APPLE-SA-2008-09-09 iPod touch v2.1 and APPLE-SA-2009-09-09 Bonjour for Windows 1.0.5 issued today.
Bonjour for Windows 1.0.5 is now available and addresses the following issues:
mDNSResponder CVE-ID: CVE-2008-2326 and CVE-2008-3630
Impact is DNS cache poisoning and application termination. Download here.
iPod touch v2.1 is now available and addresses the following issues:
Application Sandbox CVE-ID: CVE-2008-3631
CoreGraphics CVE-ID: CVE-2008-1806, CVE-2008-1807, CVE-2008-1808
mDNSResponder CVE-ID: CVE-2008-1447
Networking CVE-ID: CVE-2008-3612
WebKit CVE-ID: CVE-2008-3632
Impact varies from arbitrary code execution, disclosure of data, session hijacking, and DNS cache poisoning.
This update is only available through iTunes, and will not appear in
your computer's Software Update application, or in the Apple
Downloads site. Make sure you have an internet connection and have
installed the latest version of iTunes from www.apple.com/itunes/ "
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
Adrien de Beaupré
I will be teaching next: Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques - SEC642 | Adv Pen Test | Jul 13 ET