Jump to content


Photo

Apple Mac OS X updates


  • Please log in to reply
156 replies to this topic

#1 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,051 posts

Posted 16 December 2007 - 03:14 PM

FYI...

Mac OS X 10.4 - Java Release 6
Apple fixes 18 flaws in Tiger's Java
- http://preview.tinyurl.com/2km3l9
December 15, 2007 (Computerworld) - "Apple Inc. has updated Java for Mac OS X 10.4, aka Tiger, to patch 18 different vulnerabilities, including some fixed as long ago as May by Java's maker, Sun Microsystems Inc. Apple's newest operating system, dubbed Leopard, does not need to be patched because it includes the updated Java components. According to the accompanying advisory*, Tiger's Java, Java 1.4 and J2SE 5.0 contain flaws that in some cases can lead to what Apple calls "arbitrary code execution," which means that attackers may be able to insert their own malware during an exploit and/or gain complete control of the machine. Apple, unlike rivals such as Microsoft Corp., does not rank or rate its security updates to give users an idea of the severity of the bugs..."
* http://docs.info.app...l?artnum=307177

- http://secunia.com/advisories/28115/
Release Date: 2007-12-17
Critical: Highly critical

:ph34r:

Edited by apluswebmaster, 17 December 2007 - 07:12 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#2 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,051 posts

Posted 17 December 2007 - 06:17 PM

FYI...

Apple Security Update 2007-009
- http://isc.sans.org/...ml?storyid=3760
Last Updated: 2007-12-17 23:03:32 UTC - "Apple has released security update 2007-009 which contains fixes for several key components of the Mac OS X operating system. The following downloads are now available:
2007-009 10.5.1 includes fixes for CF Network, Core Foundation, CUPS, Flash Player Plug-in, Launch Services, perl, python, Quick Look, ruby, Safari, Samba, Shockwave Plug-in and Spin Tracer.
> http://www.apple.com...0070091051.html

2007-009 10.4.11 Universal and 10.4.11 PPC include fixes for Address Book, CUPS, ColorSync, Core Foundation, Desktop Services, Flash Player Plug-in, gnutar, iChat, IO Storage Family, Launch Services, Mail, perl, python, ruby, Samba, Safari, Shockwave Plug-in, SMB, Spotlight, tcpdump and XQuery.
> http://www.apple.com...1universal.html

> http://www.apple.com...0910411ppc.html

Several of these issues are rather serious, so we strongly advise installing these updates at your earliest convenience. You can read up on the individual CVE numbers and vulnerability descriptions here*."
* http://docs.info.app...l?artnum=307179

- http://secunia.com/advisories/28136/
Release Date: 2007-12-18
Critical: Highly critical

Edited by apluswebmaster, 18 December 2007 - 06:36 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#3 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,051 posts

Posted 19 December 2007 - 03:35 PM

FYI...

- http://www.macworld....fm?newsid=19983
19 December 2007 - "...The update addressed an issue that caused the keyboard to freeze. Reports indicate that the Intel-based models running Mac OS X Leopard were affected, with keyboard freezes lasting for up to a minute, or more..."

MacBook, MacBook Pro Software Update 1.1
- http://www.apple.com...reupdate11.html
December 18, 2007 - "This update addresses a responsiveness issue MacBook and MacBook Pro notebook computers. Some MacBook and MacBook Pro systems may occasionally experience a temporary suspension of keyboard input which can last a minute or longer. The Mac OS X 10.5.1 update is required before installing the MacBook, MacBook Pro Software Update 1.1."

:techsupport:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#4 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,051 posts

Posted 24 December 2007 - 12:17 PM

FYI...

Security Update 2007-009 v1.1
- http://docs.info.app...l?artnum=307224
December 21, 2007 - "...Security Update 2007-009 v1.1 addresses an issue introduced in Security Update 2007-009 that may cause Safari to unexpectedly quit when browsing to certain websites. There is no change to the security content provided in Security Update 2007-009... Security Update 2007-009 v1.1 will install over Security Update 2007-009, and its installation is recommended to resolve the Safari issue. Systems that have not yet installed Security Update 2007-009 only need to install Security Update 2007-009 v1.1..."

Security Updates
- http://docs.info.app...ml?artnum=61798
Latest - 21 Dec 2007

:!:

Edited by apluswebmaster, 24 December 2007 - 12:44 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#5 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,051 posts

Posted 06 February 2008 - 04:11 PM

FYI...

iPhoto 7.1.2 released
> http://docs.info.app...l?artnum=307398
February 04, 2008 - "...Impact: Subscribing to a maliciously crafted photocast may lead to arbitrary code execution.
Description: A format string vulnerability exists in iPhoto. By enticing a user to subscribe to a maliciously crafted photocast, a remote attacker may cause arbitrary code execution. This update addresses the issue... can be downloaded and installed via Software Update preferences, or from
Apple Downloads..."
- http://www.apple.com...port/downloads/
(02/05/2008 - 14.2MB)

> http://www.us-cert.g...rity_update_to7

.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#6 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,051 posts

Posted 12 February 2008 - 04:59 AM

FYI...

Apple security update 2008-001 and 10.5.2 upgrade
- http://isc.sans.org/...ml?storyid=3974
Last Updated: 2008-02-12 01:22:32 UTC - "Apple released today a Security Update 2008-001 for Mac OS X 10.4 fixing -5- vulnerabilities in one patch. At the same time an upgrade to Mac OS X 10.5.2 was released, which also incorporates the security update all in one package (fixing -8- vulnerabilities). An upgrade like this can be best compared to a Service Pack in the windows world. It's not just a security fix, but also a functionality upgrade.
* Mac OS X 10.5.2:
http://docs.info.app...l?artnum=307109
* Security content of 10.5.2 and security update 2008-001:
http://docs.info.app...l?artnum=307430
* Apple updates can be found on:
http://docs.info.app...ml?artnum=61798
As always, Apple packages security fixes into one big patch. Software update will offer it to your mac users that haven't turned the feature off."

- http://secunia.com/advisories/28891/
Release Date: 2008-02-12
Critical: Highly critical
Impact: Security Bypass, Exposure of system information, Privilege escalation, DoS,
System access
Where: From remote
Solution Status: Vendor Patch...

Edited by apluswebmaster, 12 February 2008 - 05:35 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#7 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,051 posts

Posted 12 March 2008 - 06:30 AM

FYI...

MacBook Air SMC Update 1.0
- http://www.apple.com...mcupdate10.html
March 10, 2008 - "The SMC Update fine tunes the speed and operation of the internal fan. This update is recommended for all MacBook Air systems. The updater application will be installed in the /Applications/Utilities folder. Please follow the instructions in the updater application to complete the process."

> http://discussions.a...t...43&tstart=0

.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#8 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,051 posts

Posted 26 March 2008 - 10:35 PM

FYI...

Security Update 2008-002 v1.1 (Leopard)
- http://www.apple.com...v11leopard.html
Security Update 2008-002 is recommended for all users and improves the security of Mac OS X. Previous security updates have been incorporated into this security update.
03/26/2008 50MB

Security Update 2008-002 v1.1 Server (Leopard)
- http://www.apple.com...verleopard.html
Security Update 2008-002 is recommended for all servers and improves the security of Mac OS X. Previous security updates have been incorporated into this security update
03/26/2008 108MB

:ninja:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#9 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,051 posts

Posted 17 April 2008 - 08:50 AM

FYI...

Safari 3.1.1 released
* http://support.apple.com/kb/HT1467
4/16/2008 - "For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available..."
- http://www.apple.com...port/downloads/

- http://secunia.com/advisories/29846/
Release Date: 2008-04-17
Critical: Highly critical
Impact: Cross Site Scripting, DoS, System access
Where: From remote
Solution Status: Vendor Patch
...The vulnerabilities are reported in versions prior to 3.1.1...

Edited by apluswebmaster, 17 April 2008 - 08:50 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#10 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,051 posts

Posted 01 July 2008 - 11:06 AM

FYI...

Security Update 2008-004 and Mac OS X 10.5.4
- http://support.apple.com/kb/HT2163
Last Modified: June 30, 2008
Article: HT2163

Safari 3.1.2 for Mac OS X 10.4.11
- http://support.apple.com/kb/HT2165
Last Modified: June 30, 2008
Article: HT2165

- http://isc.sans.org/...ml?storyid=4651
Last Updated: 2008-07-01 17:17:35 UTC ...(Version: 2) - "...One thing interesting that is not fixed, is the Apple Remote Desktop vuln..."

.

Edited by apluswebmaster, 01 July 2008 - 12:36 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#11 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,051 posts

Posted 01 August 2008 - 04:43 AM

FYI...

Apple Security Update 2008-005...
- http://isc.sans.org/...ml?storyid=4810
Last Updated: 2008-08-01 08:27:35 UTC - "Apple released their patch overnight... Most importantly it contains the workaround for the DNS bug CVE-2008-1447. Also included is an upgrade to PHP 5.2.6 (which was released in source code at http://www.php.net/ on May 1st). Seems we all need to urge Job's gang to release patches significantly faster: it's the price to pay to base parts of your system on open source code. Apple Mac OS X users get it though software update. As always it's one big patch, given that little choice, you'll want to PATCH NOW."

- http://support.apple.com/kb/HT2647
August 01, 2008

- http://www.apple.com...port/downloads/
07/31/2008

- http://secunia.com/advisories/31326/
Release Date: 2008-08-01
Critical: Highly critical
Impact: Security Bypass, Spoofing, Privilege escalation, DoS, System access
Where: From remote
Solution Status: Vendor Patch
OS: Apple Macintosh OS X ...
Solution: Apply Security Update 2008-005...

---

- http://isc.sans.org/...ml?storyid=4810
Last Updated: 2008-08-01 20:06:50 UTC ...(Version: 3) "...UPDATE ...Apple might have fixed some of the more important parts for servers, but is far from done yet as all the clients linked against a DNS client library still need to get the workaround for the protocol weakness..."

//

Edited by apluswebmaster, 02 August 2008 - 08:10 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#12 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,051 posts

Posted 15 September 2008 - 06:15 PM

FYI...

Mac OSX 10.5.5 and Security Update 2008-006
- http://isc.sans.org/...ml?storyid=5041
Last Updated: 2008-09-15 21:51:39 UTC - "...Apple released OSX update 10.5.5*. Built into 10.5.5 is Security Update 2008-006**, marking the 6th major security update of the year. So aside from the ton of updates in 10.5.5 for OSX Leopard, check out the below updates included with it. Keep in mind that Security Update is not just for 10.5 (OSX Leopard), being that it is also available for 10.4, Desktop and Server releases..."

* http://support.apple.com/kb/HT2405
"...Choose Software Update from the Apple menu to automatically check for the latest Apple software via the Internet, including this update..."

** http://support.apple.com/kb/HT3137

- http://www.theregist...ty_update_sept/
16 September 2008 - "...Both updates mend DNS security holes in older versions of BIND previously bundled with Apple's software..."

- http://secunia.com/advisories/31882/
Release Date: 2008-09-16
Critical: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, Manipulation of data, Exposure of system information, Exposure of sensitive information, DoS, System access
Where: From remote
Solution Status: Vendor Patch ...

:!:

Edited by apluswebmaster, 16 September 2008 - 09:02 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#13 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,051 posts

Posted 25 September 2008 - 09:44 AM

FYI...

Mac OS X Java multiple vulns - update available
- http://secunia.com/advisories/32018/
Critical: Highly critical
Impact: Security Bypass, Exposure of system information, Exposure of sensitive information, DoS, System access
Where: From remote
Solution Status: Vendor Patch
OS: Apple Macintosh OS X
...Some vulnerabilities in Java 1.4.2_16 and Java 1.5.0_13 can be exploited by malicious people to cause a DoS (Denial of Service), to bypass certain security restrictions, disclose system information or potentially sensitive information, or to compromise a vulnerable system...
Solution:
-- Java for Mac OS X 10.4 --
Update to Release 7:
http://www.apple.com...04release7.html
-- Java for Mac OS X 10.5 --
Apply Update 2:
http://www.apple.com...105update2.html ...
Original Advisory: Apple:
http://support.apple.com/kb/HT3179
http://support.apple.com/kb/HT3178

http://web.nvd.nist....d=CVE-2008-1185
http://web.nvd.nist....d=CVE-2008-1186
http://web.nvd.nist....d=CVE-2008-1187
http://web.nvd.nist....d=CVE-2008-1188
http://web.nvd.nist....d=CVE-2008-1189
http://web.nvd.nist....d=CVE-2008-1190
http://web.nvd.nist....d=CVE-2008-1191
http://web.nvd.nist....d=CVE-2008-1192
http://web.nvd.nist....d=CVE-2008-1193
http://web.nvd.nist....d=CVE-2008-1194
http://web.nvd.nist....d=CVE-2008-1195
http://web.nvd.nist....d=CVE-2008-1196
http://web.nvd.nist....d=CVE-2008-3103
http://web.nvd.nist....d=CVE-2008-3104
http://web.nvd.nist....d=CVE-2008-3105
http://web.nvd.nist....d=CVE-2008-3106
http://web.nvd.nist....d=CVE-2008-3107
http://web.nvd.nist....d=CVE-2008-3108
http://web.nvd.nist....d=CVE-2008-3109
http://web.nvd.nist....d=CVE-2008-3110
http://web.nvd.nist....d=CVE-2008-3111
http://web.nvd.nist....d=CVE-2008-3112
http://web.nvd.nist....d=CVE-2008-3113
http://web.nvd.nist....d=CVE-2008-3114
http://web.nvd.nist....d=CVE-2008-3115
http://web.nvd.nist....d=CVE-2008-3637
http://web.nvd.nist....d=CVE-2008-3638

:!:

Edited by apluswebmaster, 27 September 2008 - 06:56 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#14 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,051 posts

Posted 10 October 2008 - 08:33 AM

FYI...

Apple Mac OS X Security Update 2008-007 released
- http://secunia.com/advisories/32222/
Release Date: 2008-10-10
Critical: Moderately critical
Impact: Security Bypass, Cross Site Scripting, Manipulation of data, Exposure of system information, Exposure of sensitive information, Privilege escalation, DoS, System access
Where: From remote
Solution Status: Vendor Patch
OS: Apple Macintosh OS X...
Original Advisory: Apple Security Update 2008-007:
http://support.apple.com/kb/HT3216

> http://www.apple.com...port/downloads/

:!:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#15 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,051 posts

Posted 11 November 2008 - 08:44 AM

FYI...

Apple fixes three iLife flaws - Mac OS v10.4.9 through v10.4.11
- http://news.cnet.com...-1009_3-83.html
November 10, 2008 - "Apple released an update on Monday for iLife 8.0 and Aperture 2 running on Mac OS v10.4.9 through v10.4.11. The update does -not- affect those running Mac OS X v10.5.5. The update affects system software components shared by all iLife '08 applications and, in most cases, the specific vulnerabilities could lead to application termination or arbitrary code execution. iLife Support 8.3.1 may be obtained from the Software Update pane in System Preferences -or- Apple's Software Downloads* Web site..."
* http://www.apple.com...port/downloads/

- http://support.apple.com/kb/HT3276

- http://secunia.com/advisories/32688/
Release Date: 2008-11-12
Critical: Highly critical
Impact: DoS, System access
Where: From remote
Solution Status: Vendor Patch
Software: Apple Aperture 2.x, Apple iLife 8.x
...The vulnerabilities are reported in Apple iLife 8.0 and Aperture 2 on Mac OS 10.4.9 through 10.4.11.
Solution: Apply iLife Support 8.3.1.
http://www.apple.com...support831.html

:!:

Edited by apluswebmaster, 12 November 2008 - 07:41 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#16 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,051 posts

Posted 15 December 2008 - 03:14 PM

FYI...

Apple OSX 10.5.6 - Security update 2008-008
- http://isc.sans.org/...ml?storyid=5488
Last Updated: 2008-12-15 18:25:13 UTC - "Apple's released an update for OSX, you can now download 10.5.6 through the Software Update app. It patches a large number of vulns*..."

> http://support.apple.com/downloads/
Mac OS X 10.5.6 Update
The 10.5.6 Update is recommended for all users running Mac OS X Leopard...

* http://support.apple.com/kb/HT3338
December 15, 2008

:!:

Edited by apluswebmaster, 15 December 2008 - 03:16 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#17 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,051 posts

Posted 20 December 2008 - 02:18 PM

FYI...

- http://www.theinquir...pgrade-problems
19 December 2008 - "... In a support document posted to its site*, Apple said that the problem was caused by an incomplete update getting seeded into the Software Update process... According to Apple, you should force Software Update to quit, remove the partial update from your library, and re-download the update. The combo update that was offered at the same time was more stable than the stand-alone update, apparently."

Mac OS X 10.5: Software Update stops responding during "Configuring installation"
- http://support.apple.com/kb/TS2383
Last Modified: December 18, 2008

:ph34r: :(

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#18 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,051 posts

Posted 12 February 2009 - 07:33 PM

FYI...

Apple Security Updates
- http://isc.sans.org/...ml?storyid=5848
Last Updated: 2009-02-12 23:37:34 UTC ...(Version: 2) - "Apple today released a number of security updates:
1 - Safari for Windows
This update will bring Safari up ot version 3.2.2. It fixes a vulnerability within Safari which allows for the execution of Javascript in "feed:" URLs.
Safari 3.2.2 for Windows: http://support.apple.com/kb/HT3439
- http://web.nvd.nist....d=CVE-2009-0137
CVSS v2 Base Score: 10.0 (HIGH)

2 - OS X Update 2009-001
The first security update from Apple for 2009. It fixes a huge number of issues (I counted 45 CVE numbers). Many of them are in X11, perl and python. This patch includes the Safari patch mentioned above.

3 - Java update for OS X
And lastly: Apple also released a patched version of java, which will bring Java up to version 8 for OS X 10.4 (Tiger... not Leopard). For Leopard (OS X 10.5), Java update 3 was released today as well.
See:
- http://support.apple.com/kb/HT1222
- http://support.apple.com/downloads/

OS X Security Update
- http://secunia.com/advisories/33937/
Release Date: 2009-02-13
Critical: Highly critical
Impact: Unknown, Security Bypass, Exposure of sensitive information, Privilege escalation, DoS, System access
Where: From remote
Solution Status: Vendor Patch ...
Original Advisory: http://support.apple.com/kb/HT3438 ...

OS X update for Java
- http://secunia.com/advisories/33935/
Release Date: 2009-02-13
Critical: Highly critical
Impact: Security Bypass, Exposure of sensitive information, System access
Where: From remote
Solution Status: Vendor Patch...
Original Advisory: Apple:
http://support.apple.com/kb/HT3436
http://support.apple.com/kb/HT3437 ...

.

Edited by apluswebmaster, 13 February 2009 - 01:25 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#19 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,051 posts

Posted 07 March 2009 - 11:09 AM

FYI...

Apple Airport Extreme / Time Capsule multiple vulns - updates available
- http://secunia.com/advisories/34105/2/
Release Date: 2009-03-06
Critical: Moderately critical
Impact: Spoofing, Exposure of sensitive information, DoS
Where: From remote
Solution Status: Vendor Patch
OS: Apple Airport Extreme, Apple Time Capsule ...
Solution: Update to firmware version 7.4.1...
Original Advisory: HT3467:
http://support.apple.com/kb/HT3467 ...

- http://support.apple.com/downloads/

Apple security updates (index)
- http://support.apple.com/kb/HT1222

:ph34r:

Edited by apluswebmaster, 13 March 2009 - 11:35 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#20 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,051 posts

Posted 12 May 2009 - 09:59 PM

FYI...

Apple OS X 10.5.7 update / Security update 2009-002
- http://support.apple.com/kb/HT3397
May 12, 2009

About the security content of Security Update 2009-002 / Mac OS X v10.5.7
- http://support.apple.com/kb/HT3549
May 12, 2009

- http://www.f-secure....s/00001681.html
"... fixes 67 security issues in OS X..."

- http://lists.apple.c...y/msg00002.html
May 12, 2009

• Safari 4 beta: http://support.apple.com/kb/HT3551
o libxml: http://web.nvd.nist....d=CVE-2008-3529
o Safari: http://web.nvd.nist....d=CVE-2009-0162
o WebKit: http://web.nvd.nist....d=CVE-2009-0945

• Safari 3.2.3: http://support.apple.com/kb/HT3550
o libxml: http://web.nvd.nist....d=CVE-2008-3529
o Safari: http://web.nvd.nist....d=CVE-2009-0162
o WebKit: http://web.nvd.nist....d=CVE-2009-0945

- http://support.apple.com/downloads/
___

Mac OS X - Security Update 2009-002
- http://secunia.com/advisories/35074/2/
Release Date: 2009-05-13
Critical: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of sensitive information, Privilege escalation, DoS, System access

Safari
- http://secunia.com/advisories/35056/2/
Release Date: 2009-05-13
Critical: Highly critical

ISC notes on Mac updates...
- http://isc.sans.org/...ml?storyid=6382
Last Updated: 2009-05-12 23:07:09 UTC

:!:

Edited by apluswebmaster, 15 May 2009 - 05:36 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#21 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,051 posts

Posted 09 June 2009 - 01:29 AM

FYI...

Safari jumbo patch - 50+ fixes...
- http://blogs.zdnet.c...ecurity/?p=3541
June 8, 2009 - "... The latest fixes, available in the new Safari 4.0, corrects a wide range of code execution and denial-of-service vulnerabilities and even comes with a fix for the vexing “clickjacking” issues plaguing modern Web browsers... The latest Safari refresh also fixes five documented several code execution issues in CoreGraphics (all could lead to complete computer takeover attacks); an ImageIO issue that could be exploited via maliciously crafted PNG images; 5 flaws in libxml; and a variety of WebKit vulnerabilities that affect Safari on both Mac and Windows systems..."
- http://support.apple...nloads/Safari_4

> http://support.apple.com/kb/HT3613

- http://secunia.com/advisories/35379/2/
Release Date: 2009-06-09
Critical: Highly critical
Impact: Exposure of sensitive information, System access
Where: From remote
Solution Status: Unpatched
Software: Safari 3.x, Safari for Windows 3.x ...
Solution: Upgrade to Safari version 4, which fixes the vulnerabilities...

:!:

Edited by apluswebmaster, 09 June 2009 - 08:12 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#22 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,051 posts

Posted 16 June 2009 - 07:47 AM

FYI...

Mac OS X Java updates...
- http://support.apple.com/kb/HT1222
Java for Mac OS X 10.4 Release 9
15 June 2009
Java for Mac OS X 10.5 Update 4
15 June 2009

- http://support.apple.com/downloads/

Security content of Java for Mac OS X 10.4 Release 9
- http://support.apple.com/kb/HT3633

Security content of Java for Mac OS X 10.5 Update 4
- http://support.apple.com/kb/HT3632

- http://voices.washin...rss=securityfix
June 16, 2009 - "... This Java update appears to address most of the outstanding Java vulnerabilities. From looking at the common vulnerabilities and exposures (CVE) numbers attached to each of the flaws fixed by Apple's Java rollup, it looks like this update brings Mac OS X systems to the equivalent of Java 6 Update 13..."

:!:

Edited by apluswebmaster, 16 June 2009 - 11:17 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#23 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,051 posts

Posted 18 June 2009 - 07:18 AM

FYI...

Apple iPhone / iPod touch multiple vulns - update available
- http://secunia.com/advisories/35449/2/
Release Date: 2009-06-18
Critical: Highly critical
Impact: Security Bypass, Cross Site Scripting, Exposure of sensitive information, DoS, System access
Where: From remote
Solution Status: Vendor Patch
OS: Apple iPhone, Apple iPod touch
Original Advisory: Apple: http://support.apple.com/kb/HT3639 ...

iPhone OS 3.0 Software Update
> http://www.apple.com...softwareupdate/

:!:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#24 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,051 posts

Posted 09 July 2009 - 05:34 AM

FYI...

Safari 4.0.2 released
- http://support.apple.com/kb/HT3666
July 08, 2009

- http://support.apple.com/downloads/
July 08, 2009 - 40MB ( Leopard) 26 MB (Tiger) 47MB (Windows)
"This update is recommended for all Safari users and improves the stability of the Nitro JavaScript engine and includes the latest compatibility and security fixes."

- http://secunia.com/advisories/35758/2/
Release Date: 2009-07-09
Critical: Highly critical
Impact: Cross Site Scripting, System access
Solution: Update to version 4.0.2.

:!:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#25 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,051 posts

Posted 09 August 2009 - 05:11 PM

FYI...

Apple Mac OS X v10.5.8 / Security Update 2009-003
- http://support.apple.com/kb/HT3757
Last Modified: August 05, 2009

- http://support.apple.com/downloads/

- http://lists.apple.c...g/msg00001.html

- http://www.us-cert.g...eases_mac_os_x1
August 6, 2009
- http://www.us-cert.g.../TA09-218A.html

- http://secunia.com/advisories/36096/2/
Release Date: 2009-08-06
Critical: Highly critical
Impact: Security Bypass, Spoofing, DoS, System access
Where: From remote
Solution Status: Vendor Patch
OS: Apple Macintosh OS X ...
Solution: Update to Mac OS X v10.5.8 or apply Security Update 2009-003...

:!:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#26 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,051 posts

Posted 12 August 2009 - 07:31 AM

FYI...

Apple Safari v4.0.3 released
- http://support.apple.com/downloads/
August 11, 2009 - "This update is recommended for all Safari users and includes improvements to stability, compatibility and security..."

- http://secunia.com/advisories/36269/2/
Release Date: 2009-08-12
Critical: Highly critical
Impact: Spoofing, Manipulation of data, Exposure of sensitive information, System access
Where: From remote
Solution Status: Vendor Patch
Software: Apple Safari 4.x
Solution: Update to version 4.0.3...
Original Advisory: Apple:
http://support.apple.com/kb/HT3733

:ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#27 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,051 posts

Posted 12 August 2009 - 08:39 PM

FYI...

Apple Mac OSX Security Update 2009-004
- http://support.apple.com/kb/HT3776
August 12, 2009
Security Update 2009-004
BIND - CVE-ID:
http://web.nvd.nist....d=CVE-2009-0696

- http://lists.apple.c...g/msg00003.html
12 Aug 2009

> http://support.apple.com/downloads/

- http://secunia.com/advisories/36299/2/
Release Date: 2009-08-13
Critical: Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch
OS: Apple Macintosh OS X ...
Solution: Apply Security Update 2009-004...

- http://blog.trendmic...an-in-the-wild/
Aug. 11, 2009 - "... be wary of prompts to download software updates that do not come from Apple’s legitimate website."

:!:

Edited by apluswebmaster, 13 August 2009 - 07:22 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#28 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,051 posts

Posted 03 September 2009 - 05:16 PM

FYI...

Java for Mac OS X 10.5 Update 5
- http://support.apple.com/kb/HT3851
September 03, 2009

> http://support.apple.com/downloads/
161.35MB

- http://voices.washin...ackdates_f.html
September 3, 2009 - "... The Java update brings Mac's version of Java to 10.5 Update 5, and fixes at least 16 security flaws in the program. Users can grab the patch through Software Update or directly from Apple Software Downloads. Mac users who have upgraded to Snow Leopard should be aware that the current version of the installation disc comes with an outdated version of Flash - version 10.0.23.1. Snow Leopard users can upgrade to the latest version - 10.0.32.18 - by visiting the Flash Player Download Center*."
* http://get.adobe.com/flashplayer/

- http://blogs.adobe.c...and_snow_l.html
September 2, 2009

- http://secunia.com/advisories/36598/2/
Release Date: 2009-09-04
Critical: Highly critical
Impact: Unknown, Security Bypass, Spoofing, Exposure of sensitive information, DoS, System access
Where: From remote
Solution Status: Vendor Patch
OS: Apple Macintosh OS X...
Solution: Apply Java for Mac OS X 10.5 Update 5...

.

Edited by apluswebmaster, 04 September 2009 - 03:32 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#29 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,051 posts

Posted 11 September 2009 - 06:36 AM

FYI...

Apple Mac OSX Security Update 2009-005
- http://support.apple.com/kb/HT3865
September 10, 2009
- http://support.apple.com/kb/HT3864
Mac OS X v10.6.1 Update
Last Modified: September 11, 2009

- http://support.apple.com/downloads/

- http://secunia.com/advisories/36701/2/
Release Date: 2009-09-11
Critical: Highly critical
Impact: Security Bypass, Cross Site Scripting, Exposure of sensitive information, Privilege escalation, DoS, System access
Where: From remote
Solution Status: Vendor Patch
OS: Apple Macintosh OS X ...
Solution: Update to Mac OS X v10.6.1 or apply Security Update 2009-005...

> http://www.theregist...curity_updates/
11 September 2009 - "... more than 47 security bugs in its iPhone, QuickTime media player and Mac operating system..."
> http://voices.washin...one_quickt.html
September 10, 2009

:ph34r:

Edited by apluswebmaster, 11 September 2009 - 09:06 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#30 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,051 posts

Posted 23 September 2009 - 12:27 PM

FYI...

iTunes playlist vuln - update available
- http://www.securityf....com/brief/1015
2009-09-23 - "... a single flaw in the way that iTunes 9, the latest version of its popular multimedia management software, handles playlists on both the Mac OS X and Windows operating systems. The vulnerability could allow an attacker to create a specially-crafted playlist that compromises a victim's computer with malicious software... Cybercriminals have increasingly focused on attacking third-party applications..."

- http://secunia.com/advisories/36744/2/
Release Date: 2009-09-23
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: iTunes 9.x...
Solution: Update to version 9.0.1...
Original Advisory:
http://support.apple.com/kb/HT3884
September 22, 2009

> http://www.apple.com/itunes/download/
iTunes 9.0.1 for Windows XP or Vista
-or-
...use Apple Software Update

- http://cve.mitre.org...e=CVE-2009-2817

- http://www.us-cert.g...ases_itunes_9_0
September 23, 2009

:ph34r:

Edited by apluswebmaster, 23 September 2009 - 12:57 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#31 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,051 posts

Posted 10 November 2009 - 07:05 AM

FYI...

Apple Security Update 2009-006
- http://lists.apple.c...v/msg00000.html
9 Nov 2009

- http://support.apple.com/downloads/
Mac OS X v10.6.2 Update

- http://secunia.com/advisories/37313/2/
Release Date: 2009-11-10
Critical: Highly critical
Impact: Unknown, Security Bypass, Cross Site Scripting, Spoofing, Manipulation of data, Brute force, Exposure of sensitive information, Privilege escalation, DoS, System access
Where: From remote
Solution Status: Vendor Patch
OS: Apple Macintosh OS X ...
Original Advisory: Apple:
http://support.apple.com/kb/HT3937

- http://secunia.com/advisories/37313/3/
CVE reference: CVE-2007-5707, CVE-2007-6698, CVE-2008-0658, CVE-2009-0023, CVE-2009-1191, CVE-2009-1195, CVE-2009-1574, CVE-2009-1632, CVE-2009-1890, CVE-2009-1891, CVE-2009-1955, CVE-2009-1956, CVE-2009-2202, CVE-2009-2285, CVE-2009-2408, CVE-2009-2409, CVE-2009-2412, CVE-2009-2414, CVE-2009-2416, CVE-2009-2666, CVE-2009-2799, CVE-2009-2808, CVE-2009-2810, CVE-2009-2818, CVE-2009-2819, CVE-2009-2820, CVE-2009-2823, CVE-2009-2824, CVE-2009-2825, CVE-2009-2826, CVE-2009-2827, CVE-2009-2828, CVE-2009-2829, CVE-2009-2830, CVE-2009-2831, CVE-2009-2832, CVE-2009-2833, CVE-2009-2834, CVE-2009-2835, CVE-2009-2836, CVE-2009-2837, CVE-2009-2838, CVE-2009-2839, CVE-2009-2840, CVE-2009-3111, CVE-2009-3291, CVE-2009-3292, CVE-2009-3293

:ph34r:

Edited by apluswebmaster, 10 November 2009 - 09:41 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#32 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,051 posts

Posted 12 November 2009 - 08:37 AM

FYI...

Apple Safari v4.0.4 released
- http://secunia.com/advisories/37346/2/
Release Date: 2009-11-12
Critical: Highly critical
Impact: Security Bypass, Exposure of sensitive information, System access
Where: From remote
Solution Status: Vendor Patch
Software: Apple Safari 4.x
Solution: Update to version 4.0.4...
Original Advisory:
http://support.apple.com/kb/HT3949

CVE reference: CVE-2009-2414, CVE-2009-2416, CVE-2009-2804, CVE-2009-2816, CVE-2009-2841, CVE-2009-2842, CVE-2009-3384

- http://support.apple.com/downloads/

:ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#33 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,051 posts

Posted 03 December 2009 - 11:53 PM

FYI...

Java for Mac OS X 10.6 Update 1
- http://support.apple.com/kb/DL972
December 03, 2009 - "Java for Mac OS X 10.6 Update 1 delivers improved reliability, security, and compatibility for Java SE 6. Java for Mac OS X 10.6 Update 1 supersedes the previous Java for Mac OS X 10.6... For more details on this update, please visit this website: http://support.apple.com/kb/HT3892 "

Java for Mac OS X 10.5 Update 6
- http://support.apple.com/kb/DL971
December 03, 2009 - "Java for Mac OS X 10.5 Update 6 delivers improved reliability, security, and compatibility for J2SE 5.0 and Java SE 6. Java for Mac OS X 10.5 Update 6 supersedes all previous updates of Java for Mac OS X 10.5... For more details on this update, please visit this website: http://support.apple.com/kb/HT3891 "

- http://support.apple.com/kb/HT1222

- http://secunia.com/advisories/37581/2/
Release Date: 2009-12-04
Critical: Highly critical
Impact: Security Bypass, Exposure of sensitive information, DoS, System access
Where: From remote
Solution Status: Vendor Patch
OS: Apple Macintosh OS X ...
Solution: Apply updates...
- http://secunia.com/advisories/37581/3/
CVE reference: CVE-2009-2843, CVE-2009-3728, CVE-2009-3865, CVE-2009-3866, CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3877, CVE-2009-3884

:ph34r:

Edited by apluswebmaster, 04 December 2009 - 04:25 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#34 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,051 posts

Posted 19 January 2010 - 10:24 PM

FYI...

Apple Security Update 2010-001
- http://isc.sans.org/...ml?storyid=8026
Last Updated: 2010-01-19 21:57:15 UTC - "In an effort not to be left out, Apple has released Security Update 2010-001 which patches a dozen vulnerabilities in CoreAudio (code execution via crafted MP4), CUPS (remote DoS), Flash Player Plug-in (multiple including arbitrary code execution), ImageIO (code execution via crafted TIFF file), Image Raw (code execution via crafted DNG image), and OpenSSL (the renegotiation exploit). Details can be found here:
http://support.apple.com/kb/HT4004 "

- http://secunia.com/advisories/38241/2/
Release Date: 2010-01-20
Critical: Highly critical
Impact: Manipulation of data, Exposure of system information, DoS, System access
Where: From remote
Solution Status: Vendor Patch
OS: Apple Macintosh OS X ...
Solution: Apply Security Update 2010-001.
Security Update 2010-001 (Snow Leopard):
http://support.apple.com/kb/DL994
Security Update 2010-001 Server (Leopard):
http://support.apple.com/kb/DL992
Security Update 2010-001 Client (Leopard):
http://support.apple.com/kb/DL993

- http://www.theinquir...fixes-bugs-os-x
20 January 2010 - "... Security update 2010-001, the first from Apple this year, is noticeably smaller than the monster issued last November that fixed almost 60 flaws, er, different levels of perfection. For those who have a little difficulty reading Apple's security updates the phrase "may lead to arbitrary code execution" is Apple's way of saying, "This flaw is so critical that it will wipe your hard-drive, melt your face, cause the return of the Cold War and lead to mass global extinction of the human race unless the patch is installed." The problem is that Apple can't bear to use the term 'critical vulnerability' and admit it can be used by attackers to hijack a Mac because its marketing machine insists that only happens to computers made by other people..."

:ph34r:

Edited by apluswebmaster, 20 January 2010 - 07:25 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#35 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,051 posts

Posted 03 February 2010 - 06:59 AM

FYI...

Apple iPhone / iPod touch multiple vulns - update available
- http://secunia.com/advisories/38362/2/
Release Date: 2010-02-03
Critical: Highly critical
Impact: Security Bypass, Exposure of sensitive information, System access
Where: From remote
Solution Status: Vendor Patch
OS: Apple iPhone, Apple iPod touch
Solution: Update to iPhone OS 3.1.3 or iPhone OS for iPod touch 3.1.3 (downloadable and installable via iTunes).
Original Advisory: http://support.apple.com/kb/HT4013

- http://www.reghardwa...irmware_update/
3 February 2010

- http://blog.iphone-dev.org/

- http://isc.sans.org/...ml?storyid=8143
Last Updated: 2010-02-03 13:41:25 UTC
"... CVE-2010-0036, CVE-2009-2285, CVE-2010-0038, CVE-2009-3384 and CVE-2009-2841
These updates are available on iTunes..."

:ph34r:

Edited by apluswebmaster, 03 February 2010 - 01:53 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#36 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,051 posts

Posted 12 March 2010 - 05:11 AM

FYI...

Apple Safari v4.0.5 released
- http://secunia.com/advisories/38932/
Release Date: 2010-03-12
Criticality level: Highly critical
Impact: Security Bypass, Exposure of sensitive information, System access
Where: From remote
Solution Status: Vendor Patch
Solution: Update to version 4.0.5.
CVE Reference(s):
CVE-2009-2285, CVE-2010-0040, CVE-2010-0041, CVE-2010-0042, CVE-2010-0043, CVE-2010-0044, CVE-2010-0045, CVE-2010-0046, CVE-2010-0047, CVE-2010-0048, CVE-2010-0049, CVE-2010-0050, CVE-2010-0051, CVE-2010-0052, CVE-2010-0053, CVE-2010-0054
Original Advisory: Apple:
http://support.apple.com/kb/HT4070

- http://www.apple.com/safari/download/

- http://www.apple.com/support/safari/

- http://sunbeltblog.b...safari-fix.html
March 12, 2010 - "... fixes 16 vulnerabilities – six for Windows versions and ten for Mac OS X and Windows..."

:!:

Edited by apluswebmaster, 12 March 2010 - 07:45 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#37 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,051 posts

Posted 29 March 2010 - 05:31 PM

FYI...

Apple 2010-002 Security Update/Mac OS X v10.6.3 released
- http://isc.sans.org/...ml?storyid=8521
Last Updated: 2010-03-29 17:33:32 UTC

- http://www.computerw...ecurity_update?
March 29, 2010 - "Apple today patched -92- vulnerabilities, a third of them critical, in a record update to its Leopard and Snow Leopard operating systems. Security Update 2010-002 plugged 92 holes in the client and server editions of Mac OS X 10.5 and Mac OS X 10.6, breaking a record that has stood since March 2008..."

- http://secunia.com/advisories/39158/
Release Date: 2010-03-30
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of system information,
Exposure of sensitive information, Privilege escalation, DoS, System access
Where: From remote
Solution Status: Vendor Patch ...
Solution: Apply Security Update 2010-002 or update to version 10.6.3...
CVE Reference(s): CVE-2003-0063 CVE-2006-1329 CVE-2008-0564 CVE-2008-0888 CVE-2008-2712 CVE-2008-4101 CVE-2008-4456 CVE-2008-5302 CVE-2008-5303 CVE-2008-5515 CVE-2008-7247 CVE-2009-0033 CVE-2009-0037 CVE-2009-0316 CVE-2009-0580 CVE-2009-0688 CVE-2009-0689 CVE-2009-0781 CVE-2009-0783 CVE-2009-1904 CVE-2009-2042 CVE-2009-2417 CVE-2009-2422 CVE-2009-2446 CVE-2009-2632 CVE-2009-2693 CVE-2009-2801 CVE-2009-2901 CVE-2009-2902 CVE-2009-2906 CVE-2009-3009 CVE-2009-3095 CVE-2009-3557 CVE-2009-3558 CVE-2009-3559 CVE-2009-4017 CVE-2009-4019 CVE-2009-4030 CVE-2009-4142 CVE-2009-4143 CVE-2009-4214 CVE-2010-0041 CVE-2010-0042 CVE-2010-0043 CVE-2010-0055 CVE-2010-0056 CVE-2010-0057 CVE-2010-0058 CVE-2010-0059 CVE-2010-0060 CVE-2010-0062 CVE-2010-0063 CVE-2010-0064 CVE-2010-0065 CVE-2010-0393 CVE-2010-0497 CVE-2010-0498 CVE-2010-0500 CVE-2010-0501 CVE-2010-0502 CVE-2010-0503 CVE-2010-0504 CVE-2010-0505 CVE-2010-0506 CVE-2010-0507 CVE-2010-0508 CVE-2010-0509 CVE-2010-0510 CVE-2010-0511 CVE-2010-0512 CVE-2010-0513 CVE-2010-0514 CVE-2010-0515 CVE-2010-0516 CVE-2010-0517 CVE-2010-0518 CVE-2010-0519 CVE-2010-0520 CVE-2010-0521 CVE-2010-0522 CVE-2010-0523 CVE-2010-0524 CVE-2010-0525 CVE-2010-0526 CVE-2010-0533 CVE-2010-0534 CVE-2010-0535 CVE-2010-0537 .

More info:
- http://support.apple.com/kb/HT1222
- http://support.apple.com/kb/HT4014
- http://support.apple.com/kb/HT4015
- http://support.apple.com/kb/HT4077

:!:

Edited by apluswebmaster, 30 March 2010 - 09:47 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#38 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,051 posts

Posted 31 March 2010 - 05:04 AM

FYI...

Apple iTunes v9.1 released
- http://secunia.com/advisories/39135/
Release Date: 2010-03-31
Criticality level: Highly critical
Impact: Exposure of sensitive information, Privilege escalation, DoS, System access
Where: From remote
Software: Apple iTunes 9.x
Solution: Update to version 9.1
Original Advisory: http://support.apple.com/kb/HT4105

:ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#39 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,051 posts

Posted 02 April 2010 - 05:25 PM

FYI...

Apple AirPort - update 2010-001
- http://secunia.com/advisories/39160/
Release Date: 2010-04-01
Impact: Security Bypass
Where: From local network
Solution Status: Vendor Patch
Software: Apple AirPort Utility 5.x
Original Advisory: Apple:
http://support.apple.com/kb/HT3958

:ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#40 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,051 posts

Posted 14 April 2010 - 07:53 PM

FYI...

2010-003 Apple/Mac Security Update
- http://support.apple.com/kb/HT4131
April 14, 2010
Security Update 2010-003
ATS
CVE-ID: CVE-2010-1120*
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.3, Mac OS X Server v10.6.3
Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution.
Description: An unchecked index issue exists in Apple Type Services' handling of embedded fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution. This issue is addressed through improved index checking. Credit to Charlie Miller working with TippingPoint's Zero Day Initiative for reporting this issue..."

* http://web.nvd.nist....d=CVE-2010-1120
Last revised: 04/05/2010
CVSS v2 Base Score: 10.0 (HIGH)

- http://support.apple.com/downloads/

- http://isc.sans.org/...ml?storyid=8638
Last Updated: 2010-04-14 22:27:14 UTC

- http://secunia.com/advisories/39426/
Release Date: 2010-04-15
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Operating System: Apple Macintosh OS X
CVE Reference: CVE-2010-1120
Original Advisory: Apple:
http://support.apple.com/kb/HT4131

:ph34r:

Edited by apluswebmaster, 24 April 2010 - 06:24 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#41 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,051 posts

Posted 19 May 2010 - 06:05 AM

FYI...

Apple Mac OS X update for Java
- http://secunia.com/advisories/39819/
Release Date: 2010-05-19
Criticality level: Highly critical
Impact: Unknown, Security Bypass, Manipulation of data, Exposure of system information, Exposure of sensitive information, DoS, System access
Where: From remote
Solution Status: Vendor Patch
Operating System: Apple Macintosh OS X
Original Advisory: Apple:
http://support.apple.com/kb/HT4170
http://support.apple.com/kb/HT4171

- http://support.apple.com/downloads/

(A month behind...)
- http://www.h-online....es-1002827.html
19 May 2010 - "Apple has released Java updates for versions 10.5 and 10.6 of Mac OS X, patching a number of security holes and bringing its two latest versions of OS X up to date. The updates include Java 6 Update 20 from mid-April..."

:ph34r:

Edited by apluswebmaster, 20 May 2010 - 09:38 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#42 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,051 posts

Posted 08 June 2010 - 07:57 AM

FYI...

Safari v5.0 released
- http://secunia.com/advisories/40105/
Release Date: 2010-06-08
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of system information, Exposure of sensitive information, System access
Where: From remote ...
Solution: Update to version 4.1 (available only for Mac OS X v10.4 systems) or upgrade to version 5.0.
Original Advisory: Apple:
http://support.apple.com/kb/HT4196
...Note: Safari 5.0 and Safari 4.1 address the same set of security issues. Safari 5.0 is provided for Mac OS X v10.5, Mac OS X v10.6, and Microsoft Windows systems. Safari 4.1 is provided for Mac OS X v10.4 systems.

- http://support.apple.com/downloads/
June 07, 2010

- http://www.apple.com/support/safari/

- http://secunia.com/advisories/40110/
Release Date: 2010-06-08
Solution Status: Unpatched ...
... The security issue is confirmed in version 5.0 for Windows. Other versions may also be affected...

- http://www.theregist...afari_5_reader/
8 June 2010

:ph34r:

Edited by apluswebmaster, 08 June 2010 - 08:20 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#43 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,051 posts

Posted 16 June 2010 - 04:25 AM

FYI...

Apply Security Update 2010-004
- http://support.apple.com/kb/HT4188
June 15, 2010

- http://support.apple.com/downloads/

- http://blogs.adobe.c...e_2010-004.html
June 15, 2010 - "... While the Mac OS X v10.6.4 update does not appear to downgrade users who have already upgraded to Adobe Flash Player 10.1, Adobe recommends users verify they are using the latest, most secure version of Flash Player (10.1.53.64)... access the About Flash Player page*, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system."
* http://www.adobe.com...ts/flash/about/

- http://secunia.com/advisories/40220/
Release Date: 2010-06-16
Criticality level: Highly critical
Impact: Hijacking, Security Bypass, Cross Site Scripting, Spoofing, Manipulation of data, Exposure of sensitive information, Privilege escalation, DoS, System access
Where: From remote
Solution: Apply Security Update 2010-004 or update to version 10.6.4.
Original Advisory: http://support.apple.com/kb/HT4188

- http://securitytrack...un/1024103.html
June 16, 2010

:ph34r:

Edited by apluswebmaster, 17 June 2010 - 06:15 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#44 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,051 posts

Posted 17 June 2010 - 05:36 AM

FYI...

iTunes v9.2 released
- http://secunia.com/advisories/40196/
Release Date: 2010-06-17
Criticality level: Highly critical
Impact: Security Bypass, Exposure of sensitive information, System access
Where: From remote
Solution: Update to version 9.2.
Apple: http://support.apple.com/kb/HT4220
CVE Reference(s): CVE-2009-1726, CVE-2010-0544, CVE-2010-1119, CVE-2010-1387, CVE-2010-1390, CVE-2010-1392, CVE-2010-1393, CVE-2010-1395, CVE-2010-1396, CVE-2010-1397, CVE-2010-1398, CVE-2010-1399, CVE-2010-1400, CVE-2010-1401, CVE-2010-1402, CVE-2010-1403, CVE-2010-1404, CVE-2010-1405, CVE-2010-1408, CVE-2010-1409, CVE-2010-1410, CVE-2010-1411, CVE-2010-1412, CVE-2010-1414, CVE-2010-1415, CVE-2010-1416, CVE-2010-1417, CVE-2010-1418, CVE-2010-1419, CVE-2010-1421, CVE-2010-1422, CVE-2010-1749, CVE-2010-1758, CVE-2010-1759, CVE-2010-1761, CVE-2010-1763, CVE-2010-1769, CVE-2010-1770, CVE-2010-1771, CVE-2010-1774

- http://support.apple.com/downloads/
"... iTunes 9.2 provides a number of important bug fixes..."

- http://securitytrack...un/1024108.html
June 16, 2010

:ph34r: :ph34r:

Edited by apluswebmaster, 17 June 2010 - 06:12 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#45 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,051 posts

Posted 22 June 2010 - 09:13 AM

FYI...

Apple iOS 4 update available
- http://secunia.com/advisories/40257/
Release Date: 2010-06-22
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of sensitive information, DoS, System access
Where: From remote ...
Operating System: Apple iPhone OS (iOS) 3.x, Apple iPhone OS (iOS) for iPod touch 3.x ...
CVE Reference(s): CVE-2009-0689, CVE-2009-1723, CVE-2009-2195, CVE-2009-2816, CVE-2010-0041, CVE-2010-0042, CVE-2010-0043, CVE-2010-0046, CVE-2010-0047, CVE-2010-0049, CVE-2010-0050, CVE-2010-0051, CVE-2010-0052, CVE-2010-0053, CVE-2010-0054, CVE-2010-0544, CVE-2010-1119, CVE-2010-1384, CVE-2010-1387, CVE-2010-1389, CVE-2010-1390, CVE-2010-1391, CVE-2010-1392, CVE-2010-1393, CVE-2010-1394, CVE-2010-1395, CVE-2010-1396, CVE-2010-1397, CVE-2010-1398, CVE-2010-1399, CVE-2010-1400, CVE-2010-1401, CVE-2010-1402, CVE-2010-1403, CVE-2010-1404, CVE-2010-1405, CVE-2010-1406, CVE-2010-1407, CVE-2010-1408, CVE-2010-1409, CVE-2010-1410, CVE-2010-1413, CVE-2010-1414, CVE-2010-1415, CVE-2010-1416, CVE-2010-1417, CVE-2010-1418, CVE-2010-1751, CVE-2010-1752, CVE-2010-1753, CVE-2010-1754, CVE-2010-1755, CVE-2010-1756, CVE-2010-1757, CVE-2010-1758, CVE-2010-1759, CVE-2010-1761, CVE-2010-1762, CVE-2010-1769, CVE-2010-1774, CVE-2010-1775
Solution: Upgrade to iOS 4 (downloadable and installable via iTunes).
Original Advisory: Apple:
http://support.apple.com/kb/HT4225

- http://securitytrack...un/1024135.html
Jun 22 2010

- http://support.apple.com/downloads/
iOS 4 Software Update
This update contains over 100 new features.
June 21, 2010 - iPod Touch 2nd Gen (330.3 MB) iPod Touch 3rd Gen (384.2 MB) iPhone 3G (306.3 MB) iPhone 3GS (396.3 MB)

- http://support.apple.com/kb/DL1058

iOS 4 update fixes 65 vulnerabilities
- http://www.h-online....es-1027039.html
22 June 2010

:!:

Edited by apluswebmaster, 23 June 2010 - 06:22 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#46 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,051 posts

Posted 20 July 2010 - 06:41 AM

FYI...

iTunes v9.2.1 released
- http://secunia.com/advisories/40660/
Release Date: 2010-07-20
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
...The vulnerability is reported in versions prior to 9.2.1.
Solution: Update to version 9.2.1.
Original Advisory: Apple:
http://support.apple.com/kb/HT4263

- http://securitytrack...ul/1024220.html

- http://support.apple.com/downloads/

:!:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#47 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,051 posts

Posted 28 July 2010 - 09:09 AM

FYI...

Safari v5.0.1 released
- http://support.apple.com/kb/DL1070
July 28, 2010 - "... New in this update:
• Customize Safari with features created by third-party developers Find extensions in the Safari Extensions Gallery, accessible from the Safari menu and http://extensions.apple.com/
• This update also contains improvements to stability, accessibility and security..."
- http://support.apple.com/kb/HT4276

- http://secunia.com/advisories/40664/
Last Update: 2010-07-29

Apple security updates
- http://support.apple.com/kb/HT1222

- http://support.apple.com/downloads

Mac OS X v10.6.4 update
- http://support.apple.com/kb/DL1065
July 27, 2010 - "... This update contains all the applicable fixes from the Mac OS X 10.6.4 Update, plus the following specific fixes for iMac (Mid 2010):
• Resolves compatibility and performance-related graphics issues.
• Improves compatibility with large-format SDXC memory cards.
• Adds support for Magic Trackpad..."
- http://support.apple.com/kb/HT4150

:ph34r:

Edited by apluswebmaster, 30 July 2010 - 09:11 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#48 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,051 posts

Posted 11 August 2010 - 05:00 PM

FYI...

iOS 4.0.2 Update for iPhone and iPod touch
- http://support.apple.com/kb/HT4291
August 11, 2010

Apple security updates
- http://support.apple.com/kb/HT1222

- http://support.apple.com/downloads

- http://www.f-secure....s/00002007.html
August 11, 2010 - "... patched the jailbreakme vulnerability... new operating system versions are 4.0.2 for iPhone and iPod Touch and 3.2.2 for iPad..."

- http://www.theregist...e_vuln_patched/
11 August 2010 - "... it may make sense to wait until there's an ample amount of bandwidth available. The iPad update is a whopping 456.9MB in size and the iPhone download is 378MB."

.

Edited by apluswebmaster, 11 August 2010 - 06:29 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#49 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,051 posts

Posted 12 August 2010 - 08:39 PM

FYI...

QuickTime v7.6.7 released
- http://support.apple.com/kb/HT4290
Aug. 12, 2010 - CVE-2010-1799

- http://www.apple.com...ktime/download/
(32.9 MB)

Apple security updates
- http://support.apple.com/kb/HT1222

- http://secunia.com/advisories/40729/
Last Update: 2010-08-13
Criticality level: Highly critical
Impact: System access
Where: From remote
... The vulnerability is confirmed in version 7.6.6 (1671) for Windows. Other versions may also be affected.
Solution: Update to version 7.6.7.

- http://securitytrack...ug/1024336.html
Aug 13 2010

- http://isc.sans.edu/...ml?storyid=9382
Last Updated: 2010-08-13 00:15:28 UTC

:ph34r:

Edited by apluswebmaster, 13 August 2010 - 04:36 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#50 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,051 posts

Posted 25 August 2010 - 06:17 AM

FYI...

Apple Security Update 2010-005 released
- http://secunia.com/advisories/41087/
Release Date: 2010-08-25
Criticality level: Highly critical
Impact: Hijacking, Security Bypass, Spoofing, Exposure of sensitive information, DoS, System access
Where: From remote
Solution Status: Vendor Patch
Operating System: Apple Macintosh OS X ...
CVE Reference(s): CVE-2010-0098, CVE-2010-0397, CVE-2010-1129, CVE-2010-1205, CVE-2010-1311, CVE-2010-1800, CVE-2010-1801, CVE-2010-1802, CVE-2010-1808, CVE-2010-2063, CVE-2010-2225, CVE-2010-2484, CVE-2010-2531
Solution: Apply Security Update 2010-005.
Original Advisory: Apple:
http://support.apple.com/kb/HT4312

- http://support.apple.com/downloads/

:ph34r:

Edited by apluswebmaster, 25 August 2010 - 06:18 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button