Apple Security Advisory 2011-07-20-2 - An iWork 9.1 update addresses multiple security issues. A buffer overflow existed in the handling of Excel files. Opening a maliciously crafted Excel file in Numbers may lead to an unexpected application termination or arbitrary code execution. A memory corruption issue existed in the handling of Excel files. Opening a maliciously crafted Excel file in Numbers may lead to an unexpected application termination or arbitrary code execution. A memory corruption issue existed in the handling of Microsoft Word documents. Opening a maliciously crafted Microsoft Word document in Pages may lead to an unexpected application termination or arbitrary code execution.
a73deccbc64afb80a87bd72b01aefd8124e910e61fa03497792581196667db65
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2011-07-20-2 iWork 9.1 Update
iWork 9.1 Update is now available and addresses the following:
Numbers
Available for: iWork 9.0 through 9.0.5
Impact: Opening a maliciously crafted Excel file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of Excel
files. Opening a maliciously crafted Excel file in Numbers may lead
to an unexpected application termination or arbitrary code execution.
CVE-ID
CVE-2010-3785 : Apple
Numbers
Available for: iWork 9.0 through 9.0.5
Impact: Opening a maliciously crafted Excel file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
Excel files. Opening a maliciously crafted Excel file in Numbers may
lead to an unexpected application termination or arbitrary code
execution.
CVE-ID
CVE-2010-3786 : Tobias Klein, working with VeriSign iDefense Labs
Pages
Available for: iWork 9.0 through 9.0.5
Impact: Opening a maliciously crafted Microsoft Word document may
lead to an unexpected application termination or arbitrary code
execution
Description: A memory corruption issue existed in the handling of
Microsoft Word documents. Opening a maliciously crafted Microsoft
Word document in Pages may lead to an unexpected application
termination or arbitrary code execution.
CVE-ID
CVE-2011-1417 : Charlie Miller and Dion Blazakis working with
TippingPoint's Zero Day Initiative
iWork 9.1 Update is available via the Apple Software Update
application, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
The download file is named: iWork9.1Update.dmg
Its SHA-1 digest is: ecb38db74d7d1954cbcee9220c73dac85cace3e1
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (Darwin)
iQEcBAEBAgAGBQJOKcGrAAoJEGnF2JsdZQeewcYH/RhHdLa6x14PX+ZTC+sm1Mjc
W1xBpOxMuBpAx3Li6INXXLvMablTgPIs5e3pbtsV0RYtsJy99JdPySPI8bpQu0Si
CVWuXXSBYy2gdTtRAf6MI3j+oOyM1JhE7GunLBWcmAzv5TxS8TRf0HtNErFEe8NA
StV8QBWLErNyHxqjUQsIb5d1KbIbOysFQZy3O6pyZ6SRwr8tlIPKnY4KsaDYS5Ry
tpv3lMysde5NqCy8BeOQEtW/WAmE7i9NCCNfU2L+OfGQOXIdXmKl7Orjj+d9l23L
umGo9GCACvBVO1Ot6jKDlCW+ZuDRGuz+fhQnwOdyoqtwUwiNCsS6VIwuYYrcmxw=
=wrny
-----END PGP SIGNATURE-----