:: Deepquest ::

This Metasploit module exploits a buffer overflow in Apple QuickTime 7.7.2. The stack based overflow occurs when processing a malformed Content-Type header. The module has been tested successfully on Safari 5.1.7 and 5.0.7 on Windows XP SP3.

Apple WGT Dictionnaire version 1.3 suffers from a script code injection vulnerability.

This Metasploit module exploits a vulnerability found in Apple QuickTime.

The Twitter 5.0 application for iPhone grabs images over HTTP and due to this, allows for a man in the middle attack / image swap. Proof of concept included.

Apple QuickTime versions 7.7.2 and below suffer from a buffer overflow vulnerability in the handling of TGA files.

Zero Day Initiative Advisory 12-185 – This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Mac OSX. Authentication is not required to exploit this vulnerability.

Secunia Security Advisory – Multiple vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to compromise a user’s system.

Apple Security Advisory 2012-11-07-1 – QuickTime version 7.7.3 is now available and addresses multiple buffer overflows, memory corruption, and use after free vulnerabilities.

Secunia Security Advisory – Two vulnerabilities have been reported in Apple Safari, which can be exploited by malicious people to compromise a user’s system.

Secunia Security Advisory – A weakness and multiple vulnerabilities have been reported in Apple iOS, which can be exploited by malicious people with physical access to bypass certain security restrictions and by malicious people to disclose certain system information and compromise a vulnerable device.