Apple Security Advisory 2012-05-15-1 - QuickTime 7.7.2 is now available and addresses multiple security issues. Multiple stack overflows existed in QuickTime's handling of TeXML files. A heap overflow existed in QuickTime's handling of text tracks. A heap buffer overflow existed in the handling of H.264 encoded movie files. An uninitialized memory access issue existed in the handling of MP4 encoded files. For OS X Lion systems, this issue is addressed in OS X Lion v10.7.3. For Mac OS X v10.6 systems, this issue is addressed in Security Update 2012-001. Various other issues were also addressed.
07014229c16c6183664eddcf78288d37Apple Quicktime does not properly parse .pct media files, which causes a corruption in module DllMain by opening a malformed file with an invalid value located in PoC repro01.pct at offset 0x20E. Quicktime Player version 7.7.1 (1680.42) on Windows XP SP 3 - PT_BR is confirmed affected. Other versions may also be affected.
c437473b3959e9b762550efe55331b27Apple Security Advisory 2012-05-14-2 - This update disables Adobe Flash Player if it is older than 10.1.102.64 by moving its files to a new directory. This update presents the option to install an updated version of Flash Player from the Adobe website.
092e8b2d9f248dfd13ec5790670ed472Apple Security Advisory 2012-05-14-1 - This update runs a malware removal tool that will remove the most common variants of the Flashback malware. If the Flashback malware is found, it presents a dialog notifying the user that malware was removed. There is no indication to the user if malware is not found.
3b67e8b809dd17bec6d452afb69b1851Debian Linux Security Advisory 2471-1 - Several vulnerabilities have been discovered in FFmpeg, a multimedia player, server and encoder. Multiple input validations in the decoders/ demuxers for Westwood Studios VQA, Apple MJPEG-B, Theora, Matroska, Vorbis, Sony ATRAC3, DV, NSV, files could lead to the execution of arbitrary code.
6c97de18208b7f4f350a8691117a2fb1Apple Security Advisory 2012-05-09-2 - Safari 5.1.7 is now available and addresses multiple WebKit related vulnerabilities.
e3c8d877a6f6c73bc4f2f1f2ff79350fApple Security Advisory 2012-05-09-1 - OS X Lion v10.7.4 and Security Update 2012-002 is now available and addresses multiple security issues. An issue existed in the handling of network account logins. The login process recorded sensitive information in the system log, where other users of the system could read it. A temporary file race condition issue existed in blued's initialization routine. There are known attacks on the confidentiality of SSL 3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. curl disabled the 'empty fragment' countermeasure which prevented these attacks. This issue is addressed by enabling empty fragments. A data injection issue existed in curl's handling of URLs. This issue is addressed through improved validation of URLs. This issue does not affect systems prior to OS X Lion. Various other vulnerabilities have been addressed.
9614673327dc336467f1b3577177a46eSecunia Security Advisory - Multiple vulnerabilities have been reported in Apple Safari, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's system.
ca58edd958fc5d12b710e04aacec9b0dApple Security Advisory 2012-05-07-1 - A URL spoofing issue existed in Safari. This could be used in a malicious web site to direct the user to a spoofed site that visually appeared to be a legitimate domain. Multiple cross site scripting issues existed in WebKit along with a memory corruption issue.
53429e49b725e46043a970afbdd403fcSecunia Security Advisory - A security issue has been reported in Apple Mac OS X, which can be exploited by malicious people with physical access to bypass certain security restrictions.
4b16b28656867ddc307783f80ae17e1fThis whitepaper details some of the vulnerabilities observed over the past year while performing regular security assessments of iPhone and iPad applications. MDSec documents some of the vulnerabilities identified as well as the methods to exploit them, and recommendations that developers can adopt to protect their iOS applications. It covers not only the security features of the platform, but provides in depth information on how to perform both black box and white box iOS penetration tests, along with suggested methodologies and compliance.
8527c3e88bfed9bdffcf0bcf1dbd7036strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.
2a1b0bca846a966a56f662f855ced9fbIPhone TreasonSMS suffers from html injection and file inclusion vulnerabilities.
baf9f8ad1ec36e375b28bc78fba8b6f1Apple Security Advisory 2012-04-13-1 - This update runs a malware removal tool that will remove the most common variants of the Flashback malware. If the Flashback malware is found, it presents a dialog notifying the user that malware was removed. There is no indication to the user if malware is not found. This update is available for OS X Lion systems that do not have Java installed.
f5449211f152de6b6525304268eb7d02Apple Security Advisory 2012-04-12-1 - Java for OS X 2012-003 and Java for Mac OS X 10.6 Update 8 is now available. As a security hardening measure, the Java browser plugin and Java Web Start are deactivated if they are unused for 35 days. Installing this update will automatically deactivate the Java browser plugin and Java Web Start. Users may re-enable Java if they encounter Java applets on a web page or Java Web Start applications.
c28f98e570ead87f09589c1d97bcf2f9Ubuntu Security Notice 1419-1 - It was discovered that Puppet used a predictable filename when downloading Mac OS X package files. A local attacker could exploit this to overwrite arbitrary files. It was discovered that Puppet incorrectly handled filebucket retrieval requests. A local attacker could exploit this to read arbitrary files. It was discovered that Puppet incorrectly handled filebucket store requests. A local attacker could exploit this to perform a denial of service via resource exhaustion. Various other issues were also addressed.
c04fc17bff68786d0e5e2e838af6ab31The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Mac OS X release.
88f97279e66f25af260a13899c42917bApple Security Advisory 2012-04-03-1 - Java for OS X 2012-001 and Java for Mac OS X 10.6 Update 7 is now available. It addresses multiple vulnerabilities that exist in Java 1.6.0_29, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox.
d8c19c848d5be967d76a68b4ca125d10Secunia Security Advisory - Apple has issued an update for Java for Mac OS X. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
cdb33211a17350fb090a3b47149cab24Apple Mobile Safari on iOS version 5.1 suffers from an address bar spoofing vulnerability.
7153eff8c5870f683e18b72e8478862cSecunia Security Advisory - David Vieira-Kurz has discovered a vulnerability in Apple iOS, which can be exploited by malicious people to conduct spoofing attacks.
9826c9bafccdd2c83452a6bed26d5df5Secunia Security Advisory - Multiple vulnerabilities have been reported in Apple Safari, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, disclose certain sensitive information, and compromise a user's system.
eda9b10de3eb1f917fc068a3d23fadfaApple Security Advisory 2012-03-12-1 - Safari version 5.1.4 is now available and addresses 84 different vulnerabilities. This includes many fixes for WebKit related issues.
929a334608d650d0aeca2f63e87e56b5Aanval is the industry's most comprehensive snort and syslog intrusion detection, correlation and management console. Aanval is designed specifically to scale from small single sensor installations to global enterprise deployments. Aanval is browser based and designed to work on all current variants of UNIX, Linux and Mac OS X.
f2c0bf183f5846cb1af421a80904000bSecunia Security Advisory - A weakness and multiple vulnerabilities have been reported in Apple iOS, which can be exploited by malicious people with physical access to bypass certain security restrictions and by malicious people to disclose sensitive information, conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's device.
3bc3ca6a1c804cb8bd554241f53eca90
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed