This issue was addressed by ignoring incomplete HTTP header lines. An attacker could strip security settings from the cookie by forcing the connection to close before the security settings were sent, and then obtain the value of the unprotected cookie. Apparently, after updating to iTunes 11.2, Mac users began noticing that their Users and /Users/Shared folders were missing, vanished upon reboot.Īpple’s iTunes 11.2.1 update is available for Mac OS X 10.6.8 or later.Īpple’s first update on Thursday, iTunes 11.2, addressed the following vulnerability:ĬVE-2014-1296 : An attacker in a privileged network position can obtain iTunes credentials. Set-Cookie HTTP headers would be processed even if the connection closed before the header line was complete. Then on Friday, Apple rolled out iTunes 11.2.1 as an emergency update, after the previous version mistakenly opened a serious security hole on Apple Macs. Last week on Thursday, Apple released an iTunes update to version 11.2 in conjunction with an updated version of Mac OS X. Security News Apple Releases iTunes 11.2.1 – Fixes iTunes 11.2 Security Bug
0 kommentar(er)
