iTunes 9.2 fixes security vulnerabilities
iTunes 9.2 comes with several new features, improvements and security fixes.
A heap buffer overflow exists in the handling of images with an embedded ColorSync profile. Opening a maliciously crafted image with an embedded ColorSync profile may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved validation of ColorSync profiles.
Multiple integer overflows in the handling of TIFF files may result in a heap buffer overflow. Opening a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution. The issues are addressed through improved bounds checking.
WebKit is updated to the version included in Safari 5.0 and Safari 4.1 to address several vulnerabilities, the most serious of which may lead to arbitrary code execution.