To protect our customers, Apple does not disclose, discuss or confirm security issues until a full investigation and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.
For information about the key security products Apple PGP, see "How do I use to protect the products Apple PGP Key."
Where possible, CVE IDs are used to reference the vulnerabilities for more information.
To learn about other Security Updates, see "Security Updates Apple».
ITunes 10,6 WebKit Available for: Windows 7, Vista, XP SP2 or later
Consequences: The man-in-the-middle attack while watching the ITunes Store via ITunes can lead to an unexpected application termination or arbitrary code execution
Description: Multiple memory corruption exist in WebKit.
CVE-ID CVE-2011-2825: wushi of team509 working with Zero Day Initiative, TippingPoint's
CVE-2011-2833: Apple
CVE-2011-2846: Arthur Gerkis, miaubiz
CVE-2011-2847: miaubiz, Abhishek Arya (Inferno) from the Google Chrome team safety of AddressSanitizer
CVE-2011-2854: Abhishek Arya (Inferno) from the Google Chrome Security Team using AddressSanitizer
CVE-2011-2855: Arthur Gerkis, wushi of team509 working with iDefense VCP
CVE-2011-2857: miaubiz
CVE-2011-2860: Abhishek Arya (Inferno) from the Google Chrome Security Team using AddressSanitizer
CVE-2011-2866: Abhishek Arya (Inferno) from the Google Chrome Security Team using AddressSanitizer
CVE-2011-2867: Dirk Schulze
CVE-2011-2868: Abhishek Arya (Inferno) from the Google Chrome Security Team using AddressSanitizer
CVE-2011-2869: Cris Neckar in Google Chrome security team use AddressSanitizer
CVE-2011-2870: Abhishek Arya (Inferno) from the Google Chrome Security Team using AddressSanitizer
CVE-2011-2871: Abhishek Arya (Inferno) from the Google Chrome Security Team using AddressSanitizer
CVE-2011-2872: Abhishek Arya (Inferno) and Chris Neckar in Google Chrome security team use AddressSanitizer
CVE-2011-2873: Abhishek Arya (Inferno) from the Google Chrome Security Team using AddressSanitizer
CVE-2011-2877: miaubiz
CVE-2011-3885: miaubiz
CVE-2011-3888: miaubiz
CVE-2011-3897: pa_kt working with Zero Day Initiative, TippingPoint's
CVE-2011-3908: Aki Helin in OUSPG
CVE-2011-3909: Google Chrome Security Team (scarybeasts) and Chu
CVE-2012-0591: miaubiz, and Martin Barbella
CVE-2012-0592: Alexander Gavrun working with Zero Day Initiative, TippingPoint's
CVE-2012-0593: Lei Zhang community of Chrome
CVE-2012-0594: Adam Klein community of Chrome
CVE-2012-0595: Apple
CVE-2012-0596: Abhishek Arya (Inferno) from the Google Chrome Security Team using AddressSanitizer
CVE-2012-0597: miaubiz
CVE-2012-0598: Sergei Glazunov
CVE-2012-0599: Dmitry Gorbunov from SaveSources.com
CVE-2012-0600: Marshall Greenblatt, Dharani Govindan in Google Chrome, miaubiz, Aki Helin in OUSPG, Apple
CVE-2012-0601: Apple
CVE-2012-0602: Apple
CVE-2012-0603: Apple
CVE-2012-0604: Apple
CVE-2012-0605: Apple
CVE-2012-0606: Apple
CVE-2012-0607: Apple
CVE-2012-0608: Abhishek Arya (Inferno) from the Google Chrome Security Team using AddressSanitizer
CVE-2012-0609: Abhishek Arya (Inferno) from the Google Chrome Security Team using AddressSanitizer
CVE-2012-0610: miaubiz Martin Barbella using AddressSanitizer
CVE-2012-0611: Martin Barbella using AddressSanitizer
CVE-2012-0612: Abhishek Arya (Inferno) from the Google Chrome Security Team using AddressSanitizer
CVE-2012-0613: Abhishek Arya (Inferno) from the Google Chrome Security Team using AddressSanitizer
CVE-2012-0614: miaubiz Martin Barbella using AddressSanitizer
CVE-2012-0615: Martin Barbella using AddressSanitizer
CVE-2012-0616: miaubiz
CVE-2012-0617: Martin Barbella using AddressSanitizer
CVE-2012-0618: Abhishek Arya (Inferno) from the Google Chrome Security Team using AddressSanitizer
CVE-2012-0619: Abhishek Arya (Inferno) from the Google Chrome Security Team using AddressSanitizer
CVE-2012-0620: Abhishek Arya (Inferno) from the Google Chrome Security Team using AddressSanitizer
CVE-2012-0621: Martin Barbella using AddressSanitizer
CVE-2012-0622: Dave Levine and Abhishek Arya of Google Chrome Security Team
CVE-2012-0623: Abhishek Arya (Inferno) from the Google Chrome Security Team using AddressSanitizer
CVE-2012-0624: Martin Barbella using AddressSanitizer
CVE-2012-0625: Martin Barbella
CVE-2012-0626: Abhishek Arya (Inferno) from the Google Chrome Security Team using AddressSanitizer
CVE-2012-0627: Apple
CVE-2012-0628: Slawomir Blazek, miaubiz, Abhishek Arya (Inferno) from the Google Chrome team safety of AddressSanitizer
CVE-2012-0629: Abhishek Arya (Inferno) from the Google Chrome Security Team
CVE-2012-0630: Sergio Villar Senin of Igalia
CVE-2012-0631: Abhishek Arya (Inferno) from the Google Chrome Security Team
CVE-2012-0632: Cris Neckar Groups use Google Chrome Security AddressSanitizer
CVE-2012-0633: Apple
CVE-2012-0634: wushi of team509 working with Zero Day Initiative, TippingPoint's
CVE-2012-0635: Julien Chaffraix community of chromium, Martin Barbella using AddressSanitizer
CVE-2012-0636: Jeremy Apthorp on Google, Abhishek Arya (Inferno) from the Google Chrome team safety of AddressSanitizer
CVE-2012-0637: Apple
CVE-2012-0638: Abhishek Arya (Inferno) from the Google Chrome Security Team using AddressSanitizer
CVE-2012-0639: Abhishek Arya (Inferno) from the Google Chrome Security Team using AddressSanitizer
CVE-2012-0648: Apple
Important: Mention of third-party Web sites and products for informational purposes only and constitutes neither an endorsement nor a recommendation. Apple is not responsible for selection, performance or use of the information or products on third-party Web sites. Apple provides this only for the convenience of our users. Apple has not tested the information found on these sites and makes no representation as to the accuracy or reliability. There are risks associated with the use of any information or products found on the Internet, and Apple assumes no responsibility in this regard. It should be understood that the third-party site is independent from Apple, and Apple, has no control over the content on this site. Please contact the vendor for additional information.