Tech Talk

[Apple iTunes v10.7 released]

FYI...

Apple iTunes v10.7 released
- https://secunia.com/advisories/50618/
Release Date: 2012-09-13
Criticality level: Highly critical
Impact: System access
Where: From remote
... vulnerabilities are reported in versions prior to 10.7.
Solution: Update to version 10.7.
Original Advisory: APPLE-SA-2012-09-12-1:
http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html

- http://www.securitytracker.com/id/1027525
CVE Reference: CVE-2012-2817, CVE-2012-2818, CVE-2012-2829, CVE-2012-2831, CVE-2012-3601, CVE-2012-3602, CVE-2012-3606, CVE-2012-3607, CVE-2012-3612, CVE-2012-3613, CVE-2012-3614, CVE-2012-3616, CVE-2012-3617, CVE-2012-3621, CVE-2012-3622, CVE-2012-3623, CVE-2012-3624, CVE-2012-3632, CVE-2012-3643, CVE-2012-3647, CVE-2012-3648, CVE-2012-3649, CVE-2012-3651, CVE-2012-3652, CVE-2012-3654, CVE-2012-3657, CVE-2012-3658, CVE-2012-3659, CVE-2012-3660, CVE-2012-3671, CVE-2012-3672, CVE-2012-3673, CVE-2012-3675, CVE-2012-3676, CVE-2012-3677, CVE-2012-3684, CVE-2012-3685, CVE-2012-3687, CVE-2012-3688, CVE-2012-3692, CVE-2012-3699, CVE-2012-3700, CVE-2012-3701, CVE-2012-3702, CVE-2012-3703, CVE-2012-3704, CVE-2012-3705, CVE-2012-3706, CVE-2012-3707, CVE-2012-3708, CVE-2012-3709, CVE-2012-3710, CVE-2012-3711, CVE-2012-3712
Sep 13 2012
Impact: Execution of arbitrary code via network, User access via network
Version(s): prior to 10.7

- https://support.apple.com/kb/HT5485
Sep 12, 2012
___

163 security holes in iTunes
- http://h-online.com/-1706849
13 Sep 2012

 

[Apple Remote Desktop 3.5.3 released]

FYI...

Apple Remote Desktop 3.5.3 released
- http://lists.apple.com/archives/security-announce/2012/Sep/msg00002.html
17 Sep 2012 - "... Apple Remote Desktop 3.0 or later
Impact:  Connecting to a third-party VNC server with "Encrypt all network data" set may lead to information disclosure..."

Apple Remote Desktop 3.5.3 may be obtained from the Software Update pane in System Preferences,
or Apple's Software Downloads web site:
- http://www.apple.com/support/downloads/

- https://support.apple.com/kb/HT5462
17 Sep 2012
Apple Remote Desktop 3.5.3
CVE-2012-0681

 

[iOS 6 released]

FYI...

iOS 6 released
APPLE-SA-2012-09-19-1 iOS 6
- http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
19 Sep 2012
"iOS 6 is now available...
Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later..."

- https://support.apple.com/kb/HT5503
"... can be downloaded and installed using iTunes*..."
* https://support.apple.com/kb/ht1414

- https://secunia.com/advisories/50586/
Release Date: 2012-09-20
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of system information, Exposure of sensitive information, Privilege escalation, System access
Where: From remote ...
Solution: Upgrade to iOS 6 via Software Update.

- http://www.securitytracker.com/id/1027552
CVE Reference: CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-4599, CVE-2012-3724, CVE-2012-3725, CVE-2012-3726, CVE-2012-3727, CVE-2012-3728, CVE-2012-3729, CVE-2012-3730, CVE-2012-3731, CVE-2012-3732, CVE-2012-3733, CVE-2012-3734, CVE-2012-3735, CVE-2012-3736, CVE-2012-3737, CVE-2012-3738, CVE-2012-3739, CVE-2012-3740, CVE-2012-3741, CVE-2012-3742, CVE-2012-3743, CVE-2012-3744, CVE-2012-3745, CVE-2012-3746, CVE-2012-3747
Sep 20 2012
Impact: Disclosure of system information, Execution of arbitrary code via local system, Execution of arbitrary code via network, Root access via local system, User access via local system, User access via network...
Solution: The vendor has issued a fix (6.0).
___

- http://h-online.com/-1713012
20 Sep 2012

- https://isc.sans.edu/diary.html?storyid=14128
"iOS6 released: a few CVEs addresses, breaks mapping."

 

[Safari v6.0.1 for Mac OS X]

FYI...

Apple security updates
- https://support.apple.com/kb/HT1222
3x - 19 Sept 2012
___

Safari v6.0.1 for Mac OS X
- https://secunia.com/advisories/50577/
Release Date: 2012-09-20
Criticality level: Highly critical
Impact: Security Bypass, Exposure of sensitive information, System access
Where: From remote...
Solution: Update to version 6.0.1...
Original Advisory: Apple:
http://support.apple.com/kb/HT5502

> http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html
APPLE-SA-2012-09-19-3 Safari 6.0.1
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 and v10.8.1

- http://www.securitytracker.com/id/1027550
CVE Reference: CVE-2012-3713, CVE-2012-3714, CVE-2012-3715, CVE-2012-3598
Date: Sep 20 2012
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Version(s): prior to 6.0.1
___

Mac OS X multiple vulns - Security Update 2012-004
- https://secunia.com/advisories/50628/
Release Date: 2012-09-20
Criticality level: Highly critical
Impact: Security Bypass, Exposure of sensitive information, Privilege escalation, DoS, System access
Where: From remote...
Solution: Update to version 10.8.2 or 10.7.5 or apply Security Update 2012-004.

- http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
APPLE-SA-2012-09-19-2 OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004

- http://www.securitytracker.com/id/1027551
CVE Reference: CVE-2012-0650, CVE-2012-3716, CVE-2012-3718, CVE-2012-3719, CVE-2012-3720, CVE-2012-3721, CVE-2012-3722, CVE-2012-3723
Sep 20 2012
Impact: Denial of service via network, Disclosure of authentication information, Execution of arbitrary code via local system, Execution of arbitrary code via network, User access via local system, User access via network
... vendor's advisory is available at:
http://support.apple.com/kb/HT5501

 

[Apple TV v5.1 released]

FYI...

Apple TV v5.1 released
- https://secunia.com/advisories/50728/
Release Date: 2012-09-25
Criticality level: Highly critical
Impact: Exposure of sensitive information, DoS, System access
Where: From remote
CVE Reference(s): CVE-2011-1167, CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-3026, CVE-2011-3048, CVE-2011-3328, CVE-2011-3919, CVE-2012-0682, CVE-2012-0683, CVE-2012-1173, CVE-2012-3589, CVE-2012-3590, CVE-2012-3591, CVE-2012-3592, CVE-2012-3678, CVE-2012-3679, CVE-2012-3722, CVE-2012-3725, CVE-2012-3726
... vulnerabilities are reported in versions prior to 5.1.
Solution: Update to Apple TV Software version 5.1.
Original Advisory: APPLE-SA-2012-09-24-1:
http://support.apple.com/kb/HT5504
Apple TV 2nd generation and later

- https://support.apple.com/kb/HT4448
Apple TV (2nd and 3rd generation) software updates
Sep 24, 2012

How to update: https://support.apple.com/kb/HT1600

APPLE-SA-2012-09-24-1 Apple TV 5.1
- http://lists.apple.com/archives/security-announce/2012/Sep/msg00006.html
24 Sep 2012

 

[iOS 6 release / Apple maps]

FYI...

RE: iOS 6 release / Apple maps...

- http://news.yahoo.com/tim-cook-apple-maps-extremely-sorry-working-fix-135819039.html
Sep 28, 2012 - "Apple CEO Tim Cook says the company is "extremely sorry" for the frustration that its maps application has caused and it's doing everything it can to make it better. Cook said in a letter posted online Friday that Apple "fell short" in its commitment to make the best possible products for its customers. He recommends that people try alternatives by downloading competing map apps from the App Store while Apple works on its own maps products.... 'had released an update to its iPhone and iPad operating system last week that replaced Google Maps with Apple's own maps application. But users complained that the new maps have fewer details, lack public transit directions and misplace landmarks, among other problems."
* https://www.apple.com/letter-from-tim-cook-on-maps/
Sep 28, 2012

 

[Apple OS X Svr v2.1.1 released]

FYI...

Apple OS X Svr v2.1.1 released
- https://secunia.com/advisories/50859/
Release Date: 2012-10-04
Criticality level: Moderately critical
Impact:   Security Bypass, Exposure of sensitive information, System access
Where: From remote
Software: Apple OS X Server 2.x
CVE Reference(s): CVE-2012-3488, CVE-2012-3489, CVE-2012-3525
... vulnerabilities are reported in versions prior to 2.1.1.
Solution: Update to version 2.1.1.
Original Advisory: APPLE-SA-2012-09-19-4:
http://prod.lists.apple.com/archives/security-announce/2012/Oct/msg00000.html
APPLE-SA-2012-09-19-4 OS X Server v2.1.1

- https://support.apple.com/kb/HT5533
Oct 03, 2012

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3525 - 5.8
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3488 - 5.8
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3489 - 5.o

 

[Apple Java for OS X 2012-006 / Mac OS X 10.6 Update 11]

FYI...

Apple Java for OS X 2012-006 / Mac OS X 10.6 Update 11
- https://support.apple.com/kb/HT5549
Oct 17, 2012 - "Multiple vulnerabilities exist in Java 1.6.0_35...  addressed by updating to Java version 1.6.0_37..."
- http://lists.apple.com/archives/security-announce/2012/Oct/msg00001.html

- https://support.apple.com/kb/DL1572
"Java for OS X 2012-006 delivers improved security, reliability, and compatibility by updating Java SE 6 to 1.6.0_37. This update uninstalls the Apple-provided Java applet plug-in from all web browsers. To use applets on a web page, click on the region labeled "Missing plug-in" to go download the latest version of the Java applet plug-in from Oracle. Please quit any web browsers and Java applications before installing this update..."

- https://secunia.com/advisories/50942/
Release Date: 2012-10-17
Criticality level: Highly critical
Impact: Manipulation of data, Exposure of sensitive information, DoS, System access
Where: From remote
... more information: https://secunia.com/SA50949/
Solution: Apply updates.
Original Advisory: http://support.apple.com/kb/HT5549

- https://support.apple.com/kb/HT5493

- http://support.apple.com/kb/HT1222
___

> http://regmedia.co.uk/2012/10/19/apple_java_update.jpg

- http://h-online.com/-1732089
18 Oct 2012

 

[iOS 6.0.1 Software Update]

FYI...

iOS 6.0.1 Software Update
- https://support.apple.com/kb/DL1606
Nov 1, 2012
"This update contains improvements and bug fixes, including:
• Fixes a bug that prevents iPhone 5 from installing software updates wirelessly over the air
• Fixes a bug where horizontal lines may be displayed across the keyboard
• Fixes an issue that could cause camera flash to not go off
• Improves reliability of iPhone 5 and iPod touch (5th generation) when connected to encrypted WPA2 Wi-Fi networks
• Resolves an issue that prevents iPhone from using the cellular network in some instances
• Consolidated the Use Cellular Data switch for iTunes Match
• Fixes a Passcode Lock bug which sometimes allowed access to Passbook pass details from lock screen
• Fixes a bug affecting Exchange meetings
For information on the security content of this update, please visit this website:
http://support.apple.com/kb/HT1222
This update is available via iTunes and wirelessly."

- https://secunia.com/advisories/51162/
Release Date: 2012-11-02
Criticality level: Highly critical
Impact: Security Bypass, Exposure of system information, System access
Where: From remote
CVE Reference(s): CVE-2012-3748, CVE-2012-3749, CVE-2012-3750, CVE-2012-5112
For more information: https://secunia.com/SA51157/
Solution: Apply iOS 6.0.1 Software Update.
Original Advisory: APPLE-SA-2012-11-01-1:
http://support.apple.com/kb/HT5567
> http://lists.apple.com/archives/security-announce/2012/Nov/msg00000.html
___

Safari 6.0.2 released
- https://support.apple.com/kb/HT5568
Nov 1, 2012
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.2
... WebKit -
1) Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
    Description: A time of check to time of use issue existed in the handling of JavaScript arrays. This issue was addressed through additional validation of JavaScript arrays.
    CVE-2012-3748 : Joost Pol and Daan Keuper of Certified Secure working with HP TippingPoint's Zero Day Initiative
2) Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
    Description: A use after free issue existed in the handling of SVG images. This issue was addressed through improved memory handling.
    CVE-2012-5112 : Pinkie Pie working with Google's Pwnium 2 contest...

- https://secunia.com/advisories/51157/
Release Date: 2012-11-02
Criticality level: Highly critical
Impact: System access
Where: From remote
CVE Reference(s): CVE-2012-3748, CVE-2012-5112
For more information: https://secunia.com/SA50954/
The vulnerabilities are reported in versions prior to 6.0.2 running on OS X Lion and OS X Mountain Lion.
Solution: Update to version 6.0.2.
Original Advisory: APPLE-SA-2012-11-01-2:
http://support.apple.com/kb/HT5568
> http://lists.apple.com/archives/security-announce/2012/Nov/msg00001.html

 

[QuickTime v7.7.3 released]

FYI...

QuickTime v7.7.3 released
- https://secunia.com/advisories/51226/
Release Date: 2012-11-08
Criticality level: Highly critical
Impact:   System access
Where: From remote  
CVE Reference(s): CVE-2011-1374, CVE-2012-3751, CVE-2012-3752, CVE-2012-3753, CVE-2012-3754, CVE-2012-3755, CVE-2012-3756, CVE-2012-3757, CVE-2012-3758
... vulnerabilities are reported in versions prior to 7.7.3.
Solution: Update to version 7.7.3.
Original Advisory: http://support.apple.com/kb/HT5581

> http://lists.apple.com/archives/security-announce/2012/Nov/msg00002.html
... QuickTime 7.7.3 may be obtained from the QuickTime Downloads site:
http://www.apple.com/quicktime/download/
-or-
Use Apple Software Update.
___

- http://h-online.com/-1746273
8 Nov 2012

 

[iTunes 11.0.1 released]

FYI...

iTunes 11.0.1 released
- https://support.apple.com/kb/DL1614
Dec 13, 2012 - "This update to the new iTunes addresses an issue where new purchases in iCloud may not appear in your library if iTunes Match is turned on, makes iTunes more responsive when searching a large library, fixes a problem where the AirPlay button may not appear as expected, and adds the ability to display duplicate items within your library. This update also includes other important stability and performance improvements."

 

[iOS 6.0.2 Software Update]

FYI...

iOS 6.0.2 Software Update
- http://support.apple.com/kb/DL1621
Dec 18, 2012 - Fixes a bug that could impact Wi-Fi...
System Requirements: iPhone 5, iPad mini

- http://www.todaysiphone.com/2012/12/ios-6-0-2-released-by-apple/
"... everyone and their dogs are trying to download the delta update and Apple’s servers are having a hard time..."

- http://bgr.com/2012/12/18/apple-releases-ios-6-0-2258170-258170/
Dec 18, 2012 - "... these Wi-Fi issues were supposed to be fixed with the release of iOS 6.0.1 but notes that users have still reported problems connecting to known Wi-Fi hotspots even after installing the patch..."

 

[Apple iOS 6.1 Software Update]

FYI...

Apple iOS 6.1 Software Update
- https://support.apple.com/kb/HT5642
28 Jan 2013
- http://www.securitytracker.com/id/1028051
CVE Reference: CVE-2012-2619, CVE-2012-2824, CVE-2012-2857, CVE-2012-2889, CVE-2013-0948, CVE-2013-0949, CVE-2013-0950, CVE-2013-0951, CVE-2013-0952, CVE-2013-0953, CVE-2013-0954, CVE-2013-0955, CVE-2013-0956, CVE-2013-0958, CVE-2013-0959, CVE-2013-0962, CVE-2013-0964, CVE-2013-0968, CVE-2013-0974
Jan 29 2013
Impact: Denial of service via network, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 6.1
___

- http://h-online.com/-1793259
29 Jan 2013
___

Apple TV 5.2
- https://support.apple.com/kb/HT5643
28 Jan 2013
- http://www.securitytracker.com/id/1028050
CVE Reference: CVE-2012-2619, CVE-2013-0964
Jan 29 2013
Impact: Denial of service via network, Disclosure of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2nd generation and later; firmware prior to 5.2

 

[Apple OS X Server v2.2.1 released]

FYI...

Apple OS X Server v2.2.1 released
Mac OS X v10.6 Update 12
- https://support.apple.com/kb/HT5644

- http://prod.lists.apple.com/archives/security-announce/2013/Feb/msg00001.html
4 Feb 2013

Available for: OS X Mountain Lion v10.8 or later
CVE-IDs:
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0156 - 7.5 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0333 - 7.5 (HIGH)

- https://support.apple.com/kb/HT1338

- http://www.apple.com/support/downloads/
___

- https://secunia.com/advisories/52095/
Release Date: 2013-02-05
Criticality level: Highly critical
Impact: System access
Where: From remote
CVE Reference(s): CVE-2013-0156, CVE-2013-0333
... vulnerabilities are reported in versions prior to 2.2.1.
Solution: Update to version 2.2.1.

 

[here]

FYI...

Expect a v2 of iOS 6.1 ...

iOS 6.1 Leads to Battery Life Drain, Overheating for iPhone Users
- http://thenextweb.com/apple/2013/02/08/some-iphone-users-are-seeing-battery-drain-and-overheating-issues-after-upgrading-to-ios-6-1/
8 Feb 2013

- http://arstechnica.com/apple/2013/02/ios-6-1-brings-back-bug-that-gives-anyone-access-to-your-contacts-photos/
Feb 14, 2013 - "An -old- vulnerability in the iPhone's lock screen and Emergency Call feature appears to have resurfaced for a third time in iOS 6.1. With the right sequence of button clicking, it's possible to get to an iPhone user's voicemails, contacts, and photos—even if the iPhone is locked and password protected..."
- https://secunia.com/advisories/52173/

Access restriction in iOS 6 partially useless
- http://h-online.com/-1805842
19 Feb 2013

Rapid growth in transaction logs, CPU use, and memory consumption in Exchange Server 2010 when a user syncs a mailbox by using an iOS 6.1-based device
- http://support.microsoft.com/kb/2814847
Last Review: February 12, 2013 - Revision: 5.0
Status: Apple and Microsoft are investigating this issue. We will post more information in this article when the information becomes available...
Workaround: To work around this issue, do not process Calendar items such as meeting requests on iOS 6.1 devices. Also, immediately restart the iOS 6.1 device...