Those folks over at Apple Inc have been churning out the patches recently, so to keep them all together, here is a little summary:
Apple ID : APPLE-SA-2011-11-14-1 iTunes 10.5.1
Impact: A man-in-the-middle attacker may offer software that appears to originate from Apple
CVE : CVE-2008-3434
Apple ID: APPLE-SA-2011-11-10-2 Time Capsule and AirPort Base Station (802.11n) Firmware 7.6
Impact: An attacker in a privileged network position may be able to cause arbitrary command execution via malicious DHCP responses
Apple ID: APPLE-SA-2011-11-10-1 iOS 5.0.1 Software Update
Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information
Impact: Viewing a document containing a maliciously crafted font may lead to arbitrary code execution
CVE : CVE-2011-3439
Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information
CVE : Non-provided
Impact: An application may execute unsigned code
Impact: Visiting a maliciously crafted website may lead to the
Impact: A person with physical access to a locked iPad 2 may be able to access some of the user's data
None of these would appear to address the Core Security announced Sandbox vulnerability (CVE-2011-1516) referenced here.
Also note Swa's earlier diary on recent updates to the Java distribution.
Nov 14th 2011
7 years ago
One more to add for the day...
> iTunes v10.5.1 released
Nov 14 2011
Nov 15th 2011
7 years ago