126 replies to this topic

[AplusWebMaster]

FYI...

Apple iTunes v10.7 released
- https://secunia.com/advisories/50618/
Release Date: 2012-09-13
Criticality level: Highly critical
Impact: System access
Where: From remote
... vulnerabilities are reported in versions prior to 10.7.
Solution: Update to version 10.7.
Original Advisory: APPLE-SA-2012-09-12-1:
http://lists.apple.c...p/msg00001.html

- http://www.securityt....com/id/1027525
CVE Reference: CVE-2012-2817, CVE-2012-2818, CVE-2012-2829, CVE-2012-2831, CVE-2012-3601, CVE-2012-3602, CVE-2012-3606, CVE-2012-3607, CVE-2012-3612, CVE-2012-3613, CVE-2012-3614, CVE-2012-3616, CVE-2012-3617, CVE-2012-3621, CVE-2012-3622, CVE-2012-3623, CVE-2012-3624, CVE-2012-3632, CVE-2012-3643, CVE-2012-3647, CVE-2012-3648, CVE-2012-3649, CVE-2012-3651, CVE-2012-3652, CVE-2012-3654, CVE-2012-3657, CVE-2012-3658, CVE-2012-3659, CVE-2012-3660, CVE-2012-3671, CVE-2012-3672, CVE-2012-3673, CVE-2012-3675, CVE-2012-3676, CVE-2012-3677, CVE-2012-3684, CVE-2012-3685, CVE-2012-3687, CVE-2012-3688, CVE-2012-3692, CVE-2012-3699, CVE-2012-3700, CVE-2012-3701, CVE-2012-3702, CVE-2012-3703, CVE-2012-3704, CVE-2012-3705, CVE-2012-3706, CVE-2012-3707, CVE-2012-3708, CVE-2012-3709, CVE-2012-3710, CVE-2012-3711, CVE-2012-3712
Sep 13 2012
Impact: Execution of arbitrary code via network, User access via network
Version(s): prior to 10.7

- https://support.apple.com/kb/HT5485
Sep 12, 2012
___

163 security holes in iTunes
- http://h-online.com/-1706849
13 Sep 2012

Edited by AplusWebMaster, 13 September 2012 - 09:58 AM.

[AplusWebMaster]

FYI...

Apple Remote Desktop 3.5.3 released
- http://lists.apple.c...p/msg00002.html
17 Sep 2012 - "... Apple Remote Desktop 3.0 or later
Impact: Connecting to a third-party VNC server with "Encrypt all network data" set may lead to information disclosure..."

Apple Remote Desktop 3.5.3 may be obtained from the Software Update pane in System Preferences,
or Apple's Software Downloads web site:
- http://www.apple.com...port/downloads/

- https://support.apple.com/kb/HT5462
17 Sep 2012
Apple Remote Desktop 3.5.3
CVE-2012-0681

[AplusWebMaster]

FYI...

iOS 6 released
APPLE-SA-2012-09-19-1 iOS 6
- http://lists.apple.c...p/msg00003.html
19 Sep 2012
"iOS 6 is now available...
Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later..."

- https://support.apple.com/kb/HT5503
"... can be downloaded and installed using iTunes*..."
* https://support.apple.com/kb/ht1414

- https://secunia.com/advisories/50586/
Release Date: 2012-09-20
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of system information, Exposure of sensitive information, Privilege escalation, System access
Where: From remote ...
Solution: Upgrade to iOS 6 via Software Update.

- http://www.securityt....com/id/1027552
CVE Reference: CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-4599, CVE-2012-3724, CVE-2012-3725, CVE-2012-3726, CVE-2012-3727, CVE-2012-3728, CVE-2012-3729, CVE-2012-3730, CVE-2012-3731, CVE-2012-3732, CVE-2012-3733, CVE-2012-3734, CVE-2012-3735, CVE-2012-3736, CVE-2012-3737, CVE-2012-3738, CVE-2012-3739, CVE-2012-3740, CVE-2012-3741, CVE-2012-3742, CVE-2012-3743, CVE-2012-3744, CVE-2012-3745, CVE-2012-3746, CVE-2012-3747
Sep 20 2012
Impact: Disclosure of system information, Execution of arbitrary code via local system, Execution of arbitrary code via network, Root access via local system, User access via local system, User access via network...
Solution: The vendor has issued a fix (6.0).
___

- http://h-online.com/-1713012
20 Sep 2012

- https://isc.sans.edu...l?storyid=14128
"iOS6 released: a few CVEs addresses, breaks mapping."

Edited by AplusWebMaster, 20 September 2012 - 08:30 AM.

[AplusWebMaster]

FYI...

Apple security updates
- https://support.apple.com/kb/HT1222
3x - 19 Sept 2012
___

Safari v6.0.1 for Mac OS X
- https://secunia.com/advisories/50577/
Release Date: 2012-09-20
Criticality level: Highly critical
Impact: Security Bypass, Exposure of sensitive information, System access
Where: From remote...
Solution: Update to version 6.0.1...
Original Advisory: Apple:
http://support.apple.com/kb/HT5502

> http://lists.apple.c...p/msg00005.html
APPLE-SA-2012-09-19-3 Safari 6.0.1
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 and v10.8.1

- http://www.securityt....com/id/1027550
CVE Reference: CVE-2012-3713, CVE-2012-3714, CVE-2012-3715, CVE-2012-3598
Date: Sep 20 2012
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Version(s): prior to 6.0.1
___

Mac OS X multiple vulns - Security Update 2012-004
- https://secunia.com/advisories/50628/
Release Date: 2012-09-20
Criticality level: Highly critical
Impact: Security Bypass, Exposure of sensitive information, Privilege escalation, DoS, System access
Where: From remote...
Solution: Update to version 10.8.2 or 10.7.5 or apply Security Update 2012-004.

- http://lists.apple.c...p/msg00004.html
APPLE-SA-2012-09-19-2 OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004

- http://www.securityt....com/id/1027551
CVE Reference: CVE-2012-0650, CVE-2012-3716, CVE-2012-3718, CVE-2012-3719, CVE-2012-3720, CVE-2012-3721, CVE-2012-3722, CVE-2012-3723
Sep 20 2012
Impact: Denial of service via network, Disclosure of authentication information, Execution of arbitrary code via local system, Execution of arbitrary code via network, User access via local system, User access via network
... vendor's advisory is available at:
http://support.apple.com/kb/HT5501

Edited by AplusWebMaster, 20 September 2012 - 08:57 AM.

[AplusWebMaster]

FYI...

Apple TV v5.1 released
- https://secunia.com/advisories/50728/
Release Date: 2012-09-25
Criticality level: Highly critical
Impact: Exposure of sensitive information, DoS, System access
Where: From remote
CVE Reference(s): CVE-2011-1167, CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-3026, CVE-2011-3048, CVE-2011-3328, CVE-2011-3919, CVE-2012-0682, CVE-2012-0683, CVE-2012-1173, CVE-2012-3589, CVE-2012-3590, CVE-2012-3591, CVE-2012-3592, CVE-2012-3678, CVE-2012-3679, CVE-2012-3722, CVE-2012-3725, CVE-2012-3726
... vulnerabilities are reported in versions prior to 5.1.
Solution: Update to Apple TV Software version 5.1.
Original Advisory: APPLE-SA-2012-09-24-1:
http://support.apple.com/kb/HT5504
Apple TV 2nd generation and later

- https://support.apple.com/kb/HT4448
Apple TV (2nd and 3rd generation) software updates
Sep 24, 2012

How to update: https://support.apple.com/kb/HT1600

APPLE-SA-2012-09-24-1 Apple TV 5.1
- http://lists.apple.c...p/msg00006.html
24 Sep 2012

Edited by AplusWebMaster, 25 September 2012 - 12:18 PM.

[AplusWebMaster]

FYI...

RE: iOS 6 release / Apple maps...

- http://news.yahoo.co...-135819039.html
Sep 28, 2012 - "Apple CEO Tim Cook says the company is "extremely sorry" for the frustration that its maps application has caused and it's doing everything it can to make it better. Cook said in a letter posted online Friday that Apple "fell short" in its commitment to make the best possible products for its customers. He recommends that people try alternatives by downloading competing map apps from the App Store while Apple works on its own maps products.... 'had released an update to its iPhone and iPad operating system last week that replaced Google Maps with Apple's own maps application. But users complained that the new maps have fewer details, lack public transit directions and misplace landmarks, among other problems."
* https://www.apple.co...m-cook-on-maps/
Sep 28, 2012

[AplusWebMaster]

FYI...

Apple OS X Svr v2.1.1 released
- https://secunia.com/advisories/50859/
Release Date: 2012-10-04
Criticality level: Moderately critical
Impact: Security Bypass, Exposure of sensitive information, System access
Where: From remote
Software: Apple OS X Server 2.x
CVE Reference(s): CVE-2012-3488, CVE-2012-3489, CVE-2012-3525
... vulnerabilities are reported in versions prior to 2.1.1.
Solution: Update to version 2.1.1.
Original Advisory: APPLE-SA-2012-09-19-4:
http://prod.lists.ap...t/msg00000.html
APPLE-SA-2012-09-19-4 OS X Server v2.1.1

- https://support.apple.com/kb/HT5533
Oct 03, 2012

- http://web.nvd.nist....d=CVE-2012-3525 - 5.8
- http://web.nvd.nist....d=CVE-2012-3488 - 5.8
- http://web.nvd.nist....d=CVE-2012-3489 - 5.o

Edited by AplusWebMaster, 04 October 2012 - 06:39 PM.

[AplusWebMaster]

FYI...

Apple Java for OS X 2012-006 / Mac OS X 10.6 Update 11
- https://support.apple.com/kb/HT5549
Oct 17, 2012 - "Multiple vulnerabilities exist in Java 1.6.0_35... addressed by updating to Java version 1.6.0_37..."
- http://lists.apple.c...t/msg00001.html

- https://support.apple.com/kb/DL1572
"Java for OS X 2012-006 delivers improved security, reliability, and compatibility by updating Java SE 6 to 1.6.0_37. This update uninstalls the Apple-provided Java applet plug-in from all web browsers. To use applets on a web page, click on the region labeled "Missing plug-in" to go download the latest version of the Java applet plug-in from Oracle. Please quit any web browsers and Java applications before installing this update..."

- https://secunia.com/advisories/50942/
Release Date: 2012-10-17
Criticality level: Highly critical
Impact: Manipulation of data, Exposure of sensitive information, DoS, System access
Where: From remote
... more information: https://secunia.com/SA50949/
Solution: Apply updates.
Original Advisory: http://support.apple.com/kb/HT5549

- https://support.apple.com/kb/HT5493

- http://support.apple.com/kb/HT1222
___

> http://regmedia.co.u...java_update.jpg

- http://h-online.com/-1732089
18 Oct 2012

Edited by AplusWebMaster, 21 October 2012 - 06:39 AM.

[AplusWebMaster]

FYI...

iOS 6.0.1 Software Update
- https://support.apple.com/kb/DL1606
Nov 1, 2012
"This update contains improvements and bug fixes, including:
• Fixes a bug that prevents iPhone 5 from installing software updates wirelessly over the air
• Fixes a bug where horizontal lines may be displayed across the keyboard
• Fixes an issue that could cause camera flash to not go off
• Improves reliability of iPhone 5 and iPod touch (5th generation) when connected to encrypted WPA2 Wi-Fi networks
• Resolves an issue that prevents iPhone from using the cellular network in some instances
• Consolidated the Use Cellular Data switch for iTunes Match
• Fixes a Passcode Lock bug which sometimes allowed access to Passbook pass details from lock screen
• Fixes a bug affecting Exchange meetings
For information on the security content of this update, please visit this website:
http://support.apple.com/kb/HT1222
This update is available via iTunes and wirelessly."

- https://secunia.com/advisories/51162/
Release Date: 2012-11-02
Criticality level: Highly critical
Impact: Security Bypass, Exposure of system information, System access
Where: From remote
CVE Reference(s): CVE-2012-3748, CVE-2012-3749, CVE-2012-3750, CVE-2012-5112
For more information: https://secunia.com/SA51157/
Solution: Apply iOS 6.0.1 Software Update.
Original Advisory: APPLE-SA-2012-11-01-1:
http://support.apple.com/kb/HT5567
> http://lists.apple.c...v/msg00000.html
___

Safari 6.0.2 released
- https://support.apple.com/kb/HT5568
Nov 1, 2012
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.2
... WebKit -
1) Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A time of check to time of use issue existed in the handling of JavaScript arrays. This issue was addressed through additional validation of JavaScript arrays.
CVE-2012-3748 : Joost Pol and Daan Keuper of Certified Secure working with HP TippingPoint's Zero Day Initiative
2) Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A use after free issue existed in the handling of SVG images. This issue was addressed through improved memory handling.
CVE-2012-5112 : Pinkie Pie working with Google's Pwnium 2 contest...

- https://secunia.com/advisories/51157/
Release Date: 2012-11-02
Criticality level: Highly critical
Impact: System access
Where: From remote
CVE Reference(s): CVE-2012-3748, CVE-2012-5112
For more information: https://secunia.com/SA50954/
The vulnerabilities are reported in versions prior to 6.0.2 running on OS X Lion and OS X Mountain Lion.
Solution: Update to version 6.0.2.
Original Advisory: APPLE-SA-2012-11-01-2:
http://support.apple.com/kb/HT5568
> http://lists.apple.c...v/msg00001.html

Edited by AplusWebMaster, 02 November 2012 - 07:56 AM.

[AplusWebMaster]

FYI...

QuickTime v7.7.3 released
- https://secunia.com/advisories/51226/
Release Date: 2012-11-08
Criticality level: Highly critical
Impact: System access
Where: From remote
CVE Reference(s): CVE-2011-1374, CVE-2012-3751, CVE-2012-3752, CVE-2012-3753, CVE-2012-3754, CVE-2012-3755, CVE-2012-3756, CVE-2012-3757, CVE-2012-3758
... vulnerabilities are reported in versions prior to 7.7.3.
Solution: Update to version 7.7.3.
Original Advisory: http://support.apple.com/kb/HT5581

> http://lists.apple.c...v/msg00002.html
... QuickTime 7.7.3 may be obtained from the QuickTime Downloads site:
http://www.apple.com...ktime/download/
-or-
Use Apple Software Update.
___

- http://h-online.com/-1746273
8 Nov 2012

Edited by AplusWebMaster, 08 November 2012 - 08:38 AM.

[AplusWebMaster]

FYI...

iTunes 11.0.1 released
- https://support.apple.com/kb/DL1614
Dec 13, 2012 - "This update to the new iTunes addresses an issue where new purchases in iCloud may not appear in your library if iTunes Match is turned on, makes iTunes more responsive when searching a large library, fixes a problem where the AirPlay button may not appear as expected, and adds the ability to display duplicate items within your library. This update also includes other important stability and performance improvements."

Available on Apple Software Update.

[AplusWebMaster]

FYI...

iOS 6.0.2 Software Update
- http://support.apple.com/kb/DL1621
Dec 18, 2012 - Fixes a bug that could impact Wi-Fi...
System Requirements: iPhone 5, iPad mini

- http://www.todaysiph...eased-by-apple/
"... everyone and their dogs are trying to download the delta update and Apple’s servers are having a hard time..."

- http://bgr.com/2012/...2258170-258170/
Dec 18, 2012 - "... these Wi-Fi issues were supposed to be fixed with the release of iOS 6.0.1 but notes that users have still reported problems connecting to known Wi-Fi hotspots even after installing the patch..."

Edited by AplusWebMaster, 18 December 2012 - 05:33 PM.

[AplusWebMaster]

FYI...

Apple iOS 6.1 Software Update
- https://support.apple.com/kb/HT5642
28 Jan 2013
- http://www.securityt....com/id/1028051
CVE Reference: CVE-2012-2619, CVE-2012-2824, CVE-2012-2857, CVE-2012-2889, CVE-2013-0948, CVE-2013-0949, CVE-2013-0950, CVE-2013-0951, CVE-2013-0952, CVE-2013-0953, CVE-2013-0954, CVE-2013-0955, CVE-2013-0956, CVE-2013-0958, CVE-2013-0959, CVE-2013-0962, CVE-2013-0964, CVE-2013-0968, CVE-2013-0974
Jan 29 2013
Impact: Denial of service via network, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 6.1
___

- http://h-online.com/-1793259
29 Jan 2013
___

Apple TV 5.2
- https://support.apple.com/kb/HT5643
28 Jan 2013
- http://www.securityt....com/id/1028050
CVE Reference: CVE-2012-2619, CVE-2013-0964
Jan 29 2013
Impact: Denial of service via network, Disclosure of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2nd generation and later; firmware prior to 5.2

Edited by AplusWebMaster, 29 January 2013 - 10:26 AM.

[AplusWebMaster]

FYI...

Apple OS X Server v2.2.1 released
Mac OS X v10.6 Update 12
- https://support.apple.com/kb/HT5644

- http://prod.lists.ap...b/msg00001.html
4 Feb 2013

Available for: OS X Mountain Lion v10.8 or later
CVE-IDs:
- https://web.nvd.nist...d=CVE-2013-0156 - 7.5 (HIGH)
- https://web.nvd.nist...d=CVE-2013-0333 - 7.5 (HIGH)

- https://support.apple.com/kb/HT1338

- http://www.apple.com...port/downloads/
___

- https://secunia.com/advisories/52095/
Release Date: 2013-02-05
Criticality level: Highly critical
Impact: System access
Where: From remote
CVE Reference(s): CVE-2013-0156, CVE-2013-0333
... vulnerabilities are reported in versions prior to 2.2.1.
Solution: Update to version 2.2.1.
 

[AplusWebMaster]

FYI...

Expect a v2 of iOS 6.1 ...

iOS 6.1 Leads to Battery Life Drain, Overheating for iPhone Users
- http://thenextweb.co...ing-to-ios-6-1/
8 Feb 2013

- http://arstechnica.c...ontacts-photos/
Feb 14, 2013 - "An -old- vulnerability in the iPhone's lock screen and Emergency Call feature appears to have resurfaced for a third time in iOS 6.1. With the right sequence of button clicking, it's possible to get to an iPhone user's voicemails, contacts, and photos—even if the iPhone is locked and password protected..."
- https://secunia.com/advisories/52173/

Access restriction in iOS 6 partially useless
- http://h-online.com/-1805842
19 Feb 2013

Rapid growth in transaction logs, CPU use, and memory consumption in Exchange Server 2010 when a user syncs a mailbox by using an iOS 6.1-based device
- http://support.micro....com/kb/2814847
Last Review: February 12, 2013 - Revision: 5.0
Status: Apple and Microsoft are investigating this issue. We will post more information in this article when the information becomes available...
Workaround: To work around this issue, do not process Calendar items such as meeting requests on iOS 6.1 devices. Also, immediately restart the iOS 6.1 device...

Edited by AplusWebMaster, 19 February 2013 - 07:00 AM.

[AplusWebMaster]

FYI...

iTunes 11.0.2 released
- https://support.apple.com/kb/DL1614
Feb 19, 2013

APPLE-SA-2013-02-19-1 Java for OS X 2013-001 and Mac OS X v10.6 Update 13
- http://prod.lists.ap...b/msg00002.html
2013-02-19
- http://support.apple.com/kb/HT5666
 

Edited by AplusWebMaster, 20 February 2013 - 11:44 AM.

[AplusWebMaster]

FYI...

iOS 6.1.2 Software Update
- https://support.apple.com/kb/DL1639
Feb 19, 2013 - "Fixes an Exchange calendar bug that could result in increased network activity and reduced battery life...
System Requirements: iPhone 3GS and later, iPad 2 and later, iPod touch 4th generation and later, iPhone 5 ..."

- http://support.micro....com/kb/2814847
Last Review: February 19, 2013 Revision: 15.0 - "... Resolution: Apple has posted the following article to address the issue:
- https://support.apple.com/kb/TS4532
Feb 19, 2013 - ... Resolution: To resolve this issue, update to iOS 6.1.2..."

Edited by AplusWebMaster, 20 February 2013 - 07:16 AM.

[AplusWebMaster]

FYI...

Amazon fixes its book deleting iTunes Kindle app update
- http://www.theinquir...ndle-app-update
Feb 28 2013 - "... Amazon has revisited the webpage and the update. Version 3.6.2* of the Kindle app for iOS includes both a fix for the registration issue and "Various Bug Fixes and Security Fixes"..."
* https://itunes.apple...d302584613?mt=8
Updated: Feb 27, 2013
Version: 3.6.2
Size: 21.4 MB
What's New in Version 3.6.2
• Fix for Registration Issue
• Various Bug Fixes and Security Fixes...
 

[AplusWebMaster]

FYI...

Apple blocks older insecure versions of Flash...
- https://isc.sans.edu...l?storyid=15316
Last Updated: 2013-03-02 18:23:36 - "Apple has recently stepped up its response to security issues involving 3rd party plug-ins. They have aggressively used its anti-malware tool sets to enforce minimum versions of Adobe Flash*, Oracle Java, and similar popular plug-ins..."
* https://support.apple.com/kb/ht5655
Mar 1, 2013 - "... When attempting to view Flash content in Safari, you may see this alert: "Blocked Plug-in"
Selecting it will display this alert:
'Adobe Flash Player' is out of date.
- Click 'Download Flash…' to have Safari open the Adobe Flash Player installer website.
- Download the latest Adobe Flash Player installer--click the "Download now" button.
- Open the downloaded disk image.
- Open the installer and follow the onscreen instructions...'"

- https://support.apple.com/kb/HT5660
Mar 1, 2013

Edited by AplusWebMaster, 02 March 2013 - 08:07 PM.

[AplusWebMaster]

FYI...

APPLE-SA-2013-03-04-1: Apple Mac OS X update for Java
- https://secunia.com/advisories/52484/
Release Date: 2013-03-05
Criticality level: Highly critical
Impact: System access
Where: From remote
CVE Reference(s): CVE-2013-0809, CVE-2013-1493
For more information: https://secunia.com/SA52451/
Original Advisory: APPLE-SA-2013-03-04-1:
- http://support.apple.com/kb/HT5677
- http://prod.lists.ap.../Mar/index.html

- http://prod.lists.ap...r/msg00000.html
___

Apple Web Server notifications
- https://support.apple.com/kb/HT1318
Products Affected: Mac OS X Server, Product Security
Last Modified: Feb 23, 2013

Edited by AplusWebMaster, 11 March 2013 - 04:08 PM.

[AplusWebMaster]

FYI...

Safari v6.0.3 released
- https://support.apple.com/kb/HT5671
14 Mar 2013
> http://prod.lists.ap...r/msg00003.html

- https://secunia.com/advisories/52658/
Release Date: 2013-03-15
Criticality level: Highly critical
Impact: Cross Site Scripting, System access
Where: From remote ...
Solution: Update to version 6.0.3.

- http://www.securityt....com/id/1028292
CVE Reference: CVE-2013-0960, CVE-2013-0961
Mar 14 2013
Impact: Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 6.0.3...
___

APPLE-SA-2013-03-14-1 OS X Mountain Lion v10.8.3 and Security Update 2013-001
- https://support.apple.com/kb/HT5672
14 Mar 2013
> http://prod.lists.ap...r/msg00002.html

- http://prod.lists.ap.../Mar/index.html

- https://secunia.com/advisories/52643/
Release Date: 2013-03-15
Criticality level: Highly critical
Impact: Spoofing, Security Bypass, Exposure of system information, Exposure of sensitive, information, Cross Site Scripting, System access
Where: From remote ...
Solution: Update to OS X Mountain Lion 10.8.3 or apply Security Update 2013-001.

- http://atlas.arbor.n...dex#-1321171050
High Severity
March 15, 2013
Apple releases security patches for a variety of issues in OSX.
Analysis: Considering a typical attack on a end-user system, there are several issues that require attention to include: 1) A method for an attacker to launch a Java application even though Java may be disabled 2) Quicktime security vulnerabilities in the handling of MP4 files and 3) security issues in the way PDFKit handles certain malformed PDF documents. In addition to these issues there are multiple other issues that affect specific scenarios on a server install or issues that would open up the system to a local attack...

- http://www.securityt....com/id/1028294
CVE Reference: CVE-2013-0963, CVE-2013-0967, CVE-2013-0969, CVE-2013-0970, CVE-2013-0971, CVE-2013-0973, CVE-2013-0976
Updated: Mar 15 2013
Impact: Execution of arbitrary code via network, Modification of system information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10.6.x, 10.7.x, 10.8.x...

About the OS X Mountain Lion v10.8.3 Update
- https://support.apple.com/kb/HT5612
Mar 14, 2013

OS X Mountain Lion Update v10.8.3 (Combo)
- https://support.apple.com/kb/DL1640
Mar 14, 2013

Security Update 2013-001 (Snow Leopard)
- https://support.apple.com/kb/DL1642
Mar 14, 2013

Security Update 2013-001 (Lion)
- https://support.apple.com/kb/DL1643
Mar 14, 2013

Edited by AplusWebMaster, 16 March 2013 - 02:28 PM.

[AplusWebMaster]

FYI...

APPLE-SA-2013-03-19-1 iOS 6.1.3
- http://prod.lists.ap...r/msg00004.html
19 Mar 2013

- https://support.apple.com/kb/HT5704

- http://www.securityt....com/id/1028314
CVE Reference: CVE-2013-0977, CVE-2013-0978, CVE-2013-0979, CVE-2013-0981
Mar 19 2013
Impact: Disclosure of system information, Execution of arbitrary code via local system, Modification of system information, Root access via local system, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 6.1.3...
Impact: A local user can obtain elevated privileges on the target system.
Solution: The vendor has issued a fix (iOS 6.1.3) as part of APPLE-SA-2013-03-19-1 iOS 6.1.3.

- https://secunia.com/advisories/52173/
Last Update: 2013-03-20
Criticality level: Highly critical
Impact: Security Bypass, System access
Where: From remote...
Operating System: Apple iOS 6.x for iPhone 3GS and later, iPad 6.x, iPod touch 6.x
Solution: Apply iOS 6.1.3 Software Update.
___

APPLE-SA-2013-03-19-2 Apple TV 5.2.1
- http://prod.lists.ap...r/msg00005.html
19 Mar 2013

- https://secunia.com/advisories/52685/
Release Date: 2013-03-20
CVE Reference(s): CVE-2013-0977, CVE-2013-0978, CVE-2013-0981
Impact: Security Bypass
Where: Local system
Solution: Update to version 5.2.1.
___

Apple changes iOS 6.1 VPN feature
- http://h-online.com/-1837018
8 April 2013
 

Edited by AplusWebMaster, 08 April 2013 - 11:42 AM.

[AplusWebMaster]

FYI...

Safari 6.0.4 released
- https://support.apple.com/kb/HT5701
Apr 16, 2013

- https://support.apple.com/kb/HT1222
___

-  http://h-online.com/-1843736
17 April 2013
 

[AplusWebMaster]

FYI...

iOS 6.1.4 update
- https://support.apple.com/kb/DL1652
May 2, 2013 - "This update contains security content originally included in previous iOS Software Updates..."

- http://nakedsecurity...e-to-ios-6-1-4/
May 3, 2013 - "... iPhone 5 only..."

iOS: How to update...
- https://support.apple.com/kb/HT4623
 

[AplusWebMaster]

FYI...

iTunes 11.0.3 released
- https://support.apple.com/kb/HT5766
May 16, 2013

- http://prod.lists.ap...y/msg00000.html
May 16, 2013

Use Apple Software Update
-or-
- https://www.apple.com/itunes/download/
iTunes 11.0.3 for Windows XP, Vista or Windows 7

- http://www.securityt....com/id/1028575
CVE Reference: CVE-2013-0879, CVE-2013-0991, CVE-2013-0992, CVE-2013-0993, CVE-2013-0994, CVE-2013-0995, CVE-2013-0996, CVE-2013-0997, CVE-2013-0998, CVE-2013-0999, CVE-2013-1000, CVE-2013-1001, CVE-2013-1002, CVE-2013-1003, CVE-2013-1004, CVE-2013-1005, CVE-2013-1006, CVE-2013-1007, CVE-2013-1008, CVE-2013-1010, CVE-2013-1011, CVE-2013-1014
May 16 2013
Impact: Execution of arbitrary code via network, Modification of authentication information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes ...
Impact: A remote user can execute arbitrary code on the target system.
A remote user can spoof digital certificates.
Solution: The vendor has issued a fix (11.0.3).
 

[AplusWebMaster]

FYI...

QuickTime 7.7.4 released
- https://support.apple.com/kb/HT5770
May 22, 2013

- https://support.apple.com/kb/HT1222

> http://prod.lists.ap...y/msg00001.html
... QuickTime 7.7.4 may be obtained from the QuickTime Downloads site:
http://www.apple.com...ktime/download/
-or-
Use Apple Software Update.

- https://secunia.com/advisories/53520/
Release Date: 2013-05-23
Criticality level: Highly critical
Impact: System access
Where: From remote...
CVE Reference(s): CVE-2013-0986, CVE-2013-0987, CVE-2013-0988, CVE-2013-0989, CVE-2013-1015, CVE-2013-1016, CVE-2013-1017, CVE-2013-1018, CVE-2013-1019, CVE-2013-1020, CVE-2013-1021, CVE-2013-1022
... vulnerabilities are reported in versions prior to 7.7.4.
Solution: Update to version 7.7.4.

- http://www.securityt....com/id/1028589
CVE Reference: CVE-2013-0986, CVE-2013-0987, CVE-2013-0988, CVE-2013-0989, CVE-2013-1015, CVE-2013-1016, CVE-2013-1017, CVE-2013-1018, CVE-2013-1019, CVE-2013-1020, CVE-2013-1021, CVE-2013-1022
May 23 2013
Impact: Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 7.7.4 ...

- http://h-online.com/-1868186
23 May 2013
 

Edited by AplusWebMaster, 23 May 2013 - 02:55 PM.

[AplusWebMaster]

FYI...

Apple OS X 10.8.4 - Security Update 2013-002
- http://www.securityt....com/id/1028625
CVE Reference: CVE-2013-0982, CVE-2013-0983, CVE-2013-0984, CVE-2013-0985, CVE-2013-0975, CVE-2013-0990, CVE-2013-1024
Jun 5 2013
Impact: Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10.8.x prior to 10.8.4; 10.6.x, 10.7.x ...
Solution: The vendor has issued a fix (10.8.4; Security Update 2013-002).
Vendor URL: http://support.apple.com/kb/HT5784

- http://prod.lists.ap...n/msg00000.html

 

- https://secunia.com/advisories/53684/
Release Date: 2013-06-05
Criticality level: Highly critical
Impact: Cross Site Scripting, Exposure of sensitive information, Security Bypass, DoS,
System access
Where: From remote...  

- http://h-online.com/-1883007
5 June 2013

- https://support.apple.com/kb/HT1222
___

Safari v6.0.5 released
- http://www.securityt....com/id/1028627
CVE Reference: CVE-2013-0926, CVE-2013-1009, CVE-2013-1012, CVE-2013-1013, CVE-2013-1023
Jun 5 2013
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 6.0.5
Solution: The vendor has issued a fix (6.0.5).
Vendor URL: http://support.apple.com/kb/HT5785

- http://prod.lists.ap...n/msg00001.html

 

- https://secunia.com/advisories/53711/
Release Date: 2013-06-05
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, System access
Where: From remote...
___

- https://isc.sans.edu...l?storyid=15929
Last Updated: 2013-06-05 02:43:44 UTC
 

Edited by AplusWebMaster, 05 June 2013 - 06:16 AM.