

Apple사에서 제공하는 멀티미디어 플레이어에서 발견된 보안 취약점 문제를 해결한 Apple iTunes 10.2.0.34 버전이 공개되었습니다.

이번 버전에서는 libpng 포멧에서 발견된 다중 취약점, 악의적으로 조작된 JPEG / TIFF 이미지 파일을 사용자가 볼 때 발생하는 원격 코드 실행 취약점, 악의적으로 조작된 XML 파일을 처리하는 과정에서 발생하는 원격 코드 실행 취약점, Man-in-the-Middle Attack을 이용한 원격 코드 실행 취약점 등 총 57건의 보안 문제가 해결되었습니다.

세부적인 보안 취약점과 관련된 내용은 다음과 같습니다.

1. CVE-2010-1205 / CVE-2010-1205 : Multiple vulnerabilities in libpng - libpng is updated to version 1.4.3 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution.
2. CVE-2011-0170 : Viewing a maliciously crafted JPEG image may lead to an unexpected application termination or arbitrary code execution - A heap buffer overflow issue existed in ImageIO's handling of JPEG images. Viewing a maliciously crafted JPEG image may lead to an unexpected application termination or arbitrary code execution.
3. CVE-2011-0191 : Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution - A buffer overflow existed in libTIFF's handling of JPEG encoded TIFF images. Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution.
4. CVE-2011-0192 : Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution - A buffer overflow existed in libTIFF's handling of CCITT Group 4 encoded TIFF images. Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution.
5. CVE-2010-4494 : Processing a maliciously crafted XML file may lead to an unexpected application termination or arbitrary code execution - A double free issue existed in libxml's handling of XPath expressions. Processing a maliciously crafted XML file may lead to an unexpected application termination or arbitrary code execution.
6. CVE-2010-4008 : Processing a maliciously crafted XML file may lead to an unexpected application termination or arbitrary code execution - A memory corruption issue existed in libxml's XPath handling. Processing a maliciously crafted XML file may lead to an unexpected application termination or arbitrary code execution.
7. CVE-2010-1824 / CVE-2011-0111 / CVE-2011-0112 / CVE-2011-0113 / CVE-2011-0114 / CVE-2011-0115 / CVE-2011-0116 / CVE-2011-0117 / CVE-2011-0118 / CVE-2011-0119 / CVE-2011-0120 / CVE-2011-0121 / CVE-2011-0122 / CVE-2011-0123 / CVE-2011-0124 / CVE-2011-0125 / CVE-2011-0126 / CVE-2011-0127 / CVE-2011-0128 / CVE-2011-0129 / CVE-2011-0130 / CVE-2011-0131 / CVE-2011-0132 / CVE-2011-0133 / CVE-2011-0134 / CVE-2011-0135 / CVE-2011-0136 / CVE-2011-0137 / CVE-2011-0138 / CVE-2011-0139 / CVE-2011-0140 / CVE-2011-0141 / CVE-2011-0142 / CVE-2011-0143 / CVE-2011-0144 / CVE-2011-0145 / CVE-2011-0146 / CVE-2011-0147 / CVE-2011-0148 / CVE-2011-0149 / CVE-2011-0150 / CVE-2011-0151 / CVE-2011-0152 / CVE-2011-0153 / CVE-2011-0154 / CVE-2011-0155 / CVE-2011-0156 / CVE-2011-0164 / CVE-2011-0165 / CVE-2011-0168 : A man-in-the-middle attack may lead to an unexpected application termination or arbitrary code execution - Multiple memory corruption issues exist in WebKit. A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution.

해당 소프트웨어를 사용하시는 분들은 반드시 최신 버전으로 업데이트를 하시고 이용하시기 바랍니다.