News: Cexx forums, with volunteers dedicated to helping you remove malware and stay protected
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
September 02, 2014, 15:43:28
Pages: 1 ... 5 6 [7] 8 9 ... 11   Go Down
  Print  
Topic: Apple / Mac updates  (Read 44901 times)
0 Members and 1 Guest are viewing this topic.
« Reply #90 on: March 08, 2012, 09:10:02 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8237



FYI...

Apple iOS 5.1 Software Update
- https://support.apple.com/kb/HT5192
March 07, 2012 - iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2
- https://secunia.com/advisories/48288/
Impact: Security Bypass, Cross Site Scripting, Exposure of sensitive information, System access
Where: From remote
Solution: Apply iOS 5.1 Software Update.
- http://www.securitytracker.com/id/1026774
Date: Mar 8 2012
CVE Reference:  CVE-2012-0641, CVE-2012-0642, CVE-2012-0643, CVE-2011-3453, CVE-2012-0644, CVE-2012-0585, CVE-2012-0645, CVE-2012-0646, CVE-2011-3887, CVE-2012-0590, CVE-2011-3881, CVE-2012-0586, CVE-2012-0587, CVE-2012-0588, CVE-2012-0589, CVE-2011-2825, CVE-2011-2833, CVE-2011-2846, CVE-2011-2847, CVE-2011-2854, CVE-2011-2855, CVE-2011-2857, CVE-2011-2860, CVE-2011-2867, CVE-2011-2868, CVE-2011-2869, CVE-2011-2870, CVE-2011-2871, CVE-2011-2872, CVE-2011-2873, CVE-2011-2877, CVE-2011-3885, CVE-2011-3888, CVE-2011-3897, CVE-2011-3908, CVE-2011-3909, CVE-2011-3928, CVE-2012-0591, CVE-2012-0592, CVE-2012-0593, CVE-2012-0594, CVE-2012-0595, CVE-2012-0596, CVE-2012-0597, CVE-2012-0598, CVE-2012-0599, CVE-2012-0600, CVE-2012-0601, CVE-2012-0602, CVE-2012-0603, CVE-2012-0604, CVE-2012-0605, CVE-2012-0606, CVE-2012-0607, CVE-2012-0608, CVE-2012-0609, CVE-2012-0610, CVE-2012-0611, CVE-2012-0612, CVE-2012-0613, CVE-2012-0614, CVE-2012-0615, CVE-2012-0616, CVE-2012-0617, CVE-2012-0618, CVE-2012-0619, CVE-2012-0620, CVE-2012-0621, CVE-2012-0622, CVE-2012-0623, CVE-2012-0624, CVE-2012-0625, CVE-2012-0626, CVE-2012-0627, CVE-2012-0628, CVE-2012-0629, CVE-2012-0630, CVE-2012-0631, CVE-2012-0632, CVE-2012-0633, CVE-2012-0635
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via local system, User access via network...

iTunes 10.6 update
- https://support.apple.com/kb/HT5191
March 07, 2012 - Windows 7, Vista, XP SP2 or later
- https://secunia.com/advisories/48274/
Impact: System access
Where: From remote
Solution: Update to version 10.6.
- http://www.securitytracker.com/id/1026781
Date: Mar 9 2012
CVE Reference: CVE-2012-0634, CVE-2012-0636, CVE-2012-0637, CVE-2012-0638, CVE-2012-0639, CVE-2012-0648
Impact: Execution of arbitrary code via network, User access via network

- http://h-online.com/-1466786
8 March 2012

- https://www.us-cert.gov/current/#apple_releases_multiple_security_updates2
March 9, 2012

 Exclamation Exclamation
« Last Edit: March 10, 2012, 06:54:14 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #91 on: March 11, 2012, 12:38:36 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8237



FYI...

Apple Safari Plug-in vuln ...
- https://secunia.com/advisories/45758/
Release Date: 2012-03-07
Criticality level: Moderately critical
Impact: System access
Where: From remote
Software: Apple Safari 5.x
CVE Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3845 - 7.6 (HIGH)
Last revised: 03/08/2012
... confirmed in version 5.1.2 (7534.52.7) on Windows using the RealPlayer and Adobe Flash plug-ins. Other versions may also be affected.
Solution: No effective workaround is currently available...

- http://www.securitytracker.com/id/1026775
CVE Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3844 - 4.3
Date: Mar 9 2012
Impact: Modification of system information
Version(s): 5.0.5 (7533.21.1); possibly other versions
Impact: A remote user can spoof the address bar URL.
Solution: The vendor has issued a partial fix (5.1.2 (7534.52.7))...

- https://www.apple.com/safari/download/
(Currently: Safari 5.1.2... for Windows XP, Vista or 7)

Use Apple Software Update ...

 Exclamation   Sad
« Last Edit: March 11, 2012, 13:48:37 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #92 on: March 12, 2012, 13:22:49 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8237



FYI...

Safari v5.1.4 released
- http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html
Mar 12, 2012 - Safari 5.1.4 for Windows XP, Vista or 7 ...

- https://www.apple.com/safari/download/

- https://support.apple.com/kb/HT5190

- http://www.securitytracker.com/id/1026785
Date: Mar 12 2012
CVE Reference: CVE-2012-0584, CVE-2012-0640, CVE-2012-0647
Impact:  Disclosure of authentication information, Modification of system information
Version(s): prior to 5.1.4...

- https://secunia.com/advisories/48377/
Release Date: 2012-03-13
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of sensitive information, System access
Where: From remote ...
Solution: Update to version 5.1.4.
Original Advisory: http://support.apple.com/kb/HT5190
___

- https://www.computerworld.com/s/article/9225130/Apple_patches_record_number_of_Safari_5_bugs_with_monster_update
Mar 13, 2012 - "... Fixes 83 security flaws, most in WebKit engine; boosts JavaScript performance on OS X Lion... Of the 83 vulnerabilities, Apple tacitly classified 72 as critical..."

- http://h-online.com/-1470595
13 March 2012
>> http://www.h-online.com/security/news/item/Safari-update-closes-security-holes-1470595.html?view=zoom;zoom=1

 Exclamation
« Last Edit: March 13, 2012, 06:24:16 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #93 on: April 04, 2012, 02:25:39 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8237



FYI...

Apple - Java update for OS X Lion 2012-001 and Java for Mac OS X 10.6
- https://support.apple.com/kb/HT5228
April 03, 2012
This document describes  the security content of Java for OS X Lion 2012-001 and Java for Mac OS X 10.6 Update 7, which can be downloaded and installed via Software Update* preferences, or from Apple Downloads.
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.3, Lion Server v10.7.3
Impact: Multiple vulnerabilities in Java 1.6.0_29
Description: Multiple vulnerabilities exist in Java 1.6.0_29, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_31...

* https://support.apple.com/kb/HT1338

APPLE-SA-2012-04-03-1 Java for OS X 2012-001 and Java for Mac OS X 10.6 Update 7
- http://lists.apple.com/archives/security-announce/2012/Apr/msg00000.html
3 Apr 2012

- https://www.us-cert.gov/current/#apple_update_for_java_for
April 4, 2012

- https://secunia.com/advisories/48648/
Release Date: 2012-04-04
Criticality level: Highly critical
Impact: Manipulation of data, Exposure of sensitive information, DoS, System access
Where: From remote...
Solution: Apply updates.
Original Advisory: http://support.apple.com/kb/HT5228
___

Urgent Fix for Zero-Day Mac Java Flaw
- http://atlas.arbor.net/briefs/index#-674870906
Severity: Extreme Severity
Published: Thursday, April 05, 2012 23:09
Apple has released a critical Java patch that should be deployed ASAP to help counter the Flashback malware. Apple users should be aware that they are -not- invulnerable, even though OSX attacks and malware are much much less than for Windows systems.
Analysis: Flashback has started compromising OSX systems using an out-of-date version of Java. The trojan has been seen with two basic payloads, one to modify Safari settings and the other that is a password stealer. The Flashback botnet has been monitored by security company Dr. Web and their data shows approximately 600,000 OSX systems have been infected. More infections are on their way, given the lax attention to security that many OSX users have. It is likely that this Java security flaw has also been used in targeted attacks that won't get much, if any press.
Source: https://krebsonsecurity.com/2012/04/urgent-fix-for-zero-day-mac-java-flaw/

- http://h-online.com/-1500931
4 April 2012

 Exclamation Exclamation
« Last Edit: April 07, 2012, 02:42:06 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #94 on: April 12, 2012, 15:18:15 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8237



FYI...

Apple standalone Flashback malware removal tool
- http://h-online.com/-1526041
16 April 2012 - "Apple has announced* the release of a standalone version of the "Flashback malware removal tool"**. The 356KB tool is aimed at Mac OS X 10.7 Lion users without Java installed and, according to Apple, it "removes the most common variants of the Flashback malware". If the tool finds the Flashback malware, users will presented with a dialogue notifying them that it was removed; depending on the variant removed, the tool may require users to restart their system... The Flashback malware removal tool*** is available from Apple's Support Downloads site."

* http://lists.apple.com/archives/security-announce/2012/Apr/msg00002.html
13 Apr 2012

** http://support.apple.com/kb/HT5246

*** http://support.apple.com/kb/DL1517
___

2012-003 Apple - Java for OS X Lion
- http://support.apple.com/kb/HT5242
April 12, 2012 - "... Java for OS X Lion 2012-003 delivers Java SE 6 version 1.6.0_31 and supersedes all previous versions of Java for OS X Lion. This update is recommended for all Mac users with Java installed..."

Java for Mac OS X 10.6 Update 8
- http://support.apple.com/kb/HT5243
April 12, 2012 - "... Java for Mac OS X 10.6 Update 8 delivers Java SE 6 version 1.6.0_31 and supersedes all previous versions of Java for Mac OS X v10.6..."


APPLE-SA-2012-04-12-1 Java for OS X 2012-003 and Java for Mac OS X 10.6 Update 8
- http://lists.apple.com/archives/security-announce/2012/Apr/msg00001.html
12 Apr 2012

> https://isc.sans.edu/diary.html?storyid=12973
Last Updated: 2012-04-12 21:50:28 UTC

- http://h-online.com/-1520431
13 April 2012 - "... Java update -with- Flashback removal tool..."
___

Third Java update in 9 days...
- https://www.computerworld.com/s/article/9226175/Apple_delivers_Flashback_malware_hunter_killer
April 13, 2012

- https://www.computerworld.com/common/images/site/features/2012/04/Flashback%20Decline.jpg
April 12, 2012

 Exclamation Exclamation
« Last Edit: April 18, 2012, 03:32:43 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #95 on: May 01, 2012, 13:42:00 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8237



FYI...

Apple patching practice ...
- http://atlas.arbor.net/briefs/index#-1272909644
30 Apr 2012 - OSX anti-malware site provides resources of value... link to a recent Flashback trojan analysis by DrWeb*.
Source:  http://macviruscom.wordpress.com/2012/04/29/flashback-drweb-analysis-and-apple-patching-practice/

- http://nakedsecurity.sophos.com/2012/04/27/python-malware-mac/
April 27, 2012

* http://news.drweb.com/?i=2410&c=5&lng=en&p=0
April 27, 2012
> https://www.zdnet.com/blog/bott/flashback-malware-exposes-big-gaps-in-apple-security-response/4904?pg=2
April 29, 2012 - "... left to their own devices, many users will simply postpone those updates by clicking the 'Not Now' or 'Install Later' button. They see updates as an annoyance that will mean they they can’t use their Mac for 10 minutes to a half-hour... roughly 1 out of every 4 Snow Leopard users are at least six months behind in terms of applying major software updates. Nearly 15% are more than a year behind, meaning they have skipped at least two major OS X updates and are easy prey for any exploit that targets security holes that were fixed in those updates... If (Apple) talks to the press in an effort to reach owners of Macs who aren’t aware they’ve been infected, they risk puncturing the 'Macs don’t get viruses' image they’ve cultivated through the years. So the company has chosen to remain silent, which is shameful..."

These guys know it - and so do the Hacks.

Free Mac anti-virus for home users
> http://www.sophos.com/freemacav
> https://www.avira.com/en/avira-free-mac-security
___

New Malware Found Exploiting Mac OS X Snow Leopard
- https://threatpost.com/en_us/blogs/new-malware-found-exploiting-mac-os-x-snow-leopard-050212
May 2, 2012 - "... with Lion, that specific memory address can't be written, so the exploit fails. We can assume that this malware itself is targeting only Snow Leopard or lower versions of Mac OSX. That means the attacker had knowledge about the target environment beforehand. That includes the target operating system, application patch levels, etc..."

 Shocked  Evil or Very Mad
« Last Edit: May 02, 2012, 10:22:55 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #96 on: May 08, 2012, 01:41:41 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8237



FYI...

Apple iOS 5.1.1 Update for iPod, iPhone, iPad
- https://isc.sans.edu/diary.html?storyid=13144
Last Updated: 2012-05-07 20:29:40 UTC - "... only available through iTunes. The updates address Safari and WebKit for iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2... the update is available through iTunes."

- http://support.apple.com/kb/HT5278
May 07, 2012
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3046 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3056 - 7.5 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0672 - 6.8
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0674 - 4.3

- http://support.apple.com/kb/DL1521
Version: 5.1.1 - May 07, 2012
System Requirements: iPhone 4S, iPhone 4, iPhone 3GS, iPad 2, iPad, iPod touch (4th generation), iPod touch (3rd generation)

Apple patches serious security holes in iOS devices
- http://atlas.arbor.net/briefs/index#-480279256
Severity: Elevated Severity
Published: Monday, May 07, 2012
New patches provide protection for recent security holes in iOS.
Analysis: Some of these security holes were used in "hacking contents" such as pwn2own. It is likely that others are aware of the security holes, especially now that patches have been released and are surely being analyzed by attackers to spot the vulnerabilities. Considering the hot trends in mobile attacks, users are encouraged to deploy these updates as soon as possible.
Source: https://www.zdnet.com/blog/security/apple-patches-serious-security-holes-in-ios-devices/11983?utm

- http://h-online.com/-1569932
8 May 2012

- http://nakedsecurity.sophos.com/2012/05/08/apple-offers-ios-5-1-1-update-fixes-some-serious-vulnerabilities/
May 8, 2012

- http://www.securitytracker.com/id/1027028
CVE Reference: CVE-2012-0672, CVE-2012-0674
Date: May 7 2012
Impact: Execution of arbitrary code via network, Modification of system information, User access via network
Version(s): prior to 5.1.1; iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2
Description: Two vulnerabilities were reported in Apple iOS. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can spoof the address bar URL...

 Exclamation
« Last Edit: May 09, 2012, 02:25:56 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #97 on: May 10, 2012, 01:28:11 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8237



FYI...

Apple Security Update 2012-002 - OS X Lion v10.7.4
Released for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3
- http://support.apple.com/kb/HT5281
May 09, 2012

- http://support.apple.com/kb/HT5167

Related: http://support.apple.com/kb/TS4272

- http://www.securitytracker.com/id/1027054
CVE Reference: CVE-2012-0649, CVE-2012-0651, CVE-2012-0654, CVE-2012-0655, CVE-2012-0656, CVE-2012-0657, CVE-2012-0658, CVE-2012-0659, CVE-2012-0660, CVE-2012-0661, CVE-2012-0662, CVE-2012-0675
Date: May 10 2012
Impact: Disclosure of system information, Execution of arbitrary code via network, User access via local system, User access via network
Version(s): 10.6.8, 10.7.3
Solution: The vendor has issued a fix (OS X Lion v10.7.4 and Security Update 2012-002), available from the Software Update pane in System Preferences, or Apple's Software Downloads web site at:
http://www.apple.com/support/downloads/
___

Safari 5.1.7
- http://support.apple.com/kb/HT5282
May 09, 2012

- http://support.apple.com/kb/DL1531

- http://support.apple.com/kb/HT5271

- https://secunia.com/advisories/47292/
Release Date: 2012-05-10
Criticality level: Highly critical
CVE Reference(s):
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3046 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3056 - 7.5 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0672 - 6.8
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0676 - 5.0
Impact: Security Bypass, Cross Site Scripting, System access
Where: From remote  
... vulnerabilities are reported in versions prior to 5.1.7.
Solution: Update to version 5.1.7

- http://www.securitytracker.com/id/1027053
Date: May 10 2012
Impact:  Modification of user information
Version(s): prior to 5.1.7
... The vendor's advisory is available at:
http://support.apple.com/kb/HT1222
___

Apple closes numerous holes in Mac OS X and Safari
- http://atlas.arbor.net/briefs/
Severity: Elevated Severity
Published: Friday, May 11, 2012
Now that malware authors are paying more attention to the OS X platform, keeping current on updates is going to become more important. This patch also fixes the recent plaintext password leakage issue.
Analysis: The Flashback trojan infected and still infects a substantial number of OS X systems. Imagine for a moment that they decided to take advantage of one of these security flaws - the password leakage issue with older versions of filevault - and compromised many passwords. Some of those passwords are bound to be re-used elsewhere, which could lead an attacker deeper into an enterprise. Creative and dedicated attackers will use any possible method to further their campaigns. This is just one scenario. Recent events show us that OS X is a viable target for criminals therefore patches need to be deployed in a timely manner to reduce risks.
Source: http://h-online.com/-1572174

 Exclamation Exclamation
« Last Edit: May 12, 2012, 04:30:15 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #98 on: May 15, 2012, 03:02:56 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8237



FYI...

Apple 2012-003 Security Update for Leopard
- https://support.apple.com/kb/DL1533
May 14, 2012

- http://support.apple.com/kb/HT5271
"... Out-of-date versions of Adobe Flash Player do not include the latest security updates and will be disabled to help keep your Mac secure. If Safari 5.1.7 or Leopard Security Update 2012-003 detects an out-of-date version of Flash Player on your system, you will see a dialog informing you that Flash Player has been disabled. The dialog provides the option to go directly to Adobe's website, where you can download and install an updated version of Flash Player..."

- http://support.apple.com/kb/HT1222

- http://lists.apple.com/archives/security-announce/2012/May/msg00004.html
___

APPLE-SA-2012-05-14-1 Flashback Removal Security Update
- http://lists.apple.com/archives/security-announce/2012/May/msg00003.html
14 May 2012

- http://support.apple.com/downloads/

Flashback removal tool - for Mac OS X 10.5 Leopard
- http://h-online.com/-1575554
15 May 2012

 Exclamation
« Last Edit: May 15, 2012, 04:10:32 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #99 on: May 16, 2012, 05:36:48 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8237



FYI...

QuickTime v7.7.2 released
- https://secunia.com/advisories/47447/
Release Date: 2012-05-16
Criticality level: Highly critical
Impact: System access
Where: From remote
CVE Reference: CVE-2011-3458, CVE-2011-3459, CVE-2011-3460, CVE-2012-0265, CVE-2012-0663, CVE-2012-0664, CVE-2012-0665, CVE-2012-0666, CVE-2012-0667, CVE-2012-0668, CVE-2012-0669, CVE-2012-0670, CVE-2012-0671
... vulnerabilities are reported in versions prior to 7.7.2.
Solution: Update to version 7.7.2.
Original Advisory: Apple (APPLE-SA-2012-05-15-1):
http://lists.apple.com/archives/security-announce/2012/May/msg00005.html
Download:
- http://www.apple.com/quicktime/download/
-or-
Use Apple Software Update.

- http://support.apple.com/kb/HT5261
May 15, 2012

- http://www.securitytracker.com/id/1027065
May 16 2012
Impact: Execution of arbitrary code via network, User access via network
Version(s): prior to 7.7.2
Description: Multiple vulnerabilities were reported in Apple QuickTime. A remote user can cause arbitrary code to be executed on the target user's system.
A remote user can create a specially crafted file that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.
Only Windows-based systems are affected...

 Exclamation
« Last Edit: May 16, 2012, 08:28:11 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #100 on: June 12, 2012, 04:29:41 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8237



FYI...

iTunes v10.6.3 released
- https://secunia.com/advisories/49489/
Release Date: 2012-06-12
Criticality level: Highly critical
Impact: System access
Where: From remote
CVE Reference(s):
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0672 - 6.8
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0677 - 9.3 (HIGH)
... This vulnerability does not affect the application on OS X Lion systems.
Successful exploitation of the vulnerabilities may allow execution of arbitrary code.
Solution: Update to version 10.6.3.
Original Advisory: Apple:
http://support.apple.com/kb/HT5318

• Addresses a problem where iTunes may become unresponsive when syncing an iPad (1st generation) that contains an iBooks textbook
• Fixes a problem where photos synced to a device may appear in an unexpected order
• Resolves an issue where iTunes may unexpectedly delete playlists created on a device
• Fixes issues where iTunes may unexpectedly delete apps on a device
• Improves overall performance and reliability

- http://lists.apple.com/archives/security-announce/2012/Jun/msg00000.html

... available via Apple Software Update.

 Exclamation
« Last Edit: June 27, 2012, 21:11:18 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #101 on: June 13, 2012, 05:33:29 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8237



FYI...

Java for OS X 2012-004 / Mac OS X 10.6 Update 9
- http://support.apple.com/kb/HT5319
June 12, 2012 - "Description: Multiple vulnerabilities exist in Java, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_33. Further information is available via the Java website at
http://www.oracle.com/technetwork/java/javase/releasenotes-136954.html ..."

- https://secunia.com/advisories/49542/
Release Date: 2012-06-13
Criticality level: Highly critical
Impact: Cross Site Scripting, Manipulation of data, Exposure of sensitive information, DoS, System access
Where: From remote...
... more information: https://secunia.com/SA49472/
Original Advisory: http://support.apple.com/kb/HT5319

> http://boards.cexx.org/index.php?topic=15451.msg83613#msg83613

 Exclamation
« Last Edit: June 13, 2012, 07:57:35 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #102 on: July 26, 2012, 05:17:50 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8237



FYI...

Safari v6 released
- http://support.apple.com/kb/HT5400
July 25, 2012
> http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html
APPLE-SA-2012-07-25-1 Safari 6.0

- https://secunia.com/advisories/50058/
Release Date: 2012-07-26
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of sensitive information, System access
Where: From remote...
Solution: Upgrade to Safari version 6.0 via Apple Software Update.

- http://www.securitytracker.com/id/1027307
CVE Reference: CVE-2011-3016, CVE-2011-3021, CVE-2011-3027, CVE-2011-3913, CVE-2012-0678, CVE-2012-0679, CVE-2012-0680, CVE-2012-0682, CVE-2012-0683, CVE-2012-1520, CVE-2012-2815, CVE-2012-3589, CVE-2012-3590, CVE-2012-3591, CVE-2012-3592, CVE-2012-3593, CVE-2012-3594, CVE-2012-3595, CVE-2012-3596, CVE-2012-3597, CVE-2012-3599, CVE-2012-3600, CVE-2012-3603, CVE-2012-3604, CVE-2012-3605, CVE-2012-3608, CVE-2012-3609, CVE-2012-3610, CVE-2012-3611, CVE-2012-3615, CVE-2012-3618, CVE-2012-3620, CVE-2012-3625, CVE-2012-3626, CVE-2012-3627, CVE-2012-3628, CVE-2012-3629, CVE-2012-3630, CVE-2012-3631, CVE-2012-3633, CVE-2012-3634, CVE-2012-3635, CVE-2012-3636, CVE-2012-3637, CVE-2012-3638, CVE-2012-3639, CVE-2012-3640, CVE-2012-3641, CVE-2012-3642, CVE-2012-3644, CVE-2012-3645, CVE-2012-3646, CVE-2012-3650, CVE-2012-3653, CVE-2012-3655, CVE-2012-3656, CVE-2012-3661, CVE-2012-3663, CVE-2012-3664, CVE-2012-3665, CVE-2012-3666, CVE-2012-3667, CVE-2012-3668, CVE-2012-3669, CVE-2012-3670, CVE-2012-3674, CVE-2012-3678, CVE-2012-3679, CVE-2012-3680, CVE-2012-3681, CVE-2012-3682, CVE-2012-3683, CVE-2012-3686, CVE-2012-3689, CVE-2012-3690, CVE-2012-3691, CVE-2012-3693, CVE-2012-3694, CVE-2012-3695, CVE-2012-3696, CVE-2012-3697
Jul 26 2012
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Version(s): prior to 6.0 ...
___

Apple Xcode v4.4 released
- https://secunia.com/advisories/50068/
Release Date: 2012-07-26
Impact:   Hijacking, Security Bypass, Exposure of sensitive information
Where: From remote
CVE Reference(s): CVE-2011-3389, CVE-2012-3698
... weakness and the vulnerability are reported in versions prior to 4.4.
Solution: Update to version 4.4 via the Apple Developer site or via the App Store.
Original Advisory: APPLE-SA-2012-07-25-2:
http://support.apple.com/kb/HT5416

- http://www.securitytracker.com/id/1027302
CVE Reference: CVE-2012-3698
Jul 26 2012
Impact: Disclosure of authentication information, Disclosure of user information
Version(s): prior to 4.4

- http://www.securitytracker.com/id/1027303
CVE Reference: CVE-2011-3389
Jul 26 2012
Impact: Disclosure of user information
Version(s): prior to 4.4

 Exclamation Exclamation
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #103 on: August 21, 2012, 04:33:26 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8237



FYI...

Apple remote desktop v3.6.1 released
- https://secunia.com/advisories/50352/
Release Date: 2012-08-21
Impact: Exposure of sensitive information
Where: From remote
CVE Reference: CVE-2012-0681
... The security issue is reported in versions 3.5.2 through 3.6.
Solution: Update to version 3.6.1.
Original Advisory: Apple:
http://support.apple.com/kb/HT5433

- http://www.securitytracker.com/id/1027420
Aug 21 2012

- http://h-online.com/-1671129
21 August 2012

 Exclamation
« Last Edit: August 21, 2012, 04:57:08 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #104 on: September 05, 2012, 14:00:14 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8237



FYI...

Apple/Java v1.6.0_35
- https://support.apple.com/kb/HT5473
Sep 05, 2012
Java for OS X 2012-005 and Java for Mac OS X 10.6 Update 10
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 or later, OS X Lion Server v10.7 or later, OS X Mountain Lion v10.8 or later
Description: An opportunity for security-in-depth hardening is addressed by updating to Java version 1.6.0_35. Further information is available via the Java website at
http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html
CVE-ID: CVE-2012-0547

APPLE-SA-2012-09-05-1 Java for OS X 2012-005 and Java for Mac OS X 10.6 Update 10
- http://lists.apple.com/archives/security-announce/2012/Sep/msg00000.html
Sep 05, 2012
___

- https://secunia.com/advisories/50545/
Release Date: 2012-09-06
Criticality level: Highly critical
Impact: System access
Where: From remote  
CVE Reference(s): CVE-2012-0547, CVE-2012-4681
... For more information see: https://secunia.com/SA50133/
Original Advisory: APPLE-SA-2012-09-05-1:
http://lists.apple.com/archives/security-announce/2012/Sep/msg00000.html

 Exclamation
« Last Edit: September 06, 2012, 08:50:28 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
 
Pages: 1 ... 5 6 [7] 8 9 ... 11   Go Up
  Print  
 
Jump to:  

Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Page created in 0.821 seconds with 20 queries.