Jump to content


Photo

Apple Mac OS X updates


  • Please log in to reply
162 replies to this topic

#51 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,210 posts

Posted 02 September 2010 - 05:23 AM

FYI...

iTunes v10 released
- http://support.apple.com/kb/HT4328
September 02, 2010
WebKit: CVE-ID:
CVE-2010-1780, CVE-2010-1782, CVE-2010-1783, CVE-2010-1784, CVE-2010-1785, CVE-2010-1786, CVE-2010-1787, CVE-2010-1788, CVE-2010-1789, CVE-2010-1790, CVE-2010-1791, CVE-2010-1792, CVE-2010-1793

- http://support.apple.com/downloads/

- http://secunia.com/advisories/41149/
Release Date: 2010-09-02
Criticality level: Highly critical
Impact: System access
Where: From remote ...
Solution: Upgrade to version 10.
Original Advisory: Apple:
http://support.apple.com/kb/HT4328

>> http://www.spywarein...post__p__731954

:ph34r:

Edited by apluswebmaster, 03 September 2010 - 09:44 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#52 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,210 posts

Posted 08 September 2010 - 07:23 AM

FYI...

Safari v5.0.2 / v4.1.2 released
- http://secunia.com/advisories/41085/
Release Date: 2010-09-08
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: Apple Safari 4.x, Apple Safari 5.x
CVE Reference(s): CVE-2010-1805, CVE-2010-1806, CVE-2010-1807
Solution: Update to version 5.0.2 (Mac OS X 10.5.8, Mac OS X 10.6.2 or later, or Windows 7, Vista, or XP SP2) or 4.1.2 (Mac OS X 10.4.11 or Mac OS X 10.5.8 ).
Original Advisory: Apple: http://support.apple.com/kb/HT4333

- http://support.apple.com/downloads/
Safari 4.1.2 for Tiger: Fixes an issue that could prevent users from submitting web forms.
Safari 5.0.2: This update contains improvements to performance, usability, compatibility and security.

- http://securitytrack...ep/1024400.html
Sep 8 2010

:!:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#53 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,210 posts

Posted 09 September 2010 - 05:41 AM

FYI...

Apple iOS v4.1 released
- http://secunia.com/advisories/41328/
Release Date: 2010-09-09
Criticality level: Highly critical
Impact: Security Bypass, System access
Where: From remote
Operating System: Apple iPhone OS (iOS) 4.x, Apple iPhone OS (iOS) for iPod touch 4.x
CVE Reference(s): CVE-2010-1421, CVE-2010-1422, CVE-2010-1764, CVE-2010-1770, CVE-2010-1771, CVE-2010-1780, CVE-2010-1781, CVE-2010-1782, CVE-2010-1783, CVE-2010-1784, CVE-2010-1785, CVE-2010-1786, CVE-2010-1787, CVE-2010-1788, CVE-2010-1791, CVE-2010-1793, CVE-2010-1809, CVE-2010-1810, CVE-2010-1811, CVE-2010-1812, CVE-2010-1813, CVE-2010-1814, CVE-2010-1815, CVE-2010-1817
Solution: Update to to iOS 4.1 (downloadable and installable via iTunes).
Original Advisory: Apple:
http://support.apple.com/kb/HT4334

- http://securitytrack...ep/1024413.html
- http://securitytrack...ep/1024414.html
Sep 9 2010

:ph34r: :ph34r:

Edited by apluswebmaster, 09 September 2010 - 10:00 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#54 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,210 posts

Posted 16 September 2010 - 08:50 AM

FYI...

Quicktime v7.6.8 released
- http://support.apple.com/kb/HT4339
September 15, 2010
CVE-ID: CVE-2010-1818
CVE-ID: CVE-2010-1819

- http://www.apple.com...ktime/download/

Apple security updates
- http://support.apple.com/kb/HT1222

- http://secunia.com/advisories/41213/
Last Update: 2010-09-16
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution: Update to version 7.6.8...

- http://securitytrack...ep/1024452.html
Sep 15 2010 "... prior to 7.6.8..."

:ph34r:

Edited by apluswebmaster, 18 September 2010 - 01:01 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#55 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,210 posts

Posted 21 September 2010 - 06:47 AM

FYI...

Apple Security Update 2010-006 released
- http://support.apple.com/kb/HT4361
September 20, 2010
CVE-ID: CVE-2010-1820

- http://support.apple.com/downloads/

- http://securitytrack...ep/1024462.html

:ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#56 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,210 posts

Posted 21 October 2010 - 06:16 AM

FYI...

Apple Mac OS X update for Java
- http://secunia.com/advisories/41905/
Release Date: 2010-10-21
Criticality level: Highly critical
Impact: Manipulation of data, Privilege escalation, DoS, System access
Where: From remote
Solution Status: Vendor Patch
CVE Reference(s): CVE-2009-3555, CVE-2010-1321, CVE-2010-1826, CVE-2010-1827
Original Advisory: Apple:
http://support.apple.com/kb/HT4417
http://support.apple.com/kb/HT4418

- http://support.apple.com/downloads/

:ph34r:

Edited by AplusWebMaster, 21 October 2010 - 06:24 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#57 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,210 posts

Posted 11 November 2010 - 08:22 AM

FYI...

Mac OS X Server v10.6.5 (10H575)
- http://support.apple.com/kb/HT4452
November 15, 2010
CVE-ID: CVE-2010-4011
Available for: Mac OS X Server v10.6 through v10.6.5 (10H574)
Impact: A user may receive mail intended for other users ...

- http://support.apple.com/kb/HT1222

- http://support.apple.com/downloads/

- http://www.securityt....com/id?1024740
Nov 15 2010
- http://secunia.com/advisories/42278/
Release Date: 2010-11-16
___

Mac OS X v10.6.5 Security Update 2010-007
- http://support.apple...oads/#macosx106
November 10, 2010 - "The 10.6.5 Update is recommended for all users running Mac OS X Snow Leopard. It includes Safari 5 and general operating system fixes..."

- http://support.apple.com/kb/HT4435
Last Modified: November 11, 2010
Mac OS X v10.6.5 / Security Update 2010-007

- http://support.apple.com/kb/HT4250

- http://secunia.com/advisories/42151/
Last Update: 2010-11-11
- http://www.securityt....com/id?1024723
Nov 11 2010
___

- https://pgp.custhelp...etail/a_id/2288
UPDATED 11/17/2010 - Mac PGP WDE customers upgrading to Mac OS X 10.6.5

:ph34r:

Edited by AplusWebMaster, 24 November 2010 - 07:50 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#58 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,210 posts

Posted 19 November 2010 - 08:51 AM

FYI...

Safari v5.0.3 released
- http://secunia.com/advisories/42264/
Release Date: 2010-11-19
Criticality level: Highly critical
Impact: System access, Spoofing, Security Bypass
Where: From remote
Solution Status: Vendor Patch ...
Solution: Update to Safari 5.0.3 (Mac OS X 10.5.8, Mac OS X 10.6.4 or later, Windows 7, Vista, XP) or Safari 4.1.3 (Mac OS X 10.4.11)...

- http://support.apple.com/kb/DL1070

- http://support.apple.com/kb/HT4455

- http://support.apple.com/kb/HT1222

- http://support.apple.com/downloads/

- http://www.securityt....com/id?1024757
Nov 18 2010
CVE Reference: CVE-2010-3803, CVE-2010-3804, CVE-2010-3805, CVE-2010-3259, CVE-2010-3808, CVE-2010-3809, CVE-2010-3810, CVE-2010-3811, CVE-2010-3812, CVE-2010-3813, CVE-2010-3116, CVE-2010-3257, CVE-2010-3816, CVE-2010-3817, CVE-2010-3818, CVE-2010-3819, CVE-2010-3820, CVE-2010-3821, CVE-2010-3822, CVE-2010-3823, CVE-2010-3824, CVE-2010-3826

- http://nakedsecurity...ulnerabilities/
November 19, 2010 - "... If you are a Safari user make sure you apply these updates as soon as possible, as it won't be long before our criminal adversaries attempt to use their disclosure against us..."

:ph34r:

Edited by AplusWebMaster, 20 November 2010 - 01:21 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#59 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,210 posts

Posted 22 November 2010 - 04:21 PM

FYI...

Apple iOS v4.2 released
- http://support.apple.com/kb/DL1061

- http://support.apple.com/kb/HT4456

- http://support.apple.com/downloads/

- http://techblog.avir...an-cosmetic/en/
November 23, 2010 - "... many changes mainly for iPad owners like multitasking, app folders... more than just these more or less cosmetic fixes... vulnerabilities allow attackers for example to dial out without user knowledge to costly numbers or to take over complete control of the iPhone/iPad/iPod Touch..."

- http://lists.apple.c...v/msg00003.html
APPLE-SA-2010-11-22-1
22 Nov 2010 - iOS 4.2 is now available ...
Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPad ...
CVE-ID: CVE-2010-0051, CVE-2010-0544, CVE-2010-0042, CVE-2010-1384, CVE-2010-1387, CVE-2010-1392, CVE-2010-1394, CVE-2010-1403, CVE-2010-1405, CVE-2010-1407, CVE-2010-1408, CVE-2010-1410, CVE-2010-1414, CVE-2010-1415, CVE-2010-1416, CVE-2010-1417, CVE-2010-1418, CVE-2010-1421, CVE-2010-1422, CVE-2010-1757, CVE-2010-1758, CVE-2010-1764, CVE-2010-1770, CVE-2010-1771, CVE-2010-1780, CVE-2010-1781, CVE-2010-1782, CVE-2010-1783, CVE-2010-1784, CVE-2010-1785, CVE-2010-1786, CVE-2010-1787, CVE-2010-1788, CVE-2010-1791, CVE-2010-1793, CVE-2010-1811, CVE-2010-1812, CVE-2010-1813, CVE-2010-1814, CVE-2010-1815
___

- http://secunia.com/advisories/42312/

- http://secunia.com/advisories/42314/

- http://www.securityt....com/id?1024768

- http://www.securityt....com/id?1024770

- http://www.securityt....com/id?1024771

- http://www.securityt....com/id?1024772

- http://www.securityt....com/id?1024773

:ph34r:

Edited by AplusWebMaster, 23 November 2010 - 03:27 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#60 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,210 posts

Posted 07 December 2010 - 05:48 PM

FYI...

QuickTime v7.6.9 released
- http://support.apple.com/kb/DL837
Version: 7.6.9
Post Date: December 07, 2010
Download ID: DL837
File Size: 32.86 MB
Windows XP (SP2 or later), Windows Vista, Windows 7

- http://support.apple.com/kb/HT4447
CVEs: CVE-2010-3787, CVE-2010-3788, CVE-2010-3789, CVE-2010-3790, CVE-2010-3791, CVE-2010-3792, CVE-2010-3793, CVE-2010-3794, CVE-2010-3795, CVE-2010-3800, CVE-2010-3801, CVE-2010-3802, CVE-2010-1508, CVE-2010-0530, CVE-2010-4009

- http://support.apple...loads#quicktime
... or update via Apple Software Update.

- http://www.securityt....com/id?1024829
Dec 7 2010
- http://www.securityt....com/id?1024830
Dec 7 2010

- http://secunia.com/advisories/39259/
Last Update: 2010-12-08
Criticality level: Highly critical
Impact: Exposure of sensitive information, System access, Manipulation of data
Where: From remote...
Solution: Update to version 7.6.9.

:ph34r:

Edited by AplusWebMaster, 15 April 2011 - 06:09 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#61 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,210 posts

Posted 17 December 2010 - 08:08 AM

FYI...

Apple AirPort Base Station and Time Capsule (802.11n) Firmware 7.5.2
- http://support.apple.com/kb/HT4298
December 16, 2010

- http://support.apple.com/kb/DL954

- http://support.apple.com/kb/DL955

- http://support.apple.com/kb/HT1222

- http://secunia.com/advisories/42665/
Release Date: 2010-12-17
Impact: Security Bypass, DoS
Where: From local network
Operating System: Apple Airport Express, Apple Airport Extreme, Apple Time Capsule
CVE Reference(s): CVE-2008-4309, CVE-2009-1574, CVE-2009-2189, CVE-2010-0039, CVE-2010-1804
Solution: Update to firmware version 7.5.2 ...

:!:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#62 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,210 posts

Posted 06 January 2011 - 12:29 PM

FYI...

Mac OS X v10.6.6 released
- http://support.apple.com/kb/DL1349
Jan. 6, 2011
- http://support.apple.com/kb/DL1344
- http://support.apple.com/kb/DL1343

- http://support.apple.com/kb/HT4498

- http://support.apple.com/kb/HT1222

- http://support.apple.com/downloads/

- http://lists.apple.c...n/msg00000.html

- http://www.securityt....com/id?1024938
Jan 6 2011
___

- https://pgp.custhelp...wcHBqaw==/sno/0
UPDATED 1/06/2010 - "IMPORTANT: PGP strongly recommends that Mac WDE customers do NOT upgrade to Mac OS X 10.6.6
PGP Development has identified a potential issue with the Apple Mac OS X 10.6.6 upgrade released earlier today, January 6, 2011, and PGP Whole Disk Encryption for Mac OS X.
Until this issue is resolved, PGP strongly recommends that customers do NOT upgrade to Mac OS X 10.6.6.
This issue has the highest internal priority at PGP, and we will update our customers with the resolution information as soon as it becomes available..."

- http://secunia.com/advisories/42841/
Release Date: 2011-01-07
Impact: System access
Where: From remote
Solution: Apply 10.6.6 updates.
Original Advisory: http://support.apple.com/kb/HT4498

:!:

Edited by AplusWebMaster, 07 January 2011 - 08:24 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#63 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,210 posts

Posted 03 March 2011 - 07:03 AM

FYI...

iTunes 10.2.1 released
- http://support.apple.com/kb/DL1103
"... Resolves an issue whereby syncing photos to an iPhone, iPad, or iPod may take longer than expected..."
- http://support.apple.com/downloads/
iTunes 10.2.1 - March 08, 2011
___

iTunes v10.2 released
- http://www.securityt....com/id/1025152
Mar 3 2011
Impact: A remote user can cause arbitrary code to be executed on the target user's system.
Solution: The vendor has issued a fix (10.2).
The vendor's advisory is available at:
- http://support.apple.com/kb/HT4554
Last Modified: March 09, 2011 ... security content of iTunes 10.2...

- http://support.apple.com/kb/HT1222

- http://support.apple.com/downloads/

- http://secunia.com/advisories/43582/
Release Date: 2011-03-03
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: Apple iTunes 10.x
Solution: Update to version 10.2.

- http://labs.idefense...play.php?id=897

:ph34r:

Edited by AplusWebMaster, 14 March 2011 - 05:42 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#64 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,210 posts

Posted 09 March 2011 - 06:21 AM

FYI...

Java for Mac OS X 10.6 Update 4
- http://support.apple.com/kb/HT4562
March 08, 2011

Java for Mac OS X 10.5 Update 9
- http://support.apple.com/kb/HT4563
March 08, 2011
___

- http://isc.sans.edu/...l?storyid=10513
Last Updated: 2011-03-09 00:28:47 UTC

- https://www.computer...th_Java_updates
March 9, 2011 - "... 27 vulnerabilities... same flaws that Oracle patched with the 1.6.0_24 security update issued on Feb. 15, 2011..."

:!: :!:

Edited by AplusWebMaster, 09 March 2011 - 07:28 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#65 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,210 posts

Posted 10 March 2011 - 07:54 AM

FYI...

Apple Safari multiple vulns - v5.0.4 released
- http://secunia.com/advisories/43696/
Release Date: 2011-03-10
Criticality level: Highly critical
Impact: Cross Site Scripting, Spoofing, Exposure of sensitive information, System access
Where: From remote
Solution: Update to version 5.0.4.
Original Advisory: http://support.apple.com/kb/HT4566
- http://techblog.avir...date-safari/en/
"... fixes at least 62 vulnerabilities..."
- http://www.securityt....com/id/1025183
Mar 9 2011
___

Apple iOS multiple vulns - v4.3 released
- http://secunia.com/advisories/43698/
Release Date: 2011-03-10
Criticality level: Highly critical
Impact: Cross Site Scripting, Spoofing, Exposure of sensitive information, DoS,
System access
Where: From remote
Operating System: Apple iOS for iPad 4.x, Apple iPhone OS (iOS) 4.x, Apple iPhone OS (iOS) for iPod touch 4.x
... The vulnerabilities are reported in versions prior to 4.3.
Solution: Update to version 4.3.
Original Advisory: http://support.apple.com/kb/HT4564
- http://www.securityt....com/id/1025182
Mar 9 2011
___

Apple TV v4.2
- http://secunia.com/advisories/43697/
Release Date: 2011-03-10
Criticality level: Highly critical
Impact: Exposure of sensitive information, DoS, System access
Where: From remote
Solution: Update to Apple TV version 4.2.
Original Advisory: http://support.apple.com/kb/HT4565

:ph34r: :!:

Edited by AplusWebMaster, 10 March 2011 - 04:34 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#66 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,210 posts

Posted 22 March 2011 - 07:26 AM

FYI...

Apple - multiple security updates released
- http://isc.sans.edu/...date=2011-03-21
Last Updated: 2011-03-22 01:26:13 UTC - "Security updates... summarized list of software:

Security Update 2011-001 - (Leopard - Client)
Full Details: http://support.apple.com/kb/HT1222
Download: http://support.apple.com/kb/DL1366
Security Update 2011-001 - (Leopard - Server)
Full Details: http://support.apple.com/kb/HT1222
Download: http://support.apple.com/kb/DL1367
Server Admin Tools 10.6.7
Full Details: http://support.apple.com/kb/HT3931
Download: http://support.apple.com/kb/DL1365
Mac OS X v10.6.7 Update
Full Details: http://support.apple.com/kb/HT4472
Download: http://support.apple.com/kb/DL1363
Mac OS X v10.6.7 Update Combo
Full Details: http://support.apple.com/kb/HT4472
Download: http://support.apple.com/kb/DL1361
Mac OS X v10.6.7 Update for early 2011 MacBook Pro
Full Details: http://support.apple.com/kb/HT4472
Download: http://support.apple.com/kb/DL1368
Mac OS X Server v10.6.7 Update
Full Details: http://support.apple.com/kb/HT4473
Download: http://support.apple.com/kb/DL1362
Mac OS X Server v10.6.7 Update Combo
Full Details: http://support.apple.com/kb/HT4473
Download: http://support.apple.com/kb/DL1364

The Mac OS X v10.6.7 and Security Update 2011-001 may also be obtained from the Software Update pane in System Preferences..."

- http://www.securityt....com/id/1025232
CVE Reference: CVE-2011-0172, CVE-2011-0173, CVE-2011-0174, CVE-2011-0175, CVE-2011-0176, CVE-2011-0177, CVE-2011-0178, CVE-2011-0179, CVE-2011-0180, CVE-2011-0181, CVE-2011-0182, CVE-2011-0183, CVE-2011-0184, CVE-2011-0186, CVE-2011-0187, CVE-2011-0189, CVE-2011-0190, CVE-2011-0193, CVE-2011-0194, CVE-2011-1417
Mar 21 2011

- http://secunia.com/advisories/43814/
Release Date: 2011-03-22
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of system information, Exposure of sensitive information, Privilege escalation, DoS, System access
Where: From remote
Solution: Update to version 10.6.7 or apply Security Update 2011-001.
Original Advisory: Apple:
http://support.apple.com/kb/HT4581
iDefense: http://labs.idefense...play.php?id=898
"... used by Apple's mobile devices, including the iPod Touch, iPhone, and iPad... could allow an attacker to execute arbitrary code with the privileges of the current user..."
___

- http://www.us-cert.g...curity_updates4
March 22, 2011

- http://www.internetn...n OS X Flaw.htm
March 22, 2011

:ph34r: :!:

Edited by AplusWebMaster, 22 March 2011 - 09:40 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#67 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,210 posts

Posted 15 April 2011 - 05:53 AM

FYI...

Apple 2011-002 Security Update
- http://support.apple.com/kb/DL1376
April 14, 2011
- http://support.apple.com/kb/HT1222.
Security Update 2011-002, Safari 5.0.5, iOS 4.2.7 Software Update for iPhone, iOS 4.3.2 Software Update

Security Update 2011-002: http://support.apple.com/kb/HT4608
Safari 5.0.5: http://support.apple.com/kb/HT4596
iOS 4.2.7 Software Update for iPhone: http://support.apple.com/kb/HT4607
iOS 4.3.2 Software Update: http://support.apple.com/kb/HT4606
___

Apple Safari ...
- http://secunia.com/advisories/44151/
Release Date: 2011-04-15
Criticality level: Highly critical ...
CVE Reference(s):
- http://web.nvd.nist....d=CVE-2011-1290
CVSS v2 Base Score: 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2011-1344
CVSS v2 Base Score: 10.0 (HIGH)
Solution: Update to version 5.0.5.
Original Advisory: Apple:
http://support.apple.com/kb/HT4596
Apple iOS for iPhone 4 ...
- http://secunia.com/advisories/44154/
Release Date: 2011-04-15
Criticality level: Highly critical ...
Original Advisory: Apple:
http://support.apple.com/kb/HT4607
Apple iOS ...
- http://secunia.com/advisories/44207/
Release Date: 2011-04-15
Criticality level: Highly critical
Solution: Upgrade to iOS 4.3.2 (downloadable and installable via iTunes).
Original Advisory: Apple:
http://support.apple.com/kb/HT4606

- http://www.securityt....com/id/1025362
Apr 14 2011
- http://www.securityt....com/id/1025363
Apr 14 2011

- http://www.us-cert.g...ses_safari_5_05
April 15, 2011

:!:

Edited by AplusWebMaster, 15 April 2011 - 12:07 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#68 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,210 posts

Posted 19 April 2011 - 04:39 AM

FYI...

iTunes v 10.2.2 released
- http://support.apple.com/kb/DL1103
4.18.2011
> iTunes 10.2.2 provides a number of important bug fixes, including:
• Addresses an issue where iTunes may become unresponsive when syncing an iPad.
• Resolves an issue which may cause syncing photos with iPhone, iPad, or iPod touch to take longer than necessary.
• Fixes a problem where video previews on the iTunes Store may skip while playing.
• Addresses other issues that improve stability and performance.
> iTunes 10.2 came with several new features and improvements, including:
• Sync with your iPhone, iPad, or iPod touch with iOS 4.3.
• Improved Home Sharing. Browse and play from your iTunes libraries with Home > Sharing on any iPhone, iPad, or iPod touch with iOS 4.3.
For information on the security content of this update, please visit:
- http://support.apple.com/kb/HT1222

> http://support.apple.com/downloads/

Security content of iTunes 10.2.2
- http://support.apple.com/kb/HT4609
CVE-2011-1290, CVE-2011-1344
___

- http://web.nvd.nist....d=CVE-2011-1290
- http://web.nvd.nist....d=CVE-2011-1344
Last revised: 04/19/2011
CVSS v2 Base Score: 10.0 (HIGH)

- http://secunia.com/advisories/44262/
Release Date: 2011-04-20
Solution: Update to version 10.2.2.

:!: :ph34r:

Edited by AplusWebMaster, 20 April 2011 - 05:03 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#69 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,210 posts

Posted 05 May 2011 - 08:07 AM

FYI...

Apple iOS updates
- http://support.apple.com/kb/DL1373
May 04, 2011 - "... compatible with this software update:
• iPhone 4 (CDMA model) ... available via iTunes..."
- http://support.apple.com/kb/DL1358
May 04, 2011 - "... Products compatible with this software update:
• iPhone 4 (GSM model)
• iPhone 3GS
• iPad 2
• iPad
• iPod touch (4th generation)
• iPod touch (3rd generation)
... available via iTunes."

- https://www.computer...h_location_bugs
4:27 PM ET

- http://www.theregist...database_cache/
4 May 2011 20:18 GMT - "... company pushed out iOS 4.3.3... the update reduces the size of the cache... ensures that the cache is no longer backed up to iTunes when you connect to a PC, and deletes the cache when iOS location services are turned off..."
___

Apple Releases iOS 4.3.3
- http://www.us-cert.g...leases_ios_4_31
May 9, 2011

:!: :ph34r:

Edited by AplusWebMaster, 10 May 2011 - 11:54 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#70 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,210 posts

Posted 31 May 2011 - 08:22 PM

FYI...

Apple 2011-003 Security Update
- http://support.apple.com/kb/DL1387
May 31, 2011
File Size: 2.36 MB

Mac OS X Snow Leopard and malware detection
- http://support.apple.com/kb/HT4651
Products Affected: Mac OS X Server 10.6, Mac OS X 10.6, Product Security

- http://krebsonsecuri...ts-mac-malware/
May 31, 2011
___

- http://blog.trendmic...update-2011-03/
June 6, 2011 - "... the Apple solution may have probably worked better if only they had encrypted the search strings. Unfortunately, all the bad guys had to do to circumvent this latest “security update” is change the strings and locations and once again continue to affect Mac users. In fact, we tested if a Mac patched with the security update can detect a malware found in February (OSX_MUSMINIM.A), and found that it is -not- covered. Considering the weaknesses of Apple’s current strategy against malware, we recommend users to exercise extreme caution."

:!:

Edited by AplusWebMaster, 06 June 2011 - 07:09 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#71 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,210 posts

Posted 24 June 2011 - 06:20 AM

FYI...

Apple 2011-004 Security Update
- http://support.apple.com/kb/HT4723
June 23, 2011 - Affected: Mac OS X 10.6, Product Security

- http://isc.sans.edu/...l?storyid=11092
Last Updated: 2011-06-23 20:57:37 UTC

- http://secunia.com/advisories/45054/
Release Date: 2011-06-24
Criticality level: Highly critical
Impact: Security Bypass, Manipulation of data, Exposure of sensitive information, Privilege escalation, DoS, System access
Where: From remote...
Solution: Update to version 10.6.8 or apply Security Update 2011-004.
Original Advisory: Apple Security Update 2011-004:
http://support.apple.com/kb/HT4723

- http://h-online.com/-1267147
24 June 2011 - "... plugs a total of 39 security holes... "
Also - Leopard:
> http://support.apple.com/kb/DL1404 - Client
> http://support.apple.com/kb/DL1405 - Server
June 23, 2011

:!:

Edited by AplusWebMaster, 24 June 2011 - 07:18 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#72 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,210 posts

Posted 28 June 2011 - 06:22 PM

FYI...

Apple Java security updates

Java for Mac OS X 10.5 Update 10
- http://support.apple.com/kb/HT4739
June 28, 2011

Java for Mac OS X 10.6 Update 5
- http://support.apple.com/kb/HT4738
June 28, 2011

- http://support.apple.com/kb/HT1222
___

- http://secunia.com/advisories/45084/
Release Date: 2011-06-29
Criticality level: Highly critical
Impact: Manipulation of data, Exposure of sensitive information, DoS, System access
Where: From remote
CVE Reference(s): CVE-2011-0802, CVE-2011-0814, CVE-2011-0862, CVE-2011-0863,
CVE-2011-0864, CVE-2011-0865, CVE-2011-0867, CVE-2011-0868, CVE-2011-0869,
CVE-2011-0871, CVE-2011-0873
Solution: Apply updates.
Original Advisory:
http://support.apple.com/kb/HT4738
http://support.apple.com/kb/HT4739

:ph34r: :!:

Edited by AplusWebMaster, 29 June 2011 - 07:19 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#73 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,210 posts

Posted 20 July 2011 - 04:50 PM

FYI...

Safari v5.1 and v5.0.6 released...
- http://threatpost.co...ndboxing-072011
July 20, 2011 - "... Apple has issued a new version of its Safari browser for Mac and Windows users, pushing version 5.1 and 5.0.6 to patch a boatload of security holes, some of which are critical. 58 security vulnerabilities in total are addressed in the update, including fixes for Java, Webkit and a flaw in the browser’s CFNetwork API that could enable cross-site scripting (XSS) attacks. Additional patches for the browser’s CoreGraphics and ImageIO framework are included the update that will prevent application termination or arbitrary code execution. The full list of updates can be found at Apple's support site*..."
* http://support.apple.com/kb/HT4808
July 20, 2011

... available via the Apple Software Update application, or Apple's Safari download site at:
- http://www.apple.com/safari/download/
___

- http://www.securityt....com/id/1025816
CVE Reference: CVE-2010-1383, CVE-2010-1420, CVE-2010-1823, CVE-2011-0214, CVE-2011-0215, CVE-2011-0216, CVE-2011-0217, CVE-2011-0218, CVE-2011-0219, CVE-2011-0221, CVE-2011-0222, CVE-2011-0223, CVE-2011-0225, CVE-2011-0232, CVE-2011-0233, CVE-2011-0234, CVE-2011-0235, CVE-2011-0237, CVE-2011-0238, CVE-2011-0240, CVE-2011-0241, CVE-2011-0242, CVE-2011-0244, CVE-2011-0253, CVE-2011-0254, CVE-2011-0255, CVE-2011-0981, CVE-2011-0983, CVE-2011-1107, CVE-2011-1109, CVE-2011-1114, CVE-2011-1115, CVE-2011-1117, CVE-2011-1121, CVE-2011-1188, CVE-2011-1190, CVE-2011-1203, CVE-2011-1204, CVE-2011-1288, CVE-2011-1293, CVE-2011-1295, CVE-2011-1296, CVE-2011-1453, CVE-2011-1457, CVE-2011-1462, CVE-2011-1774, CVE-2011-1797
July 20 2011

- http://secunia.com/advisories/45325/
Release Date: 2011-07-21
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, Manipulation of data, Exposure of system information, Exposure of sensitive information, System access
Where: From remote...
Solution: Update to version 5.1 or 5.0.6.

- http://h-online.com/-1283018
20 July 2011
- http://kb2.adobe.com...psid_90885.html
2011-07-20 - "Adobe Reader plug-in and Acrobat plug-in are not compatible with the Safari 5.1 browser... As we continue to investigate this, we will be sure to keep you updated... Adobe expects to provide a better workaround for this issue before the end of 2011..."

:!:

Edited by AplusWebMaster, 26 July 2011 - 09:08 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#74 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,210 posts

Posted 21 July 2011 - 10:21 AM

FYI...

Mac OS X v10.7 Lion
- https://discussions....os_x_v10.7_lion
July 20, 2011
> http://www.apple.com/macosx/

Tech Specs
- http://www.apple.com/macosx/specs.html

Upgrade requirements
- http://www.apple.com...osx/how-to-buy/

What's new...
- http://www.apple.com/macosx/whats-new/

New features
- http://www.apple.com...w/features.html

Incompatible software
- http://support.apple.com/kb/HT3258
___

- http://www.theinquir...-lion-goes-sale
July 20 2011

- http://isc.sans.edu/...l?storyid=11242
Last Updated: 2011-07-21

Lion Security
- http://isc.sans.edu/...l?storyid=11245
Last Updated: 2011-07-21

- http://threatpost.co...s-x-lion-072111
July 21, 2011

- http://www.theregist..._lion_security/
21 July 2011

:!:

Edited by AplusWebMaster, 21 July 2011 - 12:58 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#75 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,210 posts

Posted 04 August 2011 - 08:11 AM

FYI...

QuickTime v7.7 released
- http://support.apple.com/kb/HT4826
August 03, 2011 - "Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later..."

> http://www.apple.com...ktime/download/
... or update via Apple Software Update.

- http://support.apple.com/kb/DL837
QuickTime 7.7 for Windows

- http://www.securityt....com/id/1025884
Aug 3 2011
Version(s): prior to 7.7...
CVE Reference:
- http://web.nvd.nist....d=CVE-2011-0245
- http://web.nvd.nist....d=CVE-2011-0246
- http://web.nvd.nist....d=CVE-2011-0247
- http://web.nvd.nist....d=CVE-2011-0248
- http://web.nvd.nist....d=CVE-2011-0249
- http://web.nvd.nist....d=CVE-2011-0250
- http://web.nvd.nist....d=CVE-2011-0251
- http://web.nvd.nist....d=CVE-2011-0252
Published: 08/04/2011
CVSS Severity: 9.3 (HIGH)

- http://secunia.com/advisories/45516/
Release Date: 2011-08-04
Criticality level: Highly critical
Impact: System access
Where: From remote...
Solution: Update to version 7.7.

:ph34r:

Edited by AplusWebMaster, 04 August 2011 - 12:50 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#76 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,210 posts

Posted 17 August 2011 - 12:08 PM

FYI...

Apple OS X Lion v10.7.1 update
- https://support.apple.com/kb/HT4764
August 16, 2011 - "... You should back up your system before installation; you can use Time Machine: http://support.apple.com/kb/HT1427 ..."

- http://support.apple.com/kb/DL1437

- http://support.apple.com/kb/DL1439

- http://support.apple.com/downloads/

:!: :ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#77 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,210 posts

Posted 09 September 2011 - 02:14 PM

FYI...

Apple Security Update 2011-005
- https://support.apple.com/kb/HT4920
September 09, 2011
• Certificate Trust Policy
Products Affected: Mac OS X Server 10.6, Mac OS X 10.6, Lion Server, OS X Lion, Product Security

- https://support.apple.com/downloads/

List of available trusted root certificates
- https://support.apple.com/kb/HT4415
___

- http://web.nvd.nist....d=CVE-2011-0228
Last revised: 08/30/2011
CVSS v2 Base Score: 7.5 (HIGH)
"... Apple iOS before 4.2.10 and 4.3.x before 4.3.5..."

- https://support.appl...oads/#Apple iOS

:ph34r: :ph34r:

Edited by AplusWebMaster, 13 September 2011 - 11:35 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#78 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,210 posts

Posted 11 October 2011 - 06:44 PM

FYI...

iTunes v10.5 released
* https://support.apple.com/kb/HT4981
October 11, 2011

- https://isc.sans.edu...l?storyid=11782
2011-10-11 18:52:46 UTC - "Apple release iTunes 10.5 for Windows and Mac OS X. For those following Apple this comes as no big surprise as there are functionality changes expected due to the imminent release of a new iPhone model. What is however a bit surprising is that they also released an impressive list of fixed vulnerabilities* in the windows version of iTunes. Even more interesting is that that list also mentions that e.g. "For Mac OS X v10.6 systems, this issue is addressed in Security Update 2011-006" or "For OS X Lion systems, this issue is addressed in OS X Lion v10.7.2". And that's a security update** and /or OS update that's not yet released at the time of writing."
** http://support.apple.com/kb/HT1222

- https://krebsonsecur...icrosoft-apple/
October 11, 2011 - "... Apple’s update addresses more than 75 security flaws in the Windows versions of iTunes..."
___

- http://www.securityt....com/id/1026163
CVE Reference: CVE-2011-0259, CVE-2011-2338, CVE-2011-2339, CVE-2011-2341, CVE-2011-2352, CVE-2011-2354, CVE-2011-2356, CVE-2011-2809, CVE-2011-2811, CVE-2011-2813, CVE-2011-2814, CVE-2011-2815, CVE-2011-2816, CVE-2011-2817, CVE-2011-2820, CVE-2011-2823, CVE-2011-2827, CVE-2011-2831, CVE-2011-3219, CVE-2011-3233, CVE-2011-3234, CVE-2011-3235, CVE-2011-3236, CVE-2011-3237, CVE-2011-3238, CVE-2011-3239, CVE-2011-3241, CVE-2011-3244, CVE-2011-3252
Updated: Oct 12 2011
Version(s): prior to 10.5...

- https://secunia.com/advisories/46339/
Release Date: 2011-10-12
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, Manipulation of data, Exposure of sensitive information, System access
Where: From remote...
Solution: Update to version 10.5...

:!: :ph34r:

Edited by AplusWebMaster, 12 October 2011 - 09:55 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#79 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,210 posts

Posted 13 October 2011 - 06:25 AM

FYI...

iOS5 Upgrade -bricked- My iPhone
- https://discussions..../thread/3374367
Latest reply: Oct 15, 2011

iOS5 update -bricked- my iPod Touch
- http://news.cnet.com...-my-ipod-touch/
October 14, 2011

Macbook boot failed because I had Symantec's PGP software installed...
- https://isc.sans.edu...l?storyid=11797
2011-10-13
___

Apple - multiple Security Updates
- https://www.us-cert....ecurity_updates
October 12, 2011 - "Apple has released security updates for Apple iOS, Safari 5.1.1, OS X Lion v10.7.2, iWork 09, and Apple TV 4.4 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information, and bypass security restrictions...
• HT5004 - Numbers for iOS v1.5
- http://support.apple.com/kb/HT5004
• HT5003 - Pages for iOS v1.5
- http://support.apple.com/kb/HT5003
• HT5000 - Safari 5.1.1
- http://support.apple.com/kb/HT5000
• HT5002 - OS X Lion v10.7.2 and Security Update 2011-006
- http://support.apple.com/kb/HT5002
• HT5001 - Apple TV 4.4
- http://support.apple.com/kb/HT5001
• HT4999 - iOS 5 Software Update
- http://support.apple.com/kb/HT4999
___

iOS 5 update closes almost 100 security holes
- http://h-online.com/-1360528
13 October 2011

Mac OS X 10.7.2 and Safari 5.1.1
- http://h-online.com/-1360457
13 October 2011
___

- https://secunia.com/advisories/46417/ - Mac OS X
... Solution: Update to version 10.7.2 or apply Security Update 2011-006.
- https://secunia.com/advisories/46377/ - iOS
... Solution: Apply iOS 5 Software Update.
- https://secunia.com/advisories/46418/ - iOS Office
... Solution: Update to version 1.5 available via the iTunes Store.
- https://secunia.com/advisories/46419/ - Numbers for iOS
... Solution: Update to version 1.5 available via the iTunes Store.
- https://secunia.com/advisories/46412/ - Safari
... Solution: Update to version 5.1.1.
- https://secunia.com/advisories/46415/ - Apple TV
... Solution: Update to Apple TV Software version 4.4.
13 Oct, 2011

- http://www.securityt....com/id/1026178 - Safari
CVE Reference: CVE-2011-3229, CVE-2011-3230, CVE-2011-3231, CVE-2011-3242, CVE-2011-3243
Date: Oct 12 2011
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Version(s): prior to 5.1.1..

- http://www.securityt....com/id/1026180 - Apple iOS
CVE Reference: CVE-2011-3245, CVE-2011-3246, CVE-2011-3253, CVE-2011-3254, CVE-2011-3255, CVE-2011-3256, CVE-2011-3257, CVE-2011-3259, CVE-2011-3260, CVE-2011-3261, CVE-2011-3426, CVE-2011-3427, CVE-2011-3429, CVE-2011-3430, CVE-2011-3431, CVE-2011-3432, CVE-2011-3434
Date: Oct 13 2011
Impact: Denial of service via network, Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via local system, User access via network
Version(s): prior to 5.0

- http://www.securityt....com/id/1026184 - Mac OS X
CVE Reference: CVE-2011-0185, CVE-2011-0224, CVE-2011-0229, CVE-2011-0230, CVE-2011-0231, CVE-2011-0260, CVE-2011-1755, CVE-2011-3212, CVE-2011-3213, CVE-2011-3214, CVE-2011-3215, CVE-2011-3216, CVE-2011-3217, CVE-2011-3218, CVE-2011-3220, CVE-2011-3221, CVE-2011-3224, CVE-2011-3226, CVE-2011-3227, CVE-2011-3228, CVE-2011-3222, CVE-2011-3223, CVE-2011-3225, CVE-2011-3435, CVE-2011-3436, CVE-2011-3437
Date: Oct 13 2011
Impact: Denial of service via network, Execution of arbitrary code via network, User access via local system, User access via network...

//

Edited by AplusWebMaster, 16 October 2011 - 08:32 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#80 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,210 posts

Posted 27 October 2011 - 09:05 AM

FYI...

QuickTime v7.7.1 released
- https://support.apple.com/kb/DL837
October 26, 2011

- https://support.apple.com/kb/HT5016

> http://www.apple.com...ktime/download/
... or update via Apple Software Update.

- https://secunia.com/advisories/46618/
Release Date: 2011-10-27
Criticality level: Highly critical
Impact: Cross Site Scripting, Exposure of sensitive information, System access
Where: From remote
CVE Reference(s): CVE-2011-3218, CVE-2011-3219, CVE-2011-3220, CVE-2011-3221, CVE-2011-3222, CVE-2011-3223, CVE-2011-3228, CVE-2011-3247, CVE-2011-3248, CVE-2011-3249, CVE-2011-3250, CVE-2011-3251
Solution: Update to version 7.7.1.

- https://www.us-cert....e_quicktime_7_7
October 27, 2011 - "... These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or obtain sensitive information..."

- http://h-online.com/-1367500
27 October 2011

:!:

Edited by AplusWebMaster, 27 October 2011 - 07:45 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#81 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,210 posts

Posted 08 November 2011 - 08:11 PM

FYI...

Java for Mac OS X 10.7 Update 1 + Java for Mac OS X 10.6 Update 6
- https://support.apple.com/kb/HT5045
November 08, 2011 - "... Multiple vulnerabilities exist in Java 1.6.0_26, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_29...
CVE-IDs: CVE-2011-3389, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545, CVE-2011-3546,
CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3556, CVE-2011-3557, CVE-2011-3558, CVE-2011-3560, CVE-2011-3561 ..."
___

- https://secunia.com/advisories/46774/
Release Date: 2011-11-09
Criticality level: Highly critical
Impact: Hijacking, Spoofing, Manipulation of data, Exposure of sensitive information,
DoS, System access
Where: From remote ...
Solution: Apply updates...
Original Advisory: http://support.apple.com/kb/HT5045
___

- http://h-online.com/-1375757
9 November 2011

:!: :!:

Edited by AplusWebMaster, 11 November 2011 - 06:45 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#82 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,210 posts

Posted 10 November 2011 - 10:45 PM

FYI...

Apple iOS 5.0.1 update
- https://support.apple.com/kb/HT5052
November 10, 2011 - "... can be downloaded and installed using iTunes...
Products Affected: iPhone, iPad, iPod touch, Product Security..."

- https://support.apple.com/kb/DL1472
November 10, 2011

- http://www.theinquir...-iphone-battery
Nov 11 2011
___

- https://secunia.com/advisories/46747/ || https://secunia.com/advisories/46836/ - iPad 2
Release Date: 2011-11-11
Criticality level: Highly critical
Impact: Spoofing, Exposure of system information, System access
Where: From remote ...
Operating System: Apple iOS 5.x for iPhone 3GS and later, Apple iOS for iPod touch 5.x
Solution: Apply iOS 5.0.1 Software Update (downloadable and installable via iTunes)...
Original Advisory: Apple:
http://support.apple.com/kb/HT5052 ...

- http://web.nvd.nist....d=CVE-2011-3440
Last revised: 11/14/2011
CVSS v2 Base Score: 1.2 (LOW)
- http://web.nvd.nist....d=CVE-2011-3246
Last revised: 10/14/2011
CVSS v2 Base Score: 5.0 (MEDIUM)
- http://web.nvd.nist....d=CVE-2011-3442
Last revised: 11/14/2011
CVSS v2 Base Score: 7.2 (HIGH)
- http://web.nvd.nist....d=CVE-2011-3439
- http://web.nvd.nist....d=CVE-2011-3441
Last revised: 11/14/2011
CVSS v2 Base Score: 9.3 (HIGH) ...
"... Apple iOS before 5.0.1"

- http://www.securityt....com/id/1026311
Updated: Nov 11 2011
Impact: Disclosure of system information, Execution of arbitrary code via network, User access via local system, User access via network
Version(s): 5.0 and prior...

:!: :question:

Edited by AplusWebMaster, 14 November 2011 - 08:29 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#83 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,210 posts

Posted 14 November 2011 - 08:56 PM

FYI...

Apple iTunes v10.5.1 released
- http://www.securityt....com/id/1026323
CVE Reference: http://web.nvd.nist....d=CVE-2008-3434
Date: Nov 14 2011
Impact: Execution of arbitrary code via network, User access via network
Version(s): prior to 10.5.1...

• About the security content of iTunes 10.5.1
- https://support.apple.com/kb/HT5030
November 14, 2011
Available for: Mac OS X v10.5 or later, Windows 7, Vista, XP SP2 or later

• Security updates
- https://support.apple.com/kb/HT1222
Last Modified: November 14, 2011
___

- http://www.theregist..._ghostnet_flaw/
17 November 2011 - "... An FBI press release on the Ghost Click takedown specifically cites iTunes* as an example of how the alleged fraud operated..."
* http://www.fbi.gov/n.../malware_110911

- http://www.csoonline...e-vulnerability
November 15, 2011 - "... The vulnerability stems from older iTunes versions use of plain HTTP requests to query Apple's servers for new updates. Because such connections lack encryption, a network attacker could intercept the requests and respond with rogue update URLs... This particular attack scenario can only take place when iTunes is installed on a Windows system and the Apple Software Update component is not present..."

- https://www.us-cert....es_itunes_10_51
November 15, 2011

:ph34r: :ph34r:

Edited by AplusWebMaster, 18 November 2011 - 05:38 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#84 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,210 posts

Posted 01 February 2012 - 05:29 PM

FYI...

Apple Security Update 2012-001 v1.1
- http://lists.apple.c...b/msg00002.html
3 Feb 2012 - "Security Update 2012-001 v1.1 is now available for Mac OS X v10.6.8 systems to address a compatibility issue. Version 1.1 of this update removes the ImageIO security fixes released in Security Update 2012-001. OS X Lion systems are not affected by this change.
Security Update 2012-001 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site:
http://www.apple.com...port/downloads/ ..."

- http://www.securityt....com/id/1026627
Updated: Feb 4 2012
... [Note: On February 3, 2012, the vendor issued a modified fix (Security Update 2012-001 v1.1) for Mac OS X v10.6.8 that removes the ImageIO patches (CVE-2011-3328) that were causing a compatibility issue.]
___

Apple 2012-001 Security Update - OS X Lion v10.7.3
- https://support.apple.com/kb/HT5130
Feb 01, 2012

OS X Lion v10.7.3 Update
- https://support.apple.com/kb/HT5048
Feb 01, 2012 - "... recommended for all OS X Lion users and includes general operating system fixes that improve the stability, compatibility, and security..."

Server Admin Tools 10.7.3
- https://support.apple.com/kb/HT5050
Feb 01, 2012 - "... advanced administration tools for Lion Server. You can install them on the server or on another Mac and use it for remote administration..."

- https://support.apple.com/kb/HT1222
OS X Lion v10.7.3 and Security Update 2012-001
Mac OS X v10.6.8, OS X Lion v10.7 to v10.7.2

- http://lists.apple.c...b/msg00000.html
1 Feb 2012

- https://www.apple.com/support/
___

- http://h-online.com/-1426962
2 February 2012 - "... the updates close more than 50 holes..."

- http://www.securityt....com/id/1026627
Date: Feb 2 2012
CVE Reference: CVE-2011-2937, CVE-2011-3328, CVE-2011-3444, CVE-2011-3447, CVE-2011-3448, CVE-2011-3449, CVE-2011-3450, CVE-2011-3452, CVE-2011-3453, CVE-2011-3457, CVE-2011-3458, CVE-2011-3459, CVE-2011-3460, CVE-2011-3462, CVE-2011-3463
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via local system, Execution of arbitrary code via network, Modification of user information, Root access via local system, User access via network
Version(s): prior to 10.7.3

- https://secunia.com/advisories/47843/
Release Date: 2012-02-03
Criticality level: Highly critical
Impact: Cross Site Scripting, Spoofing, Exposure of sensitive information, Privilege escalation, DoS, System access
Where: From remote...
Solution: Update to OS X Lion version 10.7.3 or apply Security Update 2012-001.

:!:

Edited by AplusWebMaster, 05 February 2012 - 04:06 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#85 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,210 posts

Posted 08 March 2012 - 12:06 PM

FYI...

Apple iOS 5.1 Software Update
- https://support.apple.com/kb/HT5192
March 07, 2012 - iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2
- https://secunia.com/advisories/48288/
Impact: Security Bypass, Cross Site Scripting, Exposure of sensitive information, System access
Where: From remote
Solution: Apply iOS 5.1 Software Update.
- http://www.securityt....com/id/1026774
Date: Mar 8 2012
CVE Reference: CVE-2012-0641, CVE-2012-0642, CVE-2012-0643, CVE-2011-3453, CVE-2012-0644, CVE-2012-0585, CVE-2012-0645, CVE-2012-0646, CVE-2011-3887, CVE-2012-0590, CVE-2011-3881, CVE-2012-0586, CVE-2012-0587, CVE-2012-0588, CVE-2012-0589, CVE-2011-2825, CVE-2011-2833, CVE-2011-2846, CVE-2011-2847, CVE-2011-2854, CVE-2011-2855, CVE-2011-2857, CVE-2011-2860, CVE-2011-2867, CVE-2011-2868, CVE-2011-2869, CVE-2011-2870, CVE-2011-2871, CVE-2011-2872, CVE-2011-2873, CVE-2011-2877, CVE-2011-3885, CVE-2011-3888, CVE-2011-3897, CVE-2011-3908, CVE-2011-3909, CVE-2011-3928, CVE-2012-0591, CVE-2012-0592, CVE-2012-0593, CVE-2012-0594, CVE-2012-0595, CVE-2012-0596, CVE-2012-0597, CVE-2012-0598, CVE-2012-0599, CVE-2012-0600, CVE-2012-0601, CVE-2012-0602, CVE-2012-0603, CVE-2012-0604, CVE-2012-0605, CVE-2012-0606, CVE-2012-0607, CVE-2012-0608, CVE-2012-0609, CVE-2012-0610, CVE-2012-0611, CVE-2012-0612, CVE-2012-0613, CVE-2012-0614, CVE-2012-0615, CVE-2012-0616, CVE-2012-0617, CVE-2012-0618, CVE-2012-0619, CVE-2012-0620, CVE-2012-0621, CVE-2012-0622, CVE-2012-0623, CVE-2012-0624, CVE-2012-0625, CVE-2012-0626, CVE-2012-0627, CVE-2012-0628, CVE-2012-0629, CVE-2012-0630, CVE-2012-0631, CVE-2012-0632, CVE-2012-0633, CVE-2012-0635
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via local system, User access via network...

iTunes 10.6 update
- https://support.apple.com/kb/HT5191
March 07, 2012 - Windows 7, Vista, XP SP2 or later
- https://secunia.com/advisories/48274/
Impact: System access
Where: From remote
Solution: Update to version 10.6.
- http://www.securityt....com/id/1026781
Date: Mar 9 2012
CVE Reference: CVE-2012-0634, CVE-2012-0636, CVE-2012-0637, CVE-2012-0638, CVE-2012-0639, CVE-2012-0648
Impact: Execution of arbitrary code via network, User access via network

- http://h-online.com/-1466786
8 March 2012

- https://www.us-cert....curity_updates2
March 9, 2012

:ph34r: :ph34r:

Edited by AplusWebMaster, 10 March 2012 - 09:54 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#86 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,210 posts

Posted 11 March 2012 - 03:30 PM

FYI...

Apple Safari Plug-in vuln ...
- https://secunia.com/advisories/45758/
Release Date: 2012-03-07
Criticality level: Moderately critical
Impact: System access
Where: From remote
Software: Apple Safari 5.x
CVE Reference: http://web.nvd.nist....d=CVE-2011-3845 - 7.6 (HIGH)
Last revised: 03/08/2012
... confirmed in version 5.1.2 (7534.52.7) on Windows using the RealPlayer and Adobe Flash plug-ins. Other versions may also be affected.
Solution: No effective workaround is currently available...

- http://www.securityt....com/id/1026775
CVE Reference: http://web.nvd.nist....d=CVE-2011-3844 - 4.3
Date: Mar 9 2012
Impact: Modification of system information
Version(s): 5.0.5 (7533.21.1); possibly other versions
Impact: A remote user can spoof the address bar URL.
Solution: The vendor has issued a partial fix (5.1.2 (7534.52.7))...

- https://www.apple.com/safari/download/
(Currently: Safari 5.1.2... for Windows XP, Vista or 7)

Use Apple Software Update ...

:ph34r: :ph34r:

Edited by AplusWebMaster, 11 March 2012 - 04:47 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#87 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,210 posts

Posted 12 March 2012 - 04:25 PM

FYI...

Safari v5.1.4 released
- http://lists.apple.c...r/msg00003.html
Mar 12, 2012 - Safari 5.1.4 for Windows XP, Vista or 7 ...

- https://www.apple.com/safari/download/

- https://support.apple.com/kb/HT5190

- http://www.securityt....com/id/1026785
Date: Mar 12 2012
CVE Reference: CVE-2012-0584, CVE-2012-0640, CVE-2012-0647
Impact: Disclosure of authentication information, Modification of system information
Version(s): prior to 5.1.4...

- https://secunia.com/advisories/48377/
Release Date: 2012-03-13
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of sensitive information, System access
Where: From remote ...
Solution: Update to version 5.1.4.
Original Advisory: http://support.apple.com/kb/HT5190
___

- https://www.computer..._monster_update
Mar 13, 2012 - "... Fixes 83 security flaws, most in WebKit engine; boosts JavaScript performance on OS X Lion... Of the 83 vulnerabilities, Apple tacitly classified 72 as critical..."

- http://h-online.com/-1470595
13 March 2012
>> http://www.h-online....iew=zoom;zoom=1

:!: :ph34r:

Edited by AplusWebMaster, 13 March 2012 - 09:21 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#88 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,210 posts

Posted 04 April 2012 - 05:21 AM

FYI...

Apple - Java update for OS X Lion 2012-001 and Java for Mac OS X 10.6
- https://support.apple.com/kb/HT5228
April 03, 2012
This document describes the security content of Java for OS X Lion 2012-001 and Java for Mac OS X 10.6 Update 7, which can be downloaded and installed via Software Update* preferences, or from Apple Downloads.
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.3, Lion Server v10.7.3
Impact: Multiple vulnerabilities in Java 1.6.0_29
Description: Multiple vulnerabilities exist in Java 1.6.0_29, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_31...

* https://support.apple.com/kb/HT1338

APPLE-SA-2012-04-03-1 Java for OS X 2012-001 and Java for Mac OS X 10.6 Update 7
- http://lists.apple.c...r/msg00000.html
3 Apr 2012

- https://www.us-cert....te_for_java_for
April 4, 2012

- https://secunia.com/advisories/48648/
Release Date: 2012-04-04
Criticality level: Highly critical
Impact: Manipulation of data, Exposure of sensitive information, DoS, System access
Where: From remote...
Solution: Apply updates.
Original Advisory: http://support.apple.com/kb/HT5228
___

Urgent Fix for Zero-Day Mac Java Flaw
- http://atlas.arbor.n...ndex#-674870906
Severity: Extreme Severity
Published: Thursday, April 05, 2012 23:09
Apple has released a critical Java patch that should be deployed ASAP to help counter the Flashback malware. Apple users should be aware that they are -not- invulnerable, even though OSX attacks and malware are much much less than for Windows systems.
Analysis: Flashback has started compromising OSX systems using an out-of-date version of Java. The trojan has been seen with two basic payloads, one to modify Safari settings and the other that is a password stealer. The Flashback botnet has been monitored by security company Dr. Web and their data shows approximately 600,000 OSX systems have been infected. More infections are on their way, given the lax attention to security that many OSX users have. It is likely that this Java security flaw has also been used in targeted attacks that won't get much, if any press.
Source: https://krebsonsecur...-mac-java-flaw/

- http://h-online.com/-1500931
4 April 2012

:ph34r: :!:

Edited by AplusWebMaster, 07 April 2012 - 05:36 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#89 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,210 posts

Posted 12 April 2012 - 06:16 PM

FYI...

2012-003 Apple - Java for OS X Lion
- http://support.apple.com/kb/HT5242
April 12, 2012 - "... Java for OS X Lion 2012-003 delivers Java SE 6 version 1.6.0_31 and supersedes all previous versions of Java for OS X Lion. This update is recommended for all Mac users with Java installed..."

Java for Mac OS X 10.6 Update 8
- http://support.apple.com/kb/HT5243
April 12, 2012 - "... Java for Mac OS X 10.6 Update 8 delivers Java SE 6 version 1.6.0_31 and supersedes all previous versions of Java for Mac OS X v10.6..."

APPLE-SA-2012-04-12-1 Java for OS X 2012-003 and Java for Mac OS X 10.6 Update 8
- http://lists.apple.c...r/msg00001.html
12 Apr 2012

> https://isc.sans.edu...l?storyid=12973
Last Updated: 2012-04-12 21:50:28 UTC

- http://h-online.com/-1520431
13 April 2012 - "... Java update -with- Flashback removal tool..."
___

Third Java update in 9 days...
- https://www.computer...e_hunter_killer
April 13, 2012

- https://www.computer...ack Decline.jpg
April 12, 2012

:!: :ph34r:

Edited by AplusWebMaster, 13 April 2012 - 06:50 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#90 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,210 posts

Posted 18 April 2012 - 06:11 AM

FYI...

Apple standalone Flashback malware removal tool
- http://h-online.com/-1526041
16 April 2012 - "Apple has announced* the release of a standalone version of the "Flashback malware removal tool"**. The 356KB tool is aimed at Mac OS X 10.7 Lion users without Java installed and, according to Apple, it "removes the most common variants of the Flashback malware". If the tool finds the Flashback malware, users will presented with a dialogue notifying them that it was removed; depending on the variant removed, the tool may require users to restart their system... The Flashback malware removal tool*** is available from Apple's Support Downloads site."

* http://lists.apple.c...r/msg00002.html
13 Apr 2012

** http://support.apple.com/kb/HT5246

*** http://support.apple.com/kb/DL1517

.

Edited by AplusWebMaster, 18 April 2012 - 06:33 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#91 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,210 posts

Posted 01 May 2012 - 04:27 PM

FYI...

Apple patching practice ...
- http://atlas.arbor.n...dex#-1272909644
30 Apr 2012 - OSX anti-malware site provides resources of value... link to a recent Flashback trojan analysis by DrWeb*.
Source: http://macviruscom.w...ching-practice/

- http://nakedsecurity...on-malware-mac/
April 27, 2012

* http://news.drweb.co...&c=5&lng=en&p=0
April 27, 2012
> https://www.zdnet.co...ponse/4904?pg=2
April 29, 2012 - "... left to their own devices, many users will simply postpone those updates by clicking the 'Not Now' or 'Install Later' button. They see updates as an annoyance that will mean they they can’t use their Mac for 10 minutes to a half-hour... roughly 1 out of every 4 Snow Leopard users are at least six months behind in terms of applying major software updates. Nearly 15% are more than a year behind, meaning they have skipped at least two major OS X updates and are easy prey for any exploit that targets security holes that were fixed in those updates... If (Apple) talks to the press in an effort to reach owners of Macs who aren’t aware they’ve been infected, they risk puncturing the 'Macs don’t get viruses' image they’ve cultivated through the years. So the company has chosen to remain silent, which is shameful..."

These guys know it - and so do the Hacks.

Free Mac anti-virus for home users
> http://www.sophos.com/freemacav
> https://www.avira.co...ee-mac-security
___

New Malware Found Exploiting Mac OS X Snow Leopard
- https://threatpost.c...-leopard-050212
May 2, 2012 - "... with Lion, that specific memory address can't be written, so the exploit fails. We can assume that this malware itself is targeting only Snow Leopard or lower versions of Mac OSX. That means the attacker had knowledge about the target environment beforehand. That includes the target operating system, application patch levels, etc..."

:!:

Edited by AplusWebMaster, 02 May 2012 - 01:21 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#92 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,210 posts

Posted 08 May 2012 - 04:54 AM

FYI...

Apple iOS 5.1.1 update for iPod, iPhone, iPad
- https://isc.sans.edu...l?storyid=13144
Last Updated: 2012-05-07 20:29:40 UTC - "... only available through iTunes. The updates address Safari and WebKit for iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2... the update is available through iTunes."

- http://support.apple.com/kb/HT5278
May 07, 2012
- http://web.nvd.nist....d=CVE-2011-3046 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2011-3056 - 7.5 (HIGH)
- http://web.nvd.nist....d=CVE-2012-0672 - 6.8
- http://web.nvd.nist....d=CVE-2012-0674 - 4.3

- http://support.apple.com/kb/DL1521
Version: 5.1.1 - May 07, 2012
System Requirements: iPhone 4S, iPhone 4, iPhone 3GS, iPad 2, iPad, iPod touch (4th generation), iPod touch (3rd generation)

Apple patches serious security holes in iOS devices
- http://atlas.arbor.n...ndex#-480279256
Severity: Elevated Severity
Published: Monday, May 07, 2012
New patches provide protection for recent security holes in iOS.
Analysis: Some of these security holes were used in "hacking contents" such as pwn2own. It is likely that others are aware of the security holes, especially now that patches have been released and are surely being analyzed by attackers to spot the vulnerabilities. Considering the hot trends in mobile attacks, users are encouraged to deploy these updates as soon as possible.
Source: https://www.zdnet.co...vices/11983?utm

- http://h-online.com/-1569932
8 May 2012

- http://nakedsecurity...ulnerabilities/
May 8, 2012

- http://www.securityt....com/id/1027028
CVE Reference: CVE-2012-0672, CVE-2012-0674
Date: May 7 2012
Impact: Execution of arbitrary code via network, Modification of system information, User access via network
Version(s): prior to 5.1.1; iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2
Description: Two vulnerabilities were reported in Apple iOS. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can spoof the address bar URL...

:!: :ph34r:

Edited by AplusWebMaster, 09 May 2012 - 05:24 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#93 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,210 posts

Posted 10 May 2012 - 04:31 AM

FYI...

Apple Security Update 2012-002 - OS X Lion v10.7.4
Released for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3
- http://support.apple.com/kb/HT5281
May 09, 2012

- http://support.apple.com/kb/HT5167

Related: http://support.apple.com/kb/TS4272

- http://www.securityt....com/id/1027054
CVE Reference: CVE-2012-0649, CVE-2012-0651, CVE-2012-0654, CVE-2012-0655, CVE-2012-0656, CVE-2012-0657, CVE-2012-0658, CVE-2012-0659, CVE-2012-0660, CVE-2012-0661, CVE-2012-0662, CVE-2012-0675
Date: May 10 2012
Impact: Disclosure of system information, Execution of arbitrary code via network, User access via local system, User access via network
Version(s): 10.6.8, 10.7.3
Solution: The vendor has issued a fix (OS X Lion v10.7.4 and Security Update 2012-002), available from the Software Update pane in System Preferences, or Apple's Software Downloads web site at:
http://www.apple.com...port/downloads/
___

Safari 5.1.7
- http://support.apple.com/kb/HT5282
May 09, 2012

- http://support.apple.com/kb/DL1531

- http://support.apple.com/kb/HT5271

- https://secunia.com/advisories/47292/
Release Date: 2012-05-10
Criticality level: Highly critical
CVE Reference(s):
- http://web.nvd.nist....d=CVE-2011-3046 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2011-3056 - 7.5 (HIGH)
- http://web.nvd.nist....d=CVE-2012-0672 - 6.8
- http://web.nvd.nist....d=CVE-2012-0676 - 5.0
Impact: Security Bypass, Cross Site Scripting, System access
Where: From remote
... vulnerabilities are reported in versions prior to 5.1.7.
Solution: Update to version 5.1.7

- http://www.securityt....com/id/1027053
Date: May 10 2012
Impact: Modification of user information
Version(s): prior to 5.1.7
... The vendor's advisory is available at:
http://support.apple.com/kb/HT1222
___

Apple closes numerous holes in Mac OS X and Safari
- http://atlas.arbor.net/briefs/
Severity: Elevated Severity
Published: Friday, May 11, 2012
Now that malware authors are paying more attention to the OS X platform, keeping current on updates is going to become more important. This patch also fixes the recent plaintext password leakage issue.
Analysis: The Flashback trojan infected and still infects a substantial number of OS X systems. Imagine for a moment that they decided to take advantage of one of these security flaws - the password leakage issue with older versions of filevault - and compromised many passwords. Some of those passwords are bound to be re-used elsewhere, which could lead an attacker deeper into an enterprise. Creative and dedicated attackers will use any possible method to further their campaigns. This is just one scenario. Recent events show us that OS X is a viable target for criminals therefore patches need to be deployed in a timely manner to reduce risks.
Source: http://h-online.com/-1572174

.

Edited by AplusWebMaster, 12 May 2012 - 07:25 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#94 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,210 posts

Posted 15 May 2012 - 05:59 AM

FYI...

Apple 2012-003 Security Update for Leopard
- https://support.apple.com/kb/DL1533
May 14, 2012

- http://support.apple.com/kb/HT5271
"... Out-of-date versions of Adobe Flash Player do not include the latest security updates and will be disabled to help keep your Mac secure. If Safari 5.1.7 or Leopard Security Update 2012-003 detects an out-of-date version of Flash Player on your system, you will see a dialog informing you that Flash Player has been disabled. The dialog provides the option to go directly to Adobe's website, where you can download and install an updated version of Flash Player..."

- http://support.apple.com/kb/HT1222

- http://lists.apple.c...y/msg00004.html
___

APPLE-SA-2012-05-14-1 Flashback Removal Security Update
- http://lists.apple.c...y/msg00003.html
14 May 2012

- http://support.apple.com/downloads/

Flashback removal tool - for Mac OS X 10.5 Leopard
- http://h-online.com/-1575554
15 May 2012

:!: :ph34r:

Edited by AplusWebMaster, 15 May 2012 - 07:09 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#95 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,210 posts

Posted 16 May 2012 - 08:39 AM

FYI...

QuickTime v7.7.2 released
- https://secunia.com/advisories/47447/
Release Date: 2012-05-16
Criticality level: Highly critical
Impact: System access
Where: From remote
CVE Reference: CVE-2011-3458, CVE-2011-3459, CVE-2011-3460, CVE-2012-0265, CVE-2012-0663, CVE-2012-0664, CVE-2012-0665, CVE-2012-0666, CVE-2012-0667, CVE-2012-0668, CVE-2012-0669, CVE-2012-0670, CVE-2012-0671
... vulnerabilities are reported in versions prior to 7.7.2.
Solution: Update to version 7.7.2.
Original Advisory: Apple (APPLE-SA-2012-05-15-1):
http://lists.apple.c...y/msg00005.html
Download:
- http://www.apple.com...ktime/download/
-or-
Use Apple Software Update.

- http://support.apple.com/kb/HT5261
May 15, 2012

- http://www.securityt....com/id/1027065
May 16 2012
Impact: Execution of arbitrary code via network, User access via network
Version(s): prior to 7.7.2
Description: Multiple vulnerabilities were reported in Apple QuickTime. A remote user can cause arbitrary code to be executed on the target user's system.
A remote user can create a specially crafted file that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.
Only Windows-based systems are affected...

:!: :ph34r:

Edited by AplusWebMaster, 16 May 2012 - 11:29 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#96 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,210 posts

Posted 12 June 2012 - 07:31 AM

FYI...

iTunes v10.6.3 released
- https://secunia.com/advisories/49489/
Release Date: 2012-06-12
Criticality level: Highly critical
Impact: System access
Where: From remote
CVE Reference(s):
- http://web.nvd.nist....d=CVE-2012-0672 - 6.8
- http://web.nvd.nist....d=CVE-2012-0677 - 9.3 (HIGH)
... This vulnerability does not affect the application on OS X Lion systems.
Successful exploitation of the vulnerabilities may allow execution of arbitrary code.
Solution: Update to version 10.6.3.
Original Advisory: Apple:
http://support.apple.com/kb/HT5318

• Addresses a problem where iTunes may become unresponsive when syncing an iPad (1st generation) that contains an iBooks textbook
• Fixes a problem where photos synced to a device may appear in an unexpected order
• Resolves an issue where iTunes may unexpectedly delete playlists created on a device
• Fixes issues where iTunes may unexpectedly delete apps on a device
• Improves overall performance and reliability

... available via Apple Software Update.

:!: :ph34r:

Edited by AplusWebMaster, 15 June 2012 - 08:16 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#97 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,210 posts

Posted 13 June 2012 - 08:31 AM

FYI...

Java for OS X 2012-004 / Mac OS X 10.6 Update 9
- http://support.apple.com/kb/HT5319
June 12, 2012 - "Description: Multiple vulnerabilities exist in Java, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_33. Further information is available via the Java website at
http://www.oracle.co...tes-136954.html ..."

- https://secunia.com/advisories/49542/
Release Date: 2012-06-13
Criticality level: Highly critical
Impact: Cross Site Scripting, Manipulation of data, Exposure of sensitive information, DoS, System access
Where: From remote...
... more information: https://secunia.com/SA49472/
Original Advisory: http://support.apple.com/kb/HT5319

> http://www.spywarein...post__p__766617

:ph34r:

Edited by AplusWebMaster, 13 June 2012 - 10:55 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#98 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,210 posts

Posted 26 July 2012 - 08:12 AM

FYI...

Safari v6 released
- http://support.apple.com/kb/HT5400
July 25, 2012
> http://lists.apple.c...l/msg00000.html
APPLE-SA-2012-07-25-1 Safari 6.0

- https://secunia.com/advisories/50058/
Release Date: 2012-07-26
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of sensitive information, System access
Where: From remote...
Solution: Upgrade to Safari version 6.0 via Apple Software Update.

- http://www.securityt....com/id/1027307
CVE Reference: CVE-2011-3016, CVE-2011-3021, CVE-2011-3027, CVE-2011-3913, CVE-2012-0678, CVE-2012-0679, CVE-2012-0680, CVE-2012-0682, CVE-2012-0683, CVE-2012-1520, CVE-2012-2815, CVE-2012-3589, CVE-2012-3590, CVE-2012-3591, CVE-2012-3592, CVE-2012-3593, CVE-2012-3594, CVE-2012-3595, CVE-2012-3596, CVE-2012-3597, CVE-2012-3599, CVE-2012-3600, CVE-2012-3603, CVE-2012-3604, CVE-2012-3605, CVE-2012-3608, CVE-2012-3609, CVE-2012-3610, CVE-2012-3611, CVE-2012-3615, CVE-2012-3618, CVE-2012-3620, CVE-2012-3625, CVE-2012-3626, CVE-2012-3627, CVE-2012-3628, CVE-2012-3629, CVE-2012-3630, CVE-2012-3631, CVE-2012-3633, CVE-2012-3634, CVE-2012-3635, CVE-2012-3636, CVE-2012-3637, CVE-2012-3638, CVE-2012-3639, CVE-2012-3640, CVE-2012-3641, CVE-2012-3642, CVE-2012-3644, CVE-2012-3645, CVE-2012-3646, CVE-2012-3650, CVE-2012-3653, CVE-2012-3655, CVE-2012-3656, CVE-2012-3661, CVE-2012-3663, CVE-2012-3664, CVE-2012-3665, CVE-2012-3666, CVE-2012-3667, CVE-2012-3668, CVE-2012-3669, CVE-2012-3670, CVE-2012-3674, CVE-2012-3678, CVE-2012-3679, CVE-2012-3680, CVE-2012-3681, CVE-2012-3682, CVE-2012-3683, CVE-2012-3686, CVE-2012-3689, CVE-2012-3690, CVE-2012-3691, CVE-2012-3693, CVE-2012-3694, CVE-2012-3695, CVE-2012-3696, CVE-2012-3697
Jul 26 2012
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Version(s): prior to 6.0 ...
___

Apple Xcode v4.4 released
- https://secunia.com/advisories/50068/
Release Date: 2012-07-26
Impact: Hijacking, Security Bypass, Exposure of sensitive information
Where: From remote
CVE Reference(s): CVE-2011-3389, CVE-2012-3698
... weakness and the vulnerability are reported in versions prior to 4.4.
Solution: Update to version 4.4 via the Apple Developer site or via the App Store.
Original Advisory: APPLE-SA-2012-07-25-2:
http://support.apple.com/kb/HT5416

- http://www.securityt....com/id/1027302
CVE Reference: CVE-2012-3698
Jul 26 2012
Impact: Disclosure of authentication information, Disclosure of user information
Version(s): prior to 4.4

- http://www.securityt....com/id/1027303
CVE Reference: CVE-2011-3389
Jul 26 2012
Impact: Disclosure of user information
Version(s): prior to 4.4

:!: :!:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#99 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,210 posts

Posted 21 August 2012 - 07:38 AM

FYI...

Apple remote desktop v3.6.1 released
- https://secunia.com/advisories/50352/
Release Date: 2012-08-21
Impact: Exposure of sensitive information
Where: From remote
CVE Reference: CVE-2012-0681
... The security issue is reported in versions 3.5.2 through 3.6.
Solution: Update to version 3.6.1.
Original Advisory: Apple:
http://support.apple.com/kb/HT5433

- http://www.securityt....com/id/1027420
Aug 21 2012

- http://h-online.com/-1671129
21 August 2012

:ph34r:

Edited by AplusWebMaster, 21 August 2012 - 07:55 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#100 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,210 posts

Posted 05 September 2012 - 05:01 PM

FYI...

Apple/Java v1.6.0_35
- https://support.apple.com/kb/HT5473
Sep 05, 2012
Java for OS X 2012-005 and Java for Mac OS X 10.6 Update 10
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 or later, OS X Lion Server v10.7 or later, OS X Mountain Lion v10.8 or later
Description: An opportunity for security-in-depth hardening is addressed by updating to Java version 1.6.0_35. Further information is available via the Java website at
http://www.oracle.co...81-1835715.html
CVE-ID: CVE-2012-0547

APPLE-SA-2012-09-05-1 Java for OS X 2012-005 and Java for Mac OS X 10.6 Update 10
- http://lists.apple.c...p/msg00000.html
Sep 05, 2012
___

- https://secunia.com/advisories/50545/
Release Date: 2012-09-06
Criticality level: Highly critical
Impact: System access
Where: From remote
CVE Reference(s): CVE-2012-0547, CVE-2012-4681
... For more information see: https://secunia.com/SA50133/
Original Advisory: APPLE-SA-2012-09-05-1:
http://lists.apple.c...p/msg00000.html

:!:

Edited by AplusWebMaster, 06 September 2012 - 11:51 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.





2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button