Jump to content


Photo

Apple Mac OS X updates


  • Please log in to reply
193 replies to this topic

#151 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,394 posts

Posted 24 April 2014 - 04:18 PM

FYI...

iOS 7.1.1
- http://support.apple.com/kb/HT6208
Apr 22, 2014 - iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
- https://secunia.com/advisories/58140/

OSX Security Update 2014-002
- http://support.apple.com/kb/HT6207
Apr 22, 2014 - OS X Lion v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2
- https://secunia.com/advisories/58081/

AirPort Base Station Firmware Update 7.7.3
- http://support.apple.com/kb/HT6203
Apr 22, 2014 - AirPort Extreme and AirPort Time Capsule base stations with 802.11ac
- https://secunia.com/advisories/58142/

- http://support.apple.com/kb/HT1222
 

:ph34r: :ph34r:


.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#152 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,394 posts

Posted 19 May 2014 - 05:56 AM

FYI...

iTunes 11.2 released
- http://support.apple.com/kb/HT6245
May 15, 2014
- https://www.apple.com/itunes/download/
iTunes 11.2 for XP, Vista or Win7

Apple Security Update 2014-002 released
- http://support.apple.com/kb/HT6207
May 8, 2014

- http://support.apple.com/kb/HT6246
May 15, 2014
___

OS X Mavericks:
Users folder isn't visible after updating to iTunes 11.2
- http://support.apple.com/kb/TS5434
May 17, 2014
... Resolution: Update to iTunes 11.2.1 or later

- http://isc.sans.edu/...l?storyid=18135
Last Updated: 2014-05-17 15:24:06 UTC

- http://www.securityt....com/id/1030255
CVE Reference: https://web.nvd.nist...d=CVE-2014-1347 - 4.4
May 18 2014
Impact: Modification of system information, Modification of user information, Root access via local system, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes ...
Solution: The vendor has issued a fix (11.2.1).  
Vendor URL: http://support.apple.com/kb/HT6251
___

OS X Server 3.1.2 / APPLE-SA-2014-15-20-1:
- http://support.apple.com/kb/HT6248
May 20, 2014
- https://web.nvd.nist...d=CVE-2013-4164 - 6.8 (HIGH)
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 21 May 2014 - 08:00 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#153 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,394 posts

Posted 22 May 2014 - 09:50 AM

FYI...

Safari 6.1.4, 7.0.4 released
- http://support.apple.com/kb/HT6254
May 21, 2014

- http://support.apple.com/kb/HT1222

- http://www.securityt....com/id/1030269
CVE Reference: CVE-2013-2875, CVE-2014-1323, CVE-2014-1324, CVE-2014-1326, CVE-2014-1327, CVE-2014-1329, CVE-2014-1330, CVE-2014-1331, CVE-2014-1333, CVE-2014-1334, CVE-2014-1335, CVE-2014-1336, CVE-2014-1337, CVE-2014-1338, CVE-2014-1339, CVE-2014-1341, CVE-2014-1342, CVE-2014-1343, CVE-2014-1344, CVE-2014-1731, CVE-2014-1346
May 22 2014
Impact: Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to versions 6.1.4, 7.0.4 ...
Solution: The vendor has issued a fix (6.1.4, 7.0.4).
The vendor's advisory is available at:
- http://support.apple.com/kb/HT6254
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 22 May 2014 - 09:57 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#154 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,394 posts

Posted 01 July 2014 - 02:18 PM

FYI...

OS X 10.9.4 / Security Update 2014-003
- https://support.apple.com/kb/HT6296
Jun 30, 2014
- http://www.securityt....com/id/1030505
CVE Reference: CVE-2014-1317, CVE-2014-1370, CVE-2014-1371, CVE-2014-1372, CVE-2014-1373, CVE-2014-1375, CVE-2014-1376, CVE-2014-1377, CVE-2014-1378, CVE-2014-1379, CVE-2014-1380, CVE-2014-1381

Safari 6.1.5 / 7.0.5
- https://support.apple.com/kb/HT6293
Jun 30, 2014
- http://www.securityt....com/id/1030495
CVE Reference: CVE-2014-1325, CVE-2014-1340, CVE-2014-1345, CVE-2014-1362, CVE-2014-1363, CVE-2014-1364, CVE-2014-1365, CVE-2014-1366, CVE-2014-1367, CVE-2014-1368, CVE-2014-1369, CVE-2014-1382

iOS 7.1.2
- http://support.apple.com/kb/HT6297
Jun 30, 2014
- http://www.securityt....com/id/1030500
CVE Reference: CVE-2014-1348, CVE-2014-1349, CVE-2014-1350, CVE-2014-1351, CVE-2014-1352, CVE-2014-1353, CVE-2014-1354, CVE-2014-1355, CVE-2014-1356, CVE-2014-1357, CVE-2014-1358, CVE-2014-1359, CVE-2014-1360, CVE-2014-1361
- http://support.apple.com/kb/HT4623

Apple TV 6.2
- http://support.apple.com/kb/HT6298
Jun 30, 2014
- http://www.securityt....com/id/1030503
CVE Reference: CVE-2014-1383
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 02 July 2014 - 11:08 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#155 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,394 posts

Posted 11 July 2014 - 09:59 AM

FYI...

OS X / Safari - Flash Player updates available
- http://support.apple.com/kb/HT5655
July 10, 2014 - "... If the version of Adobe Flash plug-in you are using is out of date, you may see the message, "Blocked plug-in", "Flash Security Alert” or "Flash out-of-date" when attempting to view Flash content in Safari. Clicking the indicator displays an alert, "Adobe Flash Player is out-of-date."
In order to use Adobe Flash you need to update to a later version:
- Click the Download Flash button.
- Safari opens Adobe Flash Player installer page on the Adobe website.
- Click the Download now button on the Adobe website to download the latest Adobe Flash Player installer.
- After the download completes, open the downloaded disk image (usually located in your Downloads folder) if it does not open automatically.
    In the window that appears, open the installer and follow the onscreen instructions.
Note: If you need to run an older version of Flash, you can use web plug-in management* to re-enable it for specific websites using "Run in Unsafe Mode" (??) in Safari 6.1 or later..."
* http://support.apple.com/kb/HT5954
 

:ph34r: :ph34r:


.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#156 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,394 posts

Posted 13 August 2014 - 07:06 PM

FYI...

Safari 6.1.6, 7.0.6 released
- http://support.apple.com/kb/HT6367
Aug 13, 2014
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.4
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling...
___

- http://www.securityt....com/id/1030731
CVE Reference: CVE-2014-1384, CVE-2014-1385, CVE-2014-1386, CVE-2014-1387, CVE-2014-1388, CVE-2014-1389, CVE-2014-1390
Aug 14 2014
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to versions 6.1.6, 7.0.6 ...
Impact: A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (6.1.6, 7.0.6)...
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 14 August 2014 - 04:43 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#157 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,394 posts

Posted 17 September 2014 - 10:15 PM

FYI...

iOS 8 released
- http://www.securityt....com/id/1030866
CVE Reference: CVE-2014-4352, CVE-2014-4353, CVE-2014-4354, CVE-2014-4356, CVE-2014-4357, CVE-2014-4361, CVE-2014-4362, CVE-2014-4363, CVE-2014-4364, CVE-2014-4366, CVE-2014-4367, CVE-2014-4368, CVE-2014-4369, CVE-2014-4371, CVE-2014-4372, CVE-2014-4373, CVE-2014-4374, CVE-2014-4375, CVE-2014-4377, CVE-2014-4378, CVE-2014-4379, CVE-2014-4380, CVE-2014-4381, CVE-2014-4383, CVE-2014-4384, CVE-2014-4386, CVE-2014-4388, CVE-2014-4389, CVE-2014-4404, CVE-2014-4405, CVE-2014-4407, CVE-2014-4408, CVE-2014-4409, CVE-2014-4410, CVE-2014-4411, CVE-2014-4412, CVE-2014-4413, CVE-2014-4414, CVE-2014-4415, CVE-2014-4418, CVE-2014-4419, CVE-2014-4420, CVE-2014-4421, CVE-2014-4422, CVE-2014-4423
Sep 18 2014
Impact: Denial of service via local system, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via local system, Execution of arbitrary code via network, Root access via local system, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 8.0 ...
Solution: The vendor has issued a fix (8.0).
The vendor's advisory is available at:
- http://support.apple.com/kb/HT6441
Sep 17, 2014

- http://support.apple.com/kb/HT1222
17 Sept 2014
iOS 8 - iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
___

Safari 6.2 and 7.1
- http://support.apple.com/kb/HT6440
Sep 18, 2014

OS X Mavericks v10.9.5 and Security Update 2014-004
- http://support.apple.com/kb/HT6443
Sep 18, 2014

OS X Server v3.2.1
- http://support.apple.com/kb/HT6448
Sep 18, 2014
___

- http://atlas.arbor.n...ndex#2074331089
High Severity
Sep 26, 2014
 

:ph34r:


Edited by AplusWebMaster, 28 September 2014 - 06:39 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#158 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,394 posts

Posted 25 September 2014 - 05:27 AM

FYI...

iOS 8.0.1 revoked - iPhone 6, 6+
- http://www.theinquir...tivity-touch-id
Sep 25, 2014 - "... iPhone 6 and iPhone 6 Plus users that downloaded the iOS 8.0.1 update and found that it somewhat ruined their days to roll back the update*. Apple released iOS 8.0.1 to iPhones on Wednesday, but all didn't go to plan. While speculation had suggested that the update would arrive with a slew of bug fixes, the update appears to have created more issues. Apple has accepted that some iPhone users have experienced loss of connectivity and breakage in Touch ID sign-in..."
* http://support.apple.com/kb/HT6487
Sep 25, 2014
___

- http://support.apple.com/kb/HT6487
Last Modified: Sep 26, 2014 - "iOS 8.0.2 is available now. It fixes the loss of cellular service and use of Touch ID that may have affected you if you have an iPhone 6 or iPhone 6 Plus and you downloaded iOS 8.0.1. It includes improvements and bug fixes originally in iOS 8.0.1. We apologize for inconveniencing you if you were affected by the bug in iOS 8.0.1. To resolve this issue, update your device to iOS 8.0.2* or later."
* http://support.apple.com/kb/HT4623

- https://discussions.... 8.0.2 problems
___

APPLE-SA-2014-09-23-1 OS X: Flash Player plug-in blocked
- https://lists.apple....p/msg00000.html
Sep 23, 2014
Due to security issues in older versions, Apple has updated the
web plug-in blocking mechanism to disable all versions prior to
Flash Player 15.0.0.152 and 13.0.0.244.

Information on blocked web plug-ins will be posted to:
- http://support.apple.com/kb/HT5655
Last Modified: Sep 24, 2014
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 30 September 2014 - 06:57 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#159 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,394 posts

Posted 29 September 2014 - 06:17 PM

FYI...

OS X bash Updates ...
- http://support.apple.com/kb/HT6495
Sep 29, 2014 - Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: In certain configurations, a remote attacker may be able to execute arbitrary shell commands
Description: An issue existed in Bash's parsing of environment variables. This issue was addressed through improved environment variable parsing by better detecting the end of the function statement...

APPLE-SA-2014-09-29-1 OS X bash Update 1.0
- https://lists.apple....p/msg00001.html
29 Sep 2014

OS X Lion
- http://support.apple.com/kb/DL1767
Sep 29, 2014
File Size: 3.5 MB

OS X Mountain Lion
- http://support.apple.com/kb/DL1768
Sep 29, 2014
File Size: 3.3 MB

OS X Mavericks
- http://support.apple.com/kb/DL1769
Sep 29, 2014
File Size: 3.3 MB

- http://arstechnica.c...-10-8-and-10-7/
Sept 29 2014
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 30 September 2014 - 06:27 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#160 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,394 posts

Posted 17 October 2014 - 05:14 AM

FYI...

iTunes 12.0.1 released
- https://support.apple.com/kb/HT6537
Last Modified: Oct 16, 2014
CVE Reference(s): CVE-2013-2871, CVE-2013-2875, CVE-2013-2909, CVE-2013-2926, CVE-2013-2927, CVE-2013-2928, CVE-2013-5195, CVE-2013-5196, CVE-2013-5197, CVE-2013-5198, CVE-2013-5199, CVE-2013-5225, CVE-2013-5228, CVE-2013-6625, CVE-2013-6635, CVE-2013-6663, CVE-2014-1268, CVE-2014-1269, CVE-2014-1270, CVE-2014-1289, CVE-2014-1290, CVE-2014-1291, CVE-2014-1292, CVE-2014-1293, CVE-2014-1294, CVE-2014-1298, CVE-2014-1299, CVE-2014-1300, CVE-2014-1301, CVE-2014-1302, CVE-2014-1303, CVE-2014-1304, CVE-2014-1305, CVE-2014-1307, CVE-2014-1308, CVE-2014-1309, CVE-2014-1310, CVE-2014-1311, CVE-2014-1312, CVE-2014-1313, CVE-2014-1323, CVE-2014-1324, CVE-2014-1325, CVE-2014-1326, CVE-2014-1327, CVE-2014-1329, CVE-2014-1330, CVE-2014-1331, CVE-2014-1333, CVE-2014-1334, CVE-2014-1335, CVE-2014-1336, CVE-2014-1337, CVE-2014-1338, CVE-2014-1339, CVE-2014-1340, CVE-2014-1341, CVE-2014-1342, CVE-2014-1343, CVE-2014-1344, CVE-2014-1362, CVE-2014-1363, CVE-2014-1364, CVE-2014-1365, CVE-2014-1366, CVE-2014-1367, CVE-2014-1368, CVE-2014-1384, CVE-2014-1385, CVE-2014-1386, CVE-2014-1387, CVE-2014-1388, CVE-2014-1389, CVE-2014-1390, CVE-2014-1713, CVE-2014-1731, CVE-2014-4410, CVE-2014-4411, CVE-2014-4412, CVE-2014-4413, CVE-2014-4414, CVE-2014-4415
___

Security Update 2014-005
- https://support.apple.com/kb/HT6531
Oct 16, 2014
> https://www.us-cert....Update-2014-005
Oct 17, 2014 - "... Security Update 2014-005 to address vulnerabilities in SSL 3.0..."
___

OS X Server v4.0
- http://support.apple.com/kb/HT6536
Oct 16, 2014

- http://www.securityt....com/id/1031071
___

OS X Yosemite v10.10
- http://support.apple.com/kb/HT6535
Oct 16, 2014

- http://www.securityt....com/id/1031063

- http://www.securityt....com/id/1031065

OS X Yosemite: List of available trusted root certificates
- http://support.apple.com/kb/HT6005
Oct 17, 2014
 

:ph34r: :ph34r: :ph34r:


Edited by AplusWebMaster, 17 October 2014 - 01:31 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#161 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,394 posts

Posted 20 October 2014 - 10:49 PM

FYI...

iOS 8.1 released
- https://support.apple.com/kb/HT6541
Oct 20, 2014
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

- http://www.securityt....com/id/1031077
CVE Reference: CVE-2014-4448, CVE-2014-4449, CVE-2014-4450
Oct 20 2014
Impact: Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 8.1 ...

- https://en.greatfire...unch-new-iphone
Oct 20, 2014 - "After previous attacks on Github, Google, Yahoo and Microsoft, the Chinese authorities are now staging a man-in-the-middle (MITM) attack on Apple’s iCloud... Firefox and Chrome will both prevent users from accessing iCloud.com when they are trying to access a site that is suffering from a MITM attack..."

- http://www.reuters.c...N0I92H020141021
Oct 21, 2014
___

Apple TV 7.0.1
- https://support.apple.com/kb/HT6542
Oct 20, 2014

- https://support.apple.com/kb/HT1222
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 21 October 2014 - 07:43 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#162 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,394 posts

Posted 24 October 2014 - 06:02 AM

FYI...

QuickTime 7.7.6 released
- https://support.apple.com/kb/HT6493
Oct 22, 2014
- https://web.nvd.nist...d=CVE-2014-4979 - 9.3 (HIGH)
- https://web.nvd.nist...d=CVE-2014-4350 - 6.8
- https://web.nvd.nist...d=CVE-2014-4351 - 6.8
- https://web.nvd.nist...d=CVE-2014-1391 - 6.8

... use Apple Software Update.

- https://www.us-cert....dates-QuickTime
Oct 23, 2014
 

:ph34r:


Edited by AplusWebMaster, 24 October 2014 - 10:50 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#163 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,394 posts

Posted 18 November 2014 - 05:53 AM

FYI...

iOS 8.1.1 released
- http://support.apple.com/en-us/HT6590
Nov 17, 2014
... for iPhone 4s and later, iPod touch 5th generation and later, and iPad 2 and later...
- http://www.securityt....com/id/1031232
CVE Reference: CVE-2014-4451, CVE-2014-4457, CVE-2014-4463
Nov 18 2014
Impact: Execution of arbitrary code via local system, User access via local system
Fix Available: Yes  Vendor Confirmed:  Yes ...
Solution: The vendor has issued a fix (8.1.1).
___

OS X Yosemite v10.10.1
- http://support.apple.com/en-us/HT6572
Nov 17, 2014
- http://www.securityt....com/id/1031230
CVE Reference: CVE-2014-4453, CVE-2014-4458, CVE-2014-4459, CVE-2014-4460
Nov 18 2014
Impact: Disclosure of system information, Execution of arbitrary code via network, User access via network
Fix Available: Yes  Vendor Confirmed:  Yes ...
Solution: The vendor has issued a fix (10.10.1).
___

Apple TV 7.0.2
- http://support.apple.com/en-us/HT6592
Nov 17, 2014
- http://www.securityt....com/id/1031231
CVE Reference: CVE-2014-4452, CVE-2014-4455, CVE-2014-4461, CVE-2014-4462
Nov 18 2014
Impact: Execution of arbitrary code via local system, Execution of arbitrary code via network, User access via local system, User access via network
Fix Available: Yes  Vendor Confirmed:  Yes ...
Solution: The vendor has issued a fix (7.0.2).  
___

- https://isc.sans.edu...l?storyid=18961
Nov 17, 2014
- https://www.us-cert....te-and-Apple-TV
Nov 17, 2014
 

:ph34r:


.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#164 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,394 posts

Posted 04 December 2014 - 07:38 AM

FYI...

Safari 8.0.1, 7.1.1, 6.2.1 released
- http://support.apple.com/en-us/HT6596
Dec 3, 2014

- http://www.securityt....com/id/1031296
CVE Reference: CVE-2014-4465, CVE-2014-4466, CVE-2014-4468, CVE-2014-4469, CVE-2014-4470, CVE-2014-4471, CVE-2014-4472, CVE-2014-4473, CVE-2014-4474, CVE-2014-4475
Dec 4 2014
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to versions 6.2.1, 7.1.1, 8.0.1
Solution: The vendor has issued a fix (6.2.1, 7.1.1, 8.0.1).
___

- http://www.theinquir...-reinstall-os-x
Dec 05 2014 - "... The Safari update from 3 December addressed 13 security vulnerabilities, including some that were serious, in versions 8.0.1, 7.1.1 and 6.2.1. Most of the vulnerabilities were discovered by Apple internally. However, Mac OS X users soon complained that the update failed. The update processing claimed that it completed successfully, but it did not, and instead it removed Safari from users' systems. Users said that Apple support instructed them to reinstall Mac OS X* in order to recover Safari..."
* https://discussions....tart=0&tstart=0

> https://discussions.... 1.25.31 AM.png

- http://support.apple.com/en-us/HT6596
Dec 4, 2014

- http://forums.macrum...d.php?t=1825558
 

> http://support.apple.com/downloads/??

 

 

:ph34r:


Edited by AplusWebMaster, 08 December 2014 - 01:57 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#165 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,394 posts

Posted 10 December 2014 - 09:28 AM

FYI...

iOS 8.1.2
- http://support.apple.com/en-us/HT6598
Last Modified: Dec 10, 2014 - "Available for... iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later"
 

:ph34r:


.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#166 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,394 posts

Posted 23 December 2014 - 09:22 AM

FYI...

OS X NTP Security Update
- https://support.apple.com/en-us/HT6601
Dec 22, 2014
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10.1
Impact: A remote attacker may be able to execute arbitrary code
Description: Several issues existed in ntpd that would have allowed an attacker to trigger buffer overflows. These issues were addressed through improved error checking.
To verify the ntpd version, type the following command in Terminal: what /usr/sbin/ntpd. This update includes the following versions:
    Mountain Lion: ntp-77.1.1
    Mavericks: ntp-88.1.1
    Yosemite: ntp-92.5.1
CVE-ID: https://web.nvd.nist...d=CVE-2014-9295- 7.5 (HIGH)
___

- http://www.reuters.c...N0K108W20141223
Dec 23, 2014 - "Apple Inc has pushed out its first-ever automated security update to Macintosh computers to help defend against newly identified bugs that security researchers have warned could enable hackers to gain remote control of machines. The company pushed out the software on Monday to fix critical security vulnerabilities in a component of its OS X operating system called the network time protocol, or NTP, according to Apple spokesman Bill Evans. NTP is used for synchronizing clocks on computer systems. The bugs were made public in security bulletins on Friday by the Department of Homeland Security and the Carnegie Mellon University Software Engineering Institute. Carnegie Mellon identified dozens of technology companies, including Apple, whose products might be vulnerable. When Apple has released previous security patches, it has done so through its regular software update system, which typically requires user intervention. The company decided to deliver the NTP bug fixes with its technology for automatically pushing out security updates, which Apple introduced two years ago but had never previously used, because it wanted to protect customers as quickly as possible due to the severity of the vulnerabilities, Evans said. "The update is seamless," he said. "It doesn’t even require a restart." Apple does not know of any cases where vulnerable Mac computers were targeted by hackers looking to exploit the bugs, he added."

- http://arstechnica.c...-security-flaw/
Dec 23, 2014
 

:ph34r:


Edited by AplusWebMaster, 23 December 2014 - 12:52 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#167 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,394 posts

Posted 28 January 2015 - 04:49 AM

FYI...

OS X v10.10.2 and Security Update 2015-001
- http://support.apple.../en-us/HT204244
Jan 27, 2015
> AFP Server, bash, Bluetooth, CFNetwork Cache, CoreGraphics, CPU Software, CommerceKit Framework, CoreGraphics, CoreSymbolication, FontParser, Foundation, Intel Graphics Driver, IOAcceleratorFamily, IOHIDFamily, IOKit, IOUSBFamily, Kernel, LaunchServices, libnetcore, LoginWindow, lukemftp, OpenSSL, Sandbox, SceneKit, Security, security_taskgate, Spotlight, SpotlightIndex, sysmond, UserAccountUpdater
(More detail at the URL above.)
> http://www.securityt....com/id/1031650

Safari 8.0.3, 7.1.3, 6.2.3 released
- http://support.apple.../en-us/HT204243
Jan 27, 2015
> Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10.1
CVE-2014-3192, CVE-2014-4476, CVE-2014-4477, CVE-2014-4479
> http://www.securityt....com/id/1031647

iOS 8.1.3
- http://support.apple.../en-us/HT204245
Jan 27, 2015
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
> AppleFileConduit, CoreGraphics, dyld, FontParser, Foundation, IOAcceleratorFamily, IOHIDFamily, iTunes Store, Kernel, libnetcore, MobileInstallation, Springboard, WebKit
(More detail at the URL above.)
> http://www.securityt....com/id/1031652

Apple TV 7.0.3
- http://support.apple.../en-us/HT204246
Jan 27, 2015
> Available for: Apple TV 3rd generation and later
(More detail at the URL above.)

> http://support.apple.com/en-us/HT1222
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 28 January 2015 - 06:01 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#168 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,394 posts

Posted 10 March 2015 - 08:23 AM

FYI...

Apple Security Update 2015-002
- https://support.appl.../en-us/HT204413
Mar 9, 2015
- http://www.securityt....com/id/1031869
CVE Reference: CVE-2015-1066
Mar 10 2015
Impact: Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10.8.5, 10.9.5, 10.10.2...

iOS 8.2 released
- https://support.appl.../en-us/HT204423
Mar 9, 2015
- http://www.securityt....com/id/1031868
CVE Reference: CVE-2015-1061, CVE-2015-1065
Mar 10 2015
Impact: Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Root access via local system, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10.8.5, 10.9.5, 10.10.2 ...
- https://lists.apple....r/msg00000.html

Apple TV 7.1
- https://support.appl.../en-us/HT204426
Mar 9, 2015

Xcode 6.2
- https://support.appl.../en-us/HT204427
Mar 9, 2015

- https://support.apple.com/en-us/HT1222

- https://isc.sans.edu...l?storyid=19443
Last Updated: 2015-03-10 - "... Apple also addressed a number of security vulnerabilities, most notably the "Freak" vulnerability. After updating, the affected operating systems no longer support export quality ciphers. However, Apple browsers continue to support SSLv3 and as a result, continue to be vulnerable to POODLE*...

* http://www.poodletest.com/

Quick Summary of the security content of Apple's updates:
- XCode 6.2: This update addresses 4 vulnerabilities in subversion and 1 in git.
- OS X: 5 vulnerabilities. The most serious of which is likely a code execution vulnerability in Keychain.
- Apple TV: 3 vulnerabilities. One of which would allow an attacker to write files to the system if the user mounts a corrupt disk image.
- iOS: 6 vulnerabilities. In addition to FREAK and the above mentioned Keychain problem, a vulnerability that allows an attacker with physical access to the device to see the home screen on a locked devices is patched..."

- https://www.us-cert....OS-and-Apple-TV
Mar 9, 2015
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 10 March 2015 - 01:00 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#169 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,394 posts

Posted 17 March 2015 - 09:38 PM

FYI...

Safari 8.0.4, 7.1.4, 6.2.4 released
- https://support.appl.../en-us/HT204560
Mar 17, 2015
- https://lists.apple....r/msg00004.html

- https://support.apple.com/en-us/HT1222

- http://www.securityt....com/id/1031936
CVE Reference: CVE-2015-1068, CVE-2015-1069, CVE-2015-1070, CVE-2015-1071, CVE-2015-1072, CVE-2015-1073, CVE-2015-1074, CVE-2015-1075, CVE-2015-1076, CVE-2015-1077, CVE-2015-1078, CVE-2015-1079, CVE-2015-1080, CVE-2015-1081, CVE-2015-1082, CVE-2015-1083, CVE-2015-1084
Mar 17 2015
Impact: Execution of arbitrary code via network, Modification of system information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes...
Solution: The vendor has issued a fix (6.2.4, 7.1.4, 8.0.4).
___

- https://www.us-cert....-Updates-Safari
March 18, 2015 - "... Updates include:
        Safari 8.0.4 for OS X Mountain Lion v10.8.5
        Safari 7.1.4 for OS X Mavericks v10.9.5
        Safari 6.2.4 for OS X Yosemite v10.10.2
US-CERT encourages users and administrators to review Apple security update HT204560 ..."
 

:ph34r:


Edited by AplusWebMaster, 18 March 2015 - 10:37 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#170 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,394 posts

Posted 21 March 2015 - 05:20 AM

FYI...

Apple Security Update 2015-003
- https://support.appl.../en-us/HT204563
Mar 17, 2015
- https://lists.apple....r/msg00005.html
Available for: OS X Yosemite v10.10.2
CVE-2015-1061, CVE-2015-1065

- https://support.apple.com/en-us/HT1222
OS X Yosemite v10.10.2 - 19 Mar 2015
___

- https://www.us-cert....e-OS-X-Yosemite
March 20, 2015
 

:ph34r:


Edited by AplusWebMaster, 21 March 2015 - 05:35 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#171 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,394 posts

Posted 08 April 2015 - 06:39 PM

FYI...

Security Update 2015-004 - OS X Yosemite v10.10.3
- https://support.appl.../en-us/HT204659
Apr 8, 2015
> https://lists.apple....r/msg00001.html
- http://www.securityt....com/id/1032048
CVE Reference: CVE-2015-1088, CVE-2015-1089, CVE-2015-1091, CVE-2015-1093, CVE-2015-1095, CVE-2015-1096, CVE-2015-1098, CVE-2015-1099, CVE-2015-1100, CVE-2015-1101, CVE-2015-1102, CVE-2015-1103, CVE-2015-1104, CVE-2015-1105, CVE-2015-1117, CVE-2015-1118, CVE-2015-1130, CVE-2015-1131, CVE-2015-1132, CVE-2015-1133, CVE-2015-1134, CVE-2015-1135, CVE-2015-1136, CVE-2015-1137, CVE-2015-1138, CVE-2015-1139, CVE-2015-1140, CVE-2015-1141, CVE-2015-1142, CVE-2015-1143, CVE-2015-1144, CVE-2015-1145, CVE-2015-1146, CVE-2015-1147, CVE-2015-1148
Apr 8 2015

Safari 8.0.5, 7.1.5, 6.2.5
- https://support.appl.../en-us/HT204658
Apr 8, 2015 - "Available for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.2..."
> https://lists.apple....r/msg00000.html
- http://www.securityt....com/id/1032047
CVE Reference: CVE-2015-1112, CVE-2015-1119, CVE-2015-1120, CVE-2015-1121, CVE-2015-1122, CVE-2015-1124, CVE-2015-1126, CVE-2015-1127, CVE-2015-1128, CVE-2015-1129
Apr 8 2015

iOS 8.3
- https://support.appl.../en-us/HT204661
Apr 8, 2015 - "Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later..."
> https://lists.apple....r/msg00002.html
- http://www.securityt....com/id/1032050
CVE Reference: CVE-2015-1085, CVE-2015-1086, CVE-2015-1087, CVE-2015-1090, CVE-2015-1092, CVE-2015-1094, CVE-2015-1097, CVE-2015-1106, CVE-2015-1107, CVE-2015-1108, CVE-2015-1109, CVE-2015-1110, CVE-2015-1111, CVE-2015-1113, CVE-2015-1114, CVE-2015-1115, CVE-2015-1116, CVE-2015-1123, CVE-2015-1125
Apr 9 2015

Apple TV 7.2
- https://support.appl.../en-us/HT204662
Apr 8, 2015
> https://lists.apple....r/msg00003.html

Xcode 6.3
- https://support.apple.com/kb/HT204663
Apr 8, 2015 - "Available for:  OS X Mavericks v10.9.4 or later..."
> https://lists.apple....r/msg00004.html
- http://www.securityt....com/id/1032049
CVE Reference: CVE-2015-1149
Apr 9 2015

- https://support.appl.../en-us/HT201222
___

- https://web.nvd.nist...d=CVE-2015-1118
Last revised: 04/10/2015  - "... Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (memory corruption and application crash) via a crafted configuration profile..."
> http://www.theregist...attack_ios_fix/
10 Apr 2015
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 10 April 2015 - 12:52 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#172 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,394 posts

Posted 22 April 2015 - 04:49 PM

FYI...

APPLE-SA-2015-04-21-1 OS X: Flash Player plug-in blocked
- https://lists.apple....r/msg00005.html
21 Apr 2015 - "Due to security issues in older versions, Apple has updated the web plug-in blocking mechanism to disable all versions prior to Flash Player 17.0.0.169 and 13.0.0.281.

Information on blocked web plug-ins will be posted to:
- http://support.apple.../en-us/HT202681 "
 

:ph34r:


.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#173 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,394 posts

Posted 07 May 2015 - 07:37 AM

FYI...

Safari 8.0.6, 7.1.6, 6.2.6
- https://support.appl.../en-us/HT204826
May 4, 2015
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.3
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling...

- https://support.appl.../en-us/HT201222

- http://www.securityt....com/id/1032270
CVE Reference: CVE-2015-1152, CVE-2015-1153, CVE-2015-1154, CVE-2015-1155, CVE-2015-1156
May 7 2015
Impact: Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to versions 6.2.6, 7.1.6, 8.0.6 ...
 

:ph34r: :ph34r:


.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#174 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,394 posts

Posted 30 May 2015 - 05:49 AM

FYI... iPhone "Text msg" bug

If Messages quits unexpectedly after you get a text with a specific string of characters
- https://support.appl.../en-us/HT204897
Last Modified: May 29, 2015 - "Apple is aware of an iMessage issue caused by a specific series of unicode characters and we will make a fix available in a software update. Until the update is available, you can use these steps to re-open the Messages app.
1. Ask Siri* to "read unread messages."
2. Use Siri to reply to the malicious message. After you reply, you'll be able to open Messages again.
3. If the issue continues, tap and hold the malicious message, tap More, and delete the message from the thread."

About Siri
* https://support.appl.../en-us/HT204389
Last Modified: Apr 15, 2015
___

- http://www.idownload...te-coming-soon/
"... the company will be releasing a fix via a software update soon, presumably along iOS 8.4, which is still in beta stage."
 

:ph34r: :ph34r:


.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#175 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,394 posts

Posted 01 July 2015 - 07:00 AM

FYI...

> https://support.appl.../en-us/HT201222

iOS 8.4 released
- https://support.appl.../en-us/HT204941
Jun 30, 2015
- http://www.securityt....com/id/1032761
CVE Reference: CVE-2015-3722, CVE-2015-3723, CVE-2015-3724, CVE-2015-3725, CVE-2015-3726, CVE-2015-3728
Jul 1 2015
Impact: Denial of service via network, Execution of arbitrary code via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 8.4...
___

QuickTime 7.7.7 released
- https://support.appl.../en-us/HT204947
Jun 30, 2015
- http://www.securityt....com/id/1032756
CVE Reference: CVE-2015-3661, CVE-2015-3662, CVE-2015-3663, CVE-2015-3664, CVE-2015-3665, CVE-2015-3666, CVE-2015-3667, CVE-2015-3668, CVE-2015-3669
Jul 1 2015
Impact: Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 7.7.7 ...
Download: https://www.apple.co...ktime/download/

"QuickTime 7.7.7 for Windows Vista or Windows 7"
Alternate download site: http://www.majorgeek.../quicktime.html
Author: Apple, Inc.
Date: 07/01/2015 06:34 AM
Size: 39.9 MB
License: Freeware
Requires: Win 10/8/7/Vista
___

Safari 8.0.7, 7.1.7, 6.2.7
- https://support.appl.../en-us/HT204950
Jun 30, 2015
- http://www.securityt....com/id/1032754
CVE Reference: CVE-2015-3658, CVE-2015-3659, CVE-2015-3660, CVE-2015-3727
Jun 30 2015
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to versions 6.2.7, 7.1.7, 8.0.7 ...
___

Security Update 2015-005 - OS X Yosemite v10.10.4
- https://support.appl.../en-us/HT204942
Jun 30, 2015
- http://www.securityt....com/id/1032759
CVE Reference: CVE-2015-4000
Jul 1 2015
Impact: Modification of authentication information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10.10 to 10.10.3 ...
Solution: The vendor has issued a fix (10.10.4, Security Update 2015-005)...
- http://www.securityt....com/id/1032760
CVE Reference: CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130, CVE-2015-3671, CVE-2015-3672, CVE-2015-3673, CVE-2015-3674, CVE-2015-3675, CVE-2015-3676, CVE-2015-3677, CVE-2015-3678, CVE-2015-3679, CVE-2015-3680, CVE-2015-3681, CVE-2015-3682, CVE-2015-3683, CVE-2015-3684, CVE-2015-3685, CVE-2015-3686, CVE-2015-3687, CVE-2015-3688, CVE-2015-3689, CVE-2015-3690, CVE-2015-3691, CVE-2015-3694, CVE-2015-3695, CVE-2015-3696, CVE-2015-3697, CVE-2015-3698, CVE-2015-3699, CVE-2015-3700, CVE-2015-3701, CVE-2015-3702, CVE-2015-3703, CVE-2015-3704, CVE-2015-3705, CVE-2015-3706, CVE-2015-3707, CVE-2015-3708, CVE-2015-3709, CVE-2015-3710, CVE-2015-3711, CVE-2015-3712, CVE-2015-3714, CVE-2015-3715, CVE-2015-3716, CVE-2015-3717, CVE-2015-3718, CVE-2015-3719, CVE-2015-3721
Jul 1 2015
Impact: Disclosure of system information, Execution of arbitrary code via local system, Execution of arbitrary code via network, Root access via local system, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10.8.5, 10.9.5, 10.10 to 10.10.3 ...
Solution: The vendor has issued a fix (10.10.4, Security Update 2015-005)...
___

Security Update 2015-001 - Mac EFI
- https://support.appl.../en-us/HT204934
Jun 30, 2015
- http://www.securityt....com/id/1032755
CVE Reference: CVE-2015-3693
Jun 30 2015
Impact: Root access via local system, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10.8.5, 10.9.5, 10.10 to 10.10.3 ...
Solution: The vendor has issued a fix (Security Update 2015-001, OS X 10.10.4).
___

iTunes 12.2 for Windows
- https://support.appl.../en-us/HT204949
Jul 1, 2015

- https://www.apple.com/itunes/download/
___

- http://net-security....ld.php?id=18577
01 July 2015 - "... The OS X update contains fixes for 77 vulnerabilities, many of which can be exploited by attackers to gain admin or root privilege, crash applications, perform unauthenticated access to the system, execute arbitrary code, intercept network traffic, and so on. It also includes fixes for vulnerabilities in the Mac EFI (Extensible Firmware Interface), one of which could allow a malicious app with root privileges to modify EFI flash memory when it resumes from sleep states...

The iOS security update contains fixes for a slew of vulnerabilities that could lead to unexpected application termination or arbitrary code execution just by making the users open or the OS process a malicious crafted PDF, text, font or .tiff file.
The 'Logjam bug' in coreTLS that could be exploited by an attacker with a privileged network position to SSL/TLS connections has also been plugged, as have two vulnerabilities discovered by FireEye researchers, which could allow attackers to deploy two new kinds of Masque Attack and prevent iOS and Watch apps from launching..."

> http://lists.apple.c...ndex.html#00005
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 05 July 2015 - 07:18 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#176 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,394 posts

Posted 13 August 2015 - 06:46 PM

FYI....

> https://support.appl.../en-us/HT201222

iOS 8.4.1
- https://support.appl.../en-us/HT205030
13 Aug 2015 - iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Update the iOS software on your iPhone, iPad, and iPod touch
> https://support.appl.../en-us/HT204204
Last Modified: Aug 12, 2015

- http://www.securityt....com/id/1033275
CVE Reference: CVE-2015-3756, CVE-2015-3758, CVE-2015-3759, CVE-2015-3763, CVE-2015-3766, CVE-2015-3768, CVE-2015-3776, CVE-2015-3778, CVE-2015-3782, CVE-2015-3784, CVE-2015-3793, CVE-2015-3795, CVE-2015-3796, CVE-2015-3797, CVE-2015-3798, CVE-2015-3800, CVE-2015-3802, CVE-2015-3803, CVE-2015-3804, CVE-2015-3805, CVE-2015-3806, CVE-2015-3807, CVE-2015-5746, CVE-2015-5749, CVE-2015-5752, CVE-2015-5755, CVE-2015-5756, CVE-2015-5757, CVE-2015-5758, CVE-2015-5759, CVE-2015-5761, CVE-2015-5766, CVE-2015-5769, CVE-2015-5770, CVE-2015-5773, CVE-2015-5774, CVE-2015-5775, CVE-2015-5776, CVE-2015-5777, CVE-2015-5778, CVE-2015-5781, CVE-2015-5782
Aug 14 2015
Fix Available: Yes  Vendor Confirmed:  Yes  
Version(s): prior to 8.4.1...
Solution: The vendor has issued a fix (8.4.1).

OS X Server v4.1.5
- https://support.appl.../en-us/HT205032
13 Aug 2015 - BIND: Available for: OS X Yosemite v10.10.5 or later. CVE-2015-5477
> https://web.nvd.nist...d=CVE-2015-5477
Last revised: 07/29/2015
7.8 (HIGH)

OS X Yosemite 10.10.5 and Security Update 2015-006
- https://support.appl.../en-us/HT205031
13 Aug 2015 - Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4
- http://www.securityt....com/id/1033276
CVE Reference: CVE-2014-7844, CVE-2015-3757, CVE-2015-3760, CVE-2015-3761, CVE-2015-3762, CVE-2015-3764, CVE-2015-3765, CVE-2015-3767, CVE-2015-3769, CVE-2015-3770, CVE-2015-3771, CVE-2015-3772, CVE-2015-3773, CVE-2015-3774, CVE-2015-3775, CVE-2015-3777, CVE-2015-3779, CVE-2015-3780, CVE-2015-3781, CVE-2015-3783, CVE-2015-3786, CVE-2015-3787, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-3794, CVE-2015-3799, CVE-2015-5747, CVE-2015-5748, CVE-2015-5750, CVE-2015-5751, CVE-2015-5753, CVE-2015-5754, CVE-2015-5763, CVE-2015-5768, CVE-2015-5771, CVE-2015-5772, CVE-2015-5779, CVE-2015-5783, CVE-2015-5784
Aug 14 2015
Fix Available: Yes  Vendor Confirmed:  Yes  
Version(s): 10.10 - 10.10.4...
Solution: The vendor has issued a fix (10.10.5, Security Update 2015-006).

Safari 8.0.8, 7.1.8, 6.2.8
- https://support.appl.../en-us/HT205033
13 Aug 2015 - Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.4
- http://www.securityt....com/id/1033274
CVE Reference: CVE-2015-3729, CVE-2015-3730, CVE-2015-3731, CVE-2015-3732, CVE-2015-3733, CVE-2015-3734, CVE-2015-3735, CVE-2015-3736, CVE-2015-3737, CVE-2015-3738, CVE-2015-3739, CVE-2015-3740, CVE-2015-3741, CVE-2015-3742, CVE-2015-3743, CVE-2015-3744, CVE-2015-3745, CVE-2015-3746, CVE-2015-3747, CVE-2015-3748, CVE-2015-3749, CVE-2015-3750, CVE-2015-3751, CVE-2015-3752, CVE-2015-3753, CVE-2015-3754, CVE-2015-3755
Aug 13 2015
Fix Available: Yes  Vendor Confirmed:  Yes  
Version(s): prior to versions 6.2.8, 7.1.8, 8.0.8...
Solution: The vendor has issued a fix (6.2.8, 7.1.8, 8.0.8).

:ph34r: :ph34r:


Edited by AplusWebMaster, 17 August 2015 - 11:09 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#177 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,394 posts

Posted 21 August 2015 - 08:37 AM

FYI...

QuickTime 7.7.8 released
- https://support.appl.../en-us/HT205046
Aug 18, 2015

- https://lists.apple....g/msg00004.html
20 Aug 2015

- https://support.appl.../en-us/HT201222

Download
- https://www.apple.co...ktime/download/
QuickTime 7.7.8 for Windows Vista or Windows 7

... -or- use "Apple Software Update".
___

- http://www.securityt....com/id/1033346
CVE Reference: CVE-2015-5785, CVE-2015-5786
Aug 21 2015
Impact: Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 7.7.8...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (7.7.8)...

- https://www.us-cert....pdate-QuickTime
Aug 20, 2015
 

:ph34r:


Edited by AplusWebMaster, 21 August 2015 - 08:51 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#178 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,394 posts

Posted 16 September 2015 - 02:18 PM

FYI...

> https://support.appl.../en-us/HT201222

iOS 9 released
- https://support.appl.../en-us/HT205212
Sep 16, 2015 - "... Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later..."
APPLE-SA-2015-09-16-1 iOS 9
- https://lists.apple....p/msg00001.html

- http://www.securityt....com/id/1033609
CVE Reference: CVE-2015-3801, CVE-2015-5764, CVE-2015-5765, CVE-2015-5767, CVE-2015-5788, CVE-2015-5789, CVE-2015-5790, CVE-2015-5791, CVE-2015-5792, CVE-2015-5793, CVE-2015-5794, CVE-2015-5795, CVE-2015-5796, CVE-2015-5797, CVE-2015-5799, CVE-2015-5800, CVE-2015-5801, CVE-2015-5802, CVE-2015-5803, CVE-2015-5804, CVE-2015-5805, CVE-2015-5806, CVE-2015-5807, CVE-2015-5809, CVE-2015-5810, CVE-2015-5811, CVE-2015-5812, CVE-2015-5813, CVE-2015-5814, CVE-2015-5816, CVE-2015-5817, CVE-2015-5818, CVE-2015-5819, CVE-2015-5820, CVE-2015-5821, CVE-2015-5822, CVE-2015-5823, CVE-2015-5824, CVE-2015-5825, CVE-2015-5826, CVE-2015-5827, CVE-2015-5829, CVE-2015-5831, CVE-2015-5832, CVE-2015-5834, CVE-2015-5835, CVE-2015-5837, CVE-2015-5838, CVE-2015-5839, CVE-2015-5840, CVE-2015-5841, CVE-2015-5842, CVE-2015-5843, CVE-2015-5844, CVE-2015-5845, CVE-2015-5846, CVE-2015-5847, CVE-2015-5848, CVE-2015-5850, CVE-2015-5851, CVE-2015-5855, CVE-2015-5856, CVE-2015-5857, CVE-2015-5858, CVE-2015-5860, CVE-2015-5861, CVE-2015-5862, CVE-2015-5863, CVE-2015-5867, CVE-2015-5868, CVE-2015-5869, CVE-2015-5874, CVE-2015-5876, CVE-2015-5879, CVE-2015-5880, CVE-2015-5882, CVE-2015-5885, CVE-2015-5892, CVE-2015-5895, CVE-2015-5896, CVE-2015-5898, CVE-2015-5899, CVE-2015-5903, CVE-2015-5904, CVE-2015-5905, CVE-2015-5906, CVE-2015-5907, CVE-2015-5912, CVE-2015-5916, CVE-2015-5921   
Sep 18 2015
Impact: Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of system information, Modification of user information, Root access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 9.0...
Solution: The vendor has issued a fix (9.0)...
___

Xcode 7.0 released
- https://support.appl.../en-us/HT205217
Sep 16, 2015 - "Available for: OS X Yosemite v10.10.4 or later..."
APPLE-SA-2015-09-16-2 Xcode 7.0
- https://lists.apple....p/msg00002.html

- http://www.securityt....com/id/1033596
CVE Reference: CVE-2015-5909, CVE-2015-5910
Sep 17 2015
Impact: Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes...
Solution: The vendor has issued a fix (7.0).
___

iTunes 12.3 released
- https://support.appl.../en-us/HT205221
Sep 16, 2015 - "Available for: Windows 7 and later..."
APPLE-SA-2015-09-16-3 iTunes 12.3
- https://lists.apple....p/msg00003.html
___

OS X Server v5.0.3
- https://support.appl.../en-us/HT205219
Sep 16, 2015 - "Available for: OS X Yosemite v10.10.5 or later..."
APPLE-SA-2015-09-16-4 OS X Server 5.0.3
- https://lists.apple....p/msg00004.html

- http://www.securityt....com/id/1033595
CVE Reference: CVE-2015-5911
Sep 17 2015
Impact: Not specified
Fix Available:  Yes  Vendor Confirmed:  Yes...
Solution: The vendor has issued a fix (OS X Server 5.0.3)...
___

- https://www.us-cert....s-Xcode-and-iOS
Sep 16, 2015
___

iOS 9, thoroughly reviewed
- http://arstechnica.c...ughly-reviewed/
Sep 16, 2015

Apple users face issues upgrading to iOS 9 ...
- http://www.reuters.c...N0RG2I720150916
Sep 16, 2015 - "Apple Inc customers were facing issues while upgrading to iOS 9, which was released on Wednesday, technology blog 9to5Mac* reported..."

* http://9to5mac.com/2...-update-issues/
Sep 16, 2015 - "... several readers are reporting issues with updating to the new operating system. Developers using the iOS 9 GM seed released last week are also able to update to today’s release over-the-air, although the same error message is impacting those users... Other users are still seeing the previous iOS 8.4.1 version and unable to attempt to update just yet... As with any major release, the best troubleshooting solution is likely being patient and letting Apple’s servers catch up. In the meantime, some but not all users are reporting some success with updating using iTunes."
 

Apple customers report devices crash on iOS 9 update
- http://www.reuters.c...N0RI05P20150918
Sep 18, 2015 - "A significant number of Apple Inc customers are reporting their mobile devices have crashed after attempting to upload the new iOS 9 operating system, the latest in a line of launch glitches for the tech giant. Twitter and other social media were awash with disgruntled customers reporting two distinct faults, with one appearing to be linked specifically to older models of Apple iPhones and iPads... One group of users reported that iOS 9 upgrade would fail after several minutes, requiring them to start the process over. Many posted screen shots of the error message they received: "Software Update Failed". That problem was likely caused by servers that were overloaded when too many people tried to download the upgrade simultaneously... McKay and Brown said they always advised clients to wait several days before downloading any new upgrades from Apple, Google Inc or Microsoft Corp to make sure any glitches had been found and ironed out..."
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 19 September 2015 - 08:28 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#179 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,394 posts

Posted 01 October 2015 - 04:49 AM

FYI...

> https://support.appl.../en-us/HT201222

iOS 9.0.2 released
- https://support.appl.../en-us/HT205284
Sep 30, 2015 - "... Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later..."
APPLE-SA-2015-09-30-01 iOS 9.0.2
- https://lists.apple....p/msg00006.html

- http://www.securityt....com/id/1033687
CVE Reference: CVE-2015-5923
Oct 1 2015
Impact: Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 9.0.2...
Impact: A physically local user can obtain photos and contacts from a locked device.
Solution: The vendor has issued a fix (9.0.2)...
___

Safari 9 released
- https://support.appl.../en-us/HT205265
"... Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5 and OS X El Capitan v10.11..."
APPLE-SA-2015-09-30-2 Safari 9
- https://lists.apple....p/msg00007.html
30 Sep 2015

- http://www.securityt....com/id/1033688
CVE Reference: CVE-2015-5780, CVE-2015-5828
Oct 1 2015
Impact: Modification of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 9.0...
Impact: A remote user can cause a Safari extension to be silently replaced on the target user's system.
A remote user can return an HTTP redirect to the target connected plug-in without detection by the plugin.
Solution: The vendor has issued a fix (9.0)...
___

OS X El Capitan v10.11 released
- https://support.appl.../en-us/HT205267
Sep 30, 2015 - "Available for: Mac OS X v10.6.8 and later..."
APPLE-SA-2015-09-30-3 OS X El Capitan 10.11
- https://lists.apple....p/msg00008.html

- http://www.securityt....com/id/1033703
CVE Reference: CVE-2013-3951, CVE-2014-9709, CVE-2015-3330, CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2015-3785, CVE-2015-5522, CVE-2015-5523, CVE-2015-5830, CVE-2015-5833, CVE-2015-5836, CVE-2015-5849, CVE-2015-5853, CVE-2015-5854, CVE-2015-5864, CVE-2015-5865, CVE-2015-5866, CVE-2015-5870, CVE-2015-5871, CVE-2015-5872, CVE-2015-5873, CVE-2015-5875, CVE-2015-5877, CVE-2015-5878, CVE-2015-5881, CVE-2015-5883, CVE-2015-5884, CVE-2015-5887, CVE-2015-5888, CVE-2015-5889, CVE-2015-5890, CVE-2015-5891, CVE-2015-5893, CVE-2015-5894, CVE-2015-5897, CVE-2015-5900, CVE-2015-5901, CVE-2015-5902, CVE-2015-5913, CVE-2015-5914, CVE-2015-5915, CVE-2015-5917, CVE-2015-5922
Oct 1 2015
Impact: Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 10.11 ...
Solution: The vendor has issued a fix (10.11)....
___

- https://www.us-cert....-Safari-and-iOS
Sep 30, 2015
 

:ph34r: :ph34r: :ph34r:


.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#180 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,394 posts

Posted 16 October 2015 - 06:14 AM

FYI...

> https://support.appl.../en-us/HT201222

Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6
- https://support.appl.../en-us/HT205373
Oct 15, 2015

Keynote 6.6
- http://www.securityt....com/id/1033823
CVE Reference: CVE-2015-7032, CVE-2015-7033
Oct 16 2015
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes ...
Solution: The vendor has issued a fix (6.6).

Pages 5.6
- http://www.securityt....com/id/1033821
CVE Reference: CVE-2015-7034
Oct 16 2015
Impact: Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes ...
Solution: The vendor has issued a fix (5.6).
- http://www.securityt....com/id/1033826
CVE Reference: CVE-2015-7032, CVE-2015-7033
Oct 16 2015
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes ...
Solution: The vendor has issued a fix (5.6).

Numbers 3.6
- http://www.securityt....com/id/1033825
CVE Reference: CVE-2015-7032, CVE-2015-7033
Oct 16 2015
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes
Solution: The vendor has issued a fix (3.6).
___

- https://www.us-cert....ges-and-Numbers
Oct 15, 2015 - "... Available updates include:
    Keynote 6.6, Pages 5.6, and Numbers 3.6 for OS X Yosemite v10.10.4 or later
    Keynote 6.6, Pages 5.6, and Numbers 3.6 for iOS v8.4 or later ..."
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 16 October 2015 - 08:10 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#181 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,394 posts

Posted 21 October 2015 - 09:01 PM

FYI...

> https://support.appl.../en-us/HT201222

iOS 9.1
- https://support.appl.../en-us/HT205370
Oct 21, 2015 - "Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later. Impact: Visiting a maliciously crafted website may lead to arbitrary code execution..."
- http://www.securityt....com/id/1033931
CVE Reference: CVE-2015-7010, CVE-2015-7018
Oct 22 2015
Impact: Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 9.1 ...

Safari 9.0.1
- https://support.appl.../en-us/HT205377
Oct 21, 2015 - "Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5 and OS X El Capitan v10.11. Impact: Visiting a maliciously crafted website may lead to arbitrary code execution..."
- http://www.securityt....com/id/1033939
CVE Reference: CVE-2015-5931, CVE-2015-7011, CVE-2015-7013
Oct 22 2015
Impact: Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 9.0.1

iTunes 12.3.1
- https://support.appl.../en-us/HT205372
Oct 21, 2015 - "Available for: Windows 7 and later. Impact: A man-in-the-middle attack while browsing the iTunes Store via iTunes may result in unexpected application termination or arbitrary code execution..."

Mac EFI Security Update 2015-002
- https://support.appl.../en-us/HT205317
Oct 21, 2015 - "Available for: OS X Mavericks v10.9.5. Impact: An attacker can exercise unused EFI functions..."

OS X Server 5.0.15
- https://support.appl.../en-us/HT205376
Oct 21, 2015 - "BIND: Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.1 or later
Impact: Multiple vulnerabilities in BIND
Description: Multiple vulnerabilities existed in BIND versions prior to 9.9.7-P3, one of which may have allowed a remote attacker to cause a denial of service. These issues were addressed by updating BIND to version 9.9.7-P3..."
- http://www.securityt....com/id/1033933
CVE Reference: CVE-2015-7031
Oct 22 2015
Impact: Host/resource access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): OS X Server prior to 5.0.15 ...

OS X El Capitan v10.11.1 and Security Update 2015-007
- https://support.appl.../en-us/HT205375
Oct 21, 2015 - "Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11. Impact: Visiting a maliciously crafted website may lead to arbitrary code execution..."
- http://www.securityt....com/id/1033929
CVE Reference: CVE-2015-5924, CVE-2015-5925, CVE-2015-5926, CVE-2015-5927, CVE-2015-5928, CVE-2015-5929, CVE-2015-5930, CVE-2015-5935, CVE-2015-5936, CVE-2015-5937, CVE-2015-5939, CVE-2015-5940, CVE-2015-5942, CVE-2015-6974, CVE-2015-6975, CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6979, CVE-2015-6981, CVE-2015-6982, CVE-2015-6983, CVE-2015-6986, CVE-2015-6988, CVE-2015-6989, CVE-2015-6990, CVE-2015-6991, CVE-2015-6992, CVE-2015-6993, CVE-2015-6994, CVE-2015-6995, CVE-2015-6996, CVE-2015-6997, CVE-2015-6999, CVE-2015-7000, CVE-2015-7002, CVE-2015-7004, CVE-2015-7005, CVE-2015-7006, CVE-2015-7008, CVE-2015-7009, CVE-2015-7012, CVE-2015-7014, CVE-2015-7015, CVE-2015-7017, CVE-2015-7022, CVE-2015-7023   
Oct 22 2015
Impact: Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10.9.5, 10.10.5, 10.11 ...

Xcode 7.1
- https://support.appl.../en-us/HT205379
Oct 21, 2015 - "Available for: OS X Yosemite v10.10.5 or later. Impact: Swift programs performing certain type conversions may receive unexpected values. Description: A type conversion issue existed that could lead to conversions returning unexpected values. This issue was addressed through improved type checking..."
- http://www.securityt....com/id/1033930
CVE Reference: CVE-2015-7030
Oct 22 2015
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to versions 7.1R22.1, 7.4, 8.0R11, 8.1R3 ...

watchOS 2.0.1
- https://support.appl.../en-us/HT205378
Oct 21, 2015 - "Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes. Impact: Some cards may allow a terminal to retrieve limited recent transaction information when making a payment. Description: The transaction log functionality was enabled in certain configurations. This issue was addressed by removing the transaction log functionality. This update additionally addresses the issue for Apple Watches manufactured with watchOS 2..."
___

> https://www.us-cert....ecurity-Updates
Oct 21, 2015
 

:ph34r: :ph34r: :ph34r:


Edited by AplusWebMaster, 23 October 2015 - 08:50 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#182 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,394 posts

Posted 08 December 2015 - 03:21 PM

FYI...

> https://support.appl.../en-us/HT201222

iOS 9.2
- https://support.appl.../en-us/HT205635
Dec 8, 2015 - "Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later..."
- http://www.securityt....com/id/1034348
CVE Reference: CVE-2015-7037, CVE-2015-7051, CVE-2015-7055, CVE-2015-7069, CVE-2015-7070, CVE-2015-7072, CVE-2015-7079, CVE-2015-7080, CVE-2015-7093, CVE-2015-7113
Dec 9 2015
Impact: Disclosure of system information, Disclosure of user information, Modification of system information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 9.2 ...

Safari 9.0.2
- https://support.appl.../en-us/HT205639
Dec 8, 2015 - "Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1 ..."
- http://www.securityt....com/id/1034341
CVE Reference: CVE-2015-7048, CVE-2015-7050, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, CVE-2015-7103, CVE-2015-7104
Dec 9 2015
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 9.0.2 ...

OS X El Capitan 10.11.2 and Security Update 2015-008
- https://support.appl.../en-us/HT205637
Dec 8, 2015 - "Available for: OS X El Capitan v10.11 and v10.11.1
Impact: Multiple vulnerabilities in PHP
Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.29, the most serious of which may have led to remote code execution. These were addressed by updating PHP to version 5.5.30..."
- http://www.securityt....com/id/1034344
CVE Reference: CVE-2012-1147, CVE-2012-1148, CVE-2015-5333, CVE-2015-5334, CVE-2015-7001, CVE-2015-7038, CVE-2015-7039, CVE-2015-7040, CVE-2015-7041, CVE-2015-7042, CVE-2015-7043, CVE-2015-7044, CVE-2015-7045, CVE-2015-7046, CVE-2015-7047, CVE-2015-7052, CVE-2015-7053, CVE-2015-7054, CVE-2015-7058, CVE-2015-7059, CVE-2015-7060, CVE-2015-7061, CVE-2015-7062, CVE-2015-7063, CVE-2015-7064, CVE-2015-7065, CVE-2015-7066, CVE-2015-7067, CVE-2015-7068, CVE-2015-7071, CVE-2015-7073, CVE-2015-7074, CVE-2015-7075, CVE-2015-7076, CVE-2015-7077, CVE-2015-7078, CVE-2015-7081, CVE-2015-7083, CVE-2015-7084, CVE-2015-7094, CVE-2015-7105, CVE-2015-7106, CVE-2015-7107, CVE-2015-7108, CVE-2015-7109, CVE-2015-7110, CVE-2015-7111, CVE-2015-7112
Dec 9 2015
Impact: Denial of service via local system, Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Root access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes ...
Solution: The vendor has issued a fix.

Xcode 7.2
- https://support.appl.../en-us/HT205642
Dec 8, 2015 - "Available for: OS X Yosemite v10.10.5 or later..."
- http://www.securityt....com/id/1034340
CVE Reference: CVE-2015-7049, CVE-2015-7056, CVE-2015-7057, CVE-2015-7082
Dec 9 2015
Impact: Execution of arbitrary code via local system, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes ...
Solution: The vendor has issued a fix (7.2).

tvOS 9.1
- https://support.appl.../en-us/HT205640
Dec 8, 2015 - "Available for: Apple TV (4th generation)..."

watchOS 2.1
- https://support.appl.../en-us/HT205641
Dec 8, 2015 - "Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes..."
___

- https://www.us-cert....ecurity-Updates
Dec 08, 2015
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 09 December 2015 - 10:08 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#183 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,394 posts

Posted 12 December 2015 - 09:33 AM

FYI...

> https://support.appl.../en-us/HT201222

iTunes 12.3.2 released
- https://support.appl.../en-us/HT205636
Dec 11, 2015 - "Available for: Windows 7 and later..."
___

Security Update 2015-006 Yosemite
- https://support.appl.../en-us/HT205653
Last Modified: Dec 12, 2015

OS X El Capitan 10.11.2, Security Update 2015-005 Yosemite, and Security Update 2015-008 Mavericks
- https://support.appl.../en-us/HT205637
Dec 12, 2015 - "Available for: OS X El Capitan v10.11 and v10.11.1..."
___

- https://www.us-cert....y-Update-iTunes
Dec 11, 2015
 

:ph34r: :ph34r:


.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#184 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,394 posts

Posted 08 January 2016 - 06:30 AM

FYI...

QuickTime 7.7.9 released
- https://support.appl.../en-us/HT205638
Jan 7, 2016

Download:
- https://www.apple.co...ktime/download/
... for Windows Vista or Windows 7
___

- http://www.securityt....com/id/1034610
CVE Reference: CVE-2015-7085, CVE-2015-7086, CVE-2015-7087, CVE-2015-7088, CVE-2015-7089, CVE-2015-7090, CVE-2015-7091, CVE-2015-7092, CVE-2015-7117
Jan 8 2016
Impact: Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 7.7.9 ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (7.7.9)...
___

... fails to install plug-in on Firefox - unless this procedure is followed:

1. Download QT 7.7.9 from:
> https://www.apple.co...ktime/download/
... save download where you want.
2. Dble-click the .exe file.
3. Choose "Custom" install.
4. See "Optional Quicktime Features" and choose "QuickTime Web Plugin" (eliminate the red-x).
5. Choose "Next" and the upgrade/install should complete OK. If you don't do this in the recommended sequence, it will -fail- to install the plug-in for Firefox - likely other browsers, too.
 

:ph34r:


Edited by AplusWebMaster, 20 January 2016 - 12:49 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#185 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,394 posts

Posted 19 January 2016 - 11:52 PM

FYI...

- https://support.appl.../en-us/HT201222

iOS 9.2.1 released
- https://support.appl.../en-us/HT205732
Jan 14, 2016 - "Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later.."
- http://www.securityt....com/id/1034737
CVE Reference: CVE-2016-1723, CVE-2016-1724, CVE-2016-1725, CVE-2016-1726, CVE-2016-1727, CVE-2016-1728, CVE-2016-1730
Jan 20 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 9.2.1
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can obtain potentially sensitive information on the target system.
A remote user can read and write cookies on the target user's system.
Solution: The vendor has issued a fix (9.2.1)...

Safari 9.0.3 released
- https://support.appl.../en-us/HT205730
Jan 15, 2016 - "Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.2..."

OS X El Capitan 10.11.3 and Security Update 2016-001
- https://support.appl.../en-us/HT205731
Jan 19, 2016
- http://www.securityt....com/id/1034736
CVE Reference: CVE-2015-7995, CVE-2016-1716, CVE-2016-1717, CVE-2016-1718, CVE-2016-1719, CVE-2016-1720, CVE-2016-1721, CVE-2016-1722, CVE-2016-1729
Jan 20 2016
Impact: A local user can obtain kernel-level or root privileges on the target system.
Solution: The vendor has issued a fix (10.11.3; Security Update 2016-001).
___

- https://www.us-cert....itan-and-Safari
Jan 19, 2016
 

:ph34r: :ph34r: :ph34r:


Edited by AplusWebMaster, 20 January 2016 - 06:11 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#186 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,394 posts

Posted 04 March 2016 - 11:03 AM

FYI...

Apple confirms OS X update broke Ethernet port on some Macs, here’s how to fix ...
- http://9to5mac.com/2...res-how-to-fix/
"... Read the -full- steps on Apple’s Support Site* and take care not to delete anything but the file in question. If you don’t mind losing data, it may be simpler to use Recovery Mode to just Reinstall OS X. This will fix the problem when OS X is started afresh, but obviously has the big downside of deleting other data. Make sure you have recent -backups- in any case."
* https://support.appl.../en-us/HT205956
Last Modified: Mar 4, 2016
 

:ph34r: :ph34r:


.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#187 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,394 posts

Posted 21 March 2016 - 07:34 PM

FYI...

Do NOT install iOS 9.3 on your iPad 2 - Upgrade bricks slabs
> http://www.theregist...bricks_ipad_2s/
23 Mar 2016 at 20:30

... iPad 2 (GSM model) after you update to iOS 9.3
>> https://support.appl.../en-us/HT206214
Mar 25, 2016 Mar 28, 2016

> https://support.appl.../en-us/HT206203
Mar 25, 2016 Mar 28, 2016 Mar 29, 2016

- https://apple.slashd...iphone-and-ipad
Mar 29, 2016 - "Many users are experiencing an issue with their iPhone and iPad wherein trying to open a link on Safari, Mail, Chrome or any other app causes it to freeze and crash*. The issue renders any type of search with Safari as useless as none of the links returned will open. The wide-spread issue - for which there's no-known-workaround just yet - seems to be affecting users on both iOS 9.2 and iOS 9.3. Apple has acknowledged the issue and says it will release a fix "soon." There's no official word on what's causing the issue, but a popular theory with developers is that the glitch has something to do with Universal Links, a feature Apple first introduced with iOS 9. It appears some apps, such as Booking .com, are abusing this capability, causing the Universal Link database to overload."
* https://discussions....rt=765&tstart=0
___

- https://support.appl.../en-us/HT201222

iOS 9.3 released
- https://support.appl.../en-us/HT206166
21 Mar 2016 - "Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later..."
- http://www.securityt....com/id/1035353
CVE Reference: CVE-2015-8659, CVE-2016-0801, CVE-2016-0802, CVE-2016-1734, CVE-2016-1740, CVE-2016-1748, CVE-2016-1750, CVE-2016-1751, CVE-2016-1752, CVE-2016-1753, CVE-2016-1754, CVE-2016-1755, CVE-2016-1756, CVE-2016-1757, CVE-2016-1758, CVE-2016-1760, CVE-2016-1761, CVE-2016-1762, CVE-2016-1763, CVE-2016-1766, CVE-2016-1775, CVE-2016-1778, CVE-2016-1779, CVE-2016-1780, CVE-2016-1781, CVE-2016-1782, CVE-2016-1783, CVE-2016-1784, CVE-2016-1785, CVE-2016-1786, CVE-2016-1788
Mar 22 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 9.3 ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote or local user can obtain potentially sensitive information on the target system.
An application can obtain elevated privileges on the target system.
An application can bypass security controls on the target system.
Solution: The vendor has issued a fix (9.3)...

Safari 9.1
- https://support.appl.../en-us/HT206171
21 Mar 2016 - "Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.3..."
- http://www.securityt....com/id/1035354
CVE Reference: CVE-2009-2197, CVE-2016-1771, CVE-2016-1772
Mar 22 2016
Impact: A remote user can cause denial of service conditions on the target system.
A remote user can obtain potentially sensitive information on the target system.
A remote user can spoof the user interface.
Solution: The vendor has issued a fix (9.1)...

OS X El Capitan v10.11.4 and Security Update 2016-002
- https://support.appl.../en-us/HT206167
21 Mar 2016 - "Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3..."
- http://www.securityt....com/id/1035363
CVE Reference: CVE-2016-1732, CVE-2016-1733, CVE-2016-1735, CVE-2016-1736, CVE-2016-1737, CVE-2016-1738, CVE-2016-1741, CVE-2016-1743, CVE-2016-1744, CVE-2016-1745, CVE-2016-1746, CVE-2016-1747, CVE-2016-1749, CVE-2016-1764, CVE-2016-1767, CVE-2016-1768, CVE-2016-1769, CVE-2016-1770, CVE-2016-1773
Mar 22 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A local or remote user can obtain potentially sensitive information on the target system.
A local user can obtain elevated privileges on the target system.
Solution: The vendor has issued a fix (10.11.4, Security Update 2016-002)...

OS X Server 5.1
- https://support.appl.../en-us/HT206173
21 Mar 2016 - "Available for: OS X Yosemite v10.10.5 and later..."
- http://www.securityt....com/id/1035342
CVE Reference: CVE-2016-1774, CVE-2016-1776, CVE-2016-1777, CVE-2016-1787
Mar 22 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): OS X Server prior to 5.1; OS X 10.10.5 and after...
Impact: A local user can obtain privileged files on the target system.
A remote user can obtain potentially sensitive information on the target system.
Solution: The vendor has issued a fix (OS X Server 5.1)...

Xcode 7.3
- https://support.appl.../en-us/HT206172
21 Mar 2016 - "Available for: OS X El Capitan v10.11 and later..."
- http://www.securityt....com/id/1035352
CVE Reference: CVE-2016-1765
Mar 22 2016
Fix Available: Yes  Vendor Confirmed:  Yes  
Impact: A local user can obtain elevated privileges on the target system.
Solution: The vendor has issued a fix (7.3)...

tvOS 9.2
- https://support.appl.../en-us/HT206169
21 Mar 2016 - "Available for: Apple TV (4th generation)..."

watchOS 2.2
- https://support.appl.../en-us/HT206168
21 Mar 2016 - "Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes..."

Apple Software Update 2.2
- https://support.appl.../en-us/HT206091
Mar 10, 2016 - "Available for: Windows 7 and later..."
___

iOS 9.3
> https://lists.apple....r/msg00000.html
watchOS 2.2
> https://lists.apple....r/msg00001.html
tvOS 9.2
> https://lists.apple....r/msg00002.html
Xcode 7.3
> https://lists.apple....r/msg00003.html
OS X El Capitan 10.11.4 and Security Update 2016-002
> https://lists.apple....r/msg00004.html
Safari 9.1
> https://lists.apple....r/msg00005.html
OS X Server 5.1
> https://lists.apple....r/msg00006.html
___

- https://www.us-cert....ecurity-Updates
March 21, 2016
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 30 March 2016 - 06:29 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#188 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,394 posts

Posted 05 April 2016 - 10:24 AM

FYI...

- https://support.appl.../en-us/HT201222

iOS 9.3.1 released

- https://support.appl.../en-us/HT206225
Last Modified: Mar 31, 2016 - "iOS 9.3.1 includes the security content of iOS 9.3."

> https://lists.apple..../Mar/index.html
??

- http://www.theinquir...acts-and-photos
Apr 05 2016 - "... AFTER releasing iOS 9.3.1 to fix the link-crashing glitch plaguing iPhones and iPads, a bug has been spotted in the update that allows -anyone- to access photos and contacts on a locked device. A YouTube video (below) shows the vulnerability in action and reveals that all a hacker needs to pilfer contacts from a passcode-locked iPhone 6S or 6S Plus is access to Siri and 3D Touch... there -is- a way to keep your iPhone's information safe should it fall into the hands of a hacker... Siri can carry out the command in question only if given permission to access Twitter account information, as well as contacts and photos. To -revoke- these permissions, head to:
Settings > Privacy and switch -off- Siri's access to Twitter and Photos. To stop it accessing your contacts, you'll need to -disable- Siri's lock screen activation by heading to Settings > Touch ID & Passcode."
(See Video 0:49 at the URL above.)
___

iBooks Author 2.4.1
- https://support.appl.../en-us/HT206224
Last Modified: Mar 31, 2016
CVE-2016-1789

> https://lists.apple....r/msg00008.html

- https://www.us-cert....Security-Update
Apr 1, 2016
___

APPLE-SA-2016-03-28-1 OS X: Flash Player plug-in blocked
- https://lists.apple....r/msg00007.html
28 Mar 2016 - "Due to security issues in older versions, Apple has updated the web plug-in blocking mechanism to disable all versions prior to Flash Player 21.0.0.182 and 18.0.0.333. Information on blocked web plug-ins will be posted to:
- http://support.apple.../en-us/HT202681 "
Last Modified: Mar 18, 2016

 

:ph34r: :ph34r:


Edited by AplusWebMaster, 05 April 2016 - 03:12 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#189 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,394 posts

Posted 15 April 2016 - 06:46 AM

FYI...

Apple Ends Support for QuickTime for Windows; New Vulnerabilities Announced
- https://www.us-cert....lerts/TA16-105A
April 14, 2016
> https://support.appl.../en-us/HT205771
___

Apple is deprecating QuickTime for Windows
- http://blog.trendmic...-windows-today/
April 14, 2016 - "... Apple is deprecating QuickTime for Microsoft Windows. They will no longer be issuing security updates for the product on the Windows Platform and recommend users uninstall it. Note that this does not apply to QuickTime on Mac OSX... our Zero Day Initiative has just released two advisories ZDI-16-241 and ZDI-16-242 detailing two new, critical vulnerabilities affecting QuickTime for Windows..."
> http://zerodayinitia...ies/ZDI-16-241/
> http://zerodayinitia...ies/ZDI-16-242/

- http://www.securityt....com/id/1035579
Apr 15 2016
___

- https://support.appl.../en-us/HT201175
Apr 20, 2016 - "QuickTime 7 for Windows is no longer supported by Apple... All current Windows web browsers support video without the need for browser plug-ins. If you no longer need QuickTime 7 on your PC, follow the instructions for uninstalling QuickTime 7 for Windows*."
* https://support.apple.com/kb/HT205771
 

:ph34r: :ph34r: :ph34r:


Edited by AplusWebMaster, 21 April 2016 - 01:36 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#190 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,394 posts

Posted 17 May 2016 - 08:21 AM

FYI...

- https://support.appl.../en-us/HT201222

iOS 9.3.2 update appears to be bricking iPads
- http://www.theregist...e_bricks_ipads/
17 May 2016 - "... Reports of borked iPads emerged on Twitter thanks reportedly to a hardware issue requiring users to possibly restore their devices or contact support... Users have Tweeted* to Apple Support (@AppleSupport) with complaints their iPads -cannot- be restored through iTunes..."
* https://twitter.com/...rt/with_replies
___

iOS 9.3.2
- https://support.appl.../en-us/HT206568
Last Modified: May 23, 2016 - "Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later..."
> http://www.securityt....com/id/1035890
CVE Reference: CVE-2016-1790, CVE-2016-1801, CVE-2016-1802, CVE-2016-1803, CVE-2016-1807, CVE-2016-1808, CVE-2016-1811, CVE-2016-1813, CVE-2016-1814, CVE-2016-1817, CVE-2016-1818, CVE-2016-1819, CVE-2016-1823, CVE-2016-1824, CVE-2016-1827, CVE-2016-1828, CVE-2016-1829, CVE-2016-1830, CVE-2016-1831, CVE-2016-1832, CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-1841, CVE-2016-1842, CVE-2016-1847, CVE-2016-1852
May 17 2016
Version(s): prior to 9.3.2 ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can cause the target system to crash.
A remote or local user can obtain potentially sensitive information on the target system.
A remote user can gain elevated privileges on the target system.
Solution: The vendor has issued a fix (9.3.2)...
___

iTunes 12.4
- https://support.appl.../en-us/HT206379
May 16, 2016 - "Available for: Windows 7 and later..."
> http://www.securityt....com/id/1035887
CVE Reference: CVE-2016-1742
May 17 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 12.4 ...
Impact: A local user can obtain elevated privileges on the target system.
Solution: The vendor has issued a fix (12.4)...
___

Safari 9.1.1
- https://support.appl.../en-us/HT206565
May 16, 2016 - "Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.5..."
> http://www.securityt....com/id/1035888
CVE Reference: CVE-2016-1849, CVE-2016-1854, CVE-2016-1855, CVE-2016-1856, CVE-2016-1857, CVE-2016-1858, CVE-2016-1859
May 17 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 9.1.1 ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can obtain potentially sensitive information on the target system.
Solution: The vendor has issued a fix (9.1.1)...
___

OS X El Capitan v10.11.5 and Security Update 2016-003
- https://support.appl.../en-us/HT206567
May 16, 2016
> http://www.securityt....com/id/1035895
CVE Reference: CVE-2016-1791, CVE-2016-1792, CVE-2016-1793, CVE-2016-1794, CVE-2016-1795, CVE-2016-1796, CVE-2016-1797, CVE-2016-1798, CVE-2016-1799, CVE-2016-1800, CVE-2016-1804, CVE-2016-1805, CVE-2016-1806, CVE-2016-1809, CVE-2016-1810, CVE-2016-1812, CVE-2016-1815, CVE-2016-1816, CVE-2016-1820, CVE-2016-1821, CVE-2016-1822, CVE-2016-1825, CVE-2016-1826, CVE-2016-1843, CVE-2016-1844, CVE-2016-1846, CVE-2016-1848, CVE-2016-1850, CVE-2016-1851, CVE-2016-1853
May 17 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote or local user can modify data on the target system.
A remote user can cause denial of service conditions.
A local user can obtain elevated privileges on the target system.
A remote user can gain elevated privileges on the target system.
Solution: The vendor has issued a fix (10.11.5 and Security Update 2016-003)...
___

tvOS 9.2.1
- https://support.appl.../en-us/HT206564
May 16, 2016
> http://www.securityt....com/id/1035893
May 17 2016
___

watchOS 2.2.1
- https://support.appl.../en-us/HT206566
May 16, 2016
> http://www.securityt....com/id/1035894
May 17 2016
___

- https://www.us-cert....ecurity-Updates
May 16, 2016
 

:ph34r: :ph34r: :ph34r:


Edited by AplusWebMaster, 31 May 2016 - 01:08 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#191 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,394 posts

Posted 22 June 2016 - 08:09 AM

FYI...

Apple - AirPort Base Station - Firmware Update 7.6.7 and 7.7.7
- https://support.appl.../en-us/HT206849
Jun 20, 2016

- http://www.securityt....com/id/1036136
CVE Reference: CVE-2015-7029
Jun 21 2016
Fix Available:  Yes  Vendor Confirmed:  Yes ...
Impact: A remote user can execute arbitrary code on the target system.
Solution: The vendor has issued a fix (7.6.7, 7.7.7)...

- https://www.us-cert....Security-Update
June 21, 2016
 

:ph34r:


.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#192 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,394 posts

Posted 18 July 2016 - 09:56 PM

FYI...

- https://support.appl.../en-us/HT201222

- https://lists.apple....ul/threads.html

iOS 9.3.3
- https://support.appl.../en-us/HT206902
July 18, 2016 - "Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later..."
- http://www.securityt....com/id/1036344
CVE Reference:   CVE-2016-1863, CVE-2016-1864, CVE-2016-1865, CVE-2016-4582, CVE-2016-4587, CVE-2016-4593, CVE-2016-4594, CVE-2016-4603, CVE-2016-4604, CVE-2016-4605, CVE-2016-4626, CVE-2016-4627, CVE-2016-4628, CVE-2016-4631, CVE-2016-4632, CVE-2016-4635, CVE-2016-4637
Jul 19 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 9.3.3 ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote or local user can cause denial of service conditions on the target system.
A remote or local user can obtain potentially sensitive information on the target system.
A local user can obtain elevated privileges on the target system.
A remote user can spoof a URL or content.
Solution: The vendor has issued a fix (9.3.3)...
___

iTunes 12.4.2 for Windows
- https://support.appl.../en-us/HT206901
July 18, 2016 - "Available for: Windows 7 and later..."

iCloud for Windows 5.2.1
- https://support.appl.../en-us/HT206899
July 18, 2016 - "Available for: Windows 7 and later..."

Safari 9.1.2
- https://support.appl.../en-us/HT206900
July 18, 2016 - "Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.6..."
- http://www.securityt....com/id/1036343
CVE Reference: CVE-2016-4583, CVE-2016-4584, CVE-2016-4585, CVE-2016-4586, CVE-2016-4589, CVE-2016-4590, CVE-2016-4591, CVE-2016-4592, CVE-2016-4622, CVE-2016-4623, CVE-2016-4624, CVE-2016-4651
Jul 19 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 9.1.2 ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can consume excessive memory resources on the target system.
A remote user can obtain potentially sensitive information on the target system.
A remote user can spoof user interface elements.
Solution: The vendor has issued a fix (9.1.2)...
___

OS X El Capitan v10.11.6 and Security Update 2016-004
- https://support.appl.../en-us/HT206903
July 18, 2016 - "Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later..."
- http://www.securityt....com/id/1036348
CVE Reference: CVE-2016-0718, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483, CVE-2016-4595, CVE-2016-4596, CVE-2016-4597, CVE-2016-4598, CVE-2016-4599, CVE-2016-4600, CVE-2016-4601, CVE-2016-4602, CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, CVE-2016-4612, CVE-2016-4614, CVE-2016-4615, CVE-2016-4616, CVE-2016-4619, CVE-2016-4621, CVE-2016-4625, CVE-2016-4629, CVE-2016-4630, CVE-2016-4633, CVE-2016-4634, CVE-2016-4638, CVE-2016-4639, CVE-2016-4640, CVE-2016-4641, CVE-2016-4645, CVE-2016-4646, CVE-2016-4647, CVE-2016-4648, CVE-2016-4649, CVE-2016-4650, CVE-2016-4652
Jul 19 2016
Fix Available:  Yes  Vendor Confirmed:  Yes ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A local user can cause denial of service conditions on the target system.
A remote or local user can obtain potentially sensitive information on the target system.
A local user can obtain elevated privileges on the target system.
A physically local user can view passwords.
Solution: The vendor has issued a fix (10.11.6, Security Update 2016-004)...
___

tvOS 9.2.2
- https://support.appl.../en-us/HT206905
July 18, 2016 - "Available for: Apple TV (4th generation)..."

watchOS 2.2.2
- https://support.appl.../en-us/HT206904
July 18, 2016 - "Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes..."
___

- https://www.us-cert....ecurity-Updates
July 18, 2016
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 19 July 2016 - 06:08 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#193 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,394 posts

Posted 05 August 2016 - 10:15 AM

FYI...

- https://support.appl.../en-us/HT201222

iOS 9.3.4 released
- https://support.appl.../en-us/HT207026
Aug 4, 2016 - "Available for: iPhone 4s and later, iPad 2 and later, iPod touch (5th generation) and later..."
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed through improved memory handling.
CVE-2016-4654: Team Pangu

... Update fixes a single issue credited to prominent jailbreaking...
> http://arstechnica.c...s-9-3-4-update/
8/4/2016
___

- http://www.securityt....com/id/1036546
CVE Reference: CVE-2016-4654
Aug 6 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9.3.3; possibly earlier versions...
Impact: An application can execute arbitrary code on the target system with kernel-level privileges.
Solution: The vendor has issued a fix (9.3.4)...
___

- https://www.us-cert....Security-Update
Aug 05, 2016
 

:ph34r:


Edited by AplusWebMaster, 06 August 2016 - 08:28 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#194 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,394 posts

Posted 25 August 2016 - 04:25 PM

FYI...

Out-of-Band iOS Patch Fixes 0-Day ...
- https://isc.sans.edu...l?storyid=21409
2016-08-25 - "A new spyware has been discovered on the Apple platform. Called Pegasus... it turns out to be a sophisticated targeted spyware. Developed by professionals, it uses 0-day vulnerabilities, code obfuscation and encryption techniques. Apple released today an out-of-band patch for iOS (version 9.3.5)*. It fixes three critical vulnerabilities..."

iOS 9.3.5 released
* https://support.appl.../en-us/HT207107
Aug 25, 2016 - "Available for: iPhone 4s and later, iPad 2 and later, iPod touch (5th generation) and later..."

- https://lists.apple....g/msg00000.html
25 Aug 2016

- http://www.securityt....com/id/1036694
CVE Reference: CVE-2016-4655, CVE-2016-4656, CVE-2016-4657
Aug 25 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 9.3.5...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
An application can obtain portions of kernel memory contents.
An application can obtain elevated privileges on the target system.
Solution: The vendor has issued a fix (9.3.5)...

- https://www.us-cert....Security-Update
Aug 25, 2016
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 25 August 2016 - 05:13 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button