:: Deepquest ::

Apple Security Advisory 2012-06-11-1 – iTunes 10.6.3 is now available and addresses multiple issues. Importing a maliciously crafted .m3u playlist may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in the handling of .m3u playlists. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in WebKit.

Apple iTunes version 10.6.1.7 M3U playlist file walking heap buffer overflow proof of concept exploit. This also affects 10.6.0.40.

Proof of concept crash exploit for Safari on iOS that leverage a denial of service vulnerability.

Zero Day Initiative Advisory 12-078 – This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Apple QuickTime handles file with the Sorenson v3 Codec

Zero Day Initiative Advisory 12-077 – This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the QuickTimeVR.qtx component

Zero Day Initiative Advisory 12-076 – This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple’s QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Zero Day Initiative Advisory 12-075 – This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application decodes video samples encoded with the RLE codec

Intercepter-NG [Console Edition] is a sniffer that offers various capabilities including sniffing for password hashes related to ORACLE/MYSQL/VNC/NNTP/CVS/WWW/HTTP/SOCKS/MRA/FTP/POP3/SMTP/IMAP/LDAP/AIM. It works on NT/Linux/BSD/IOS/Android and is optimized for screen size 80×30 or higher.

ITProPortal Supreme Court: WikiLeaks founder Julian Assange can be extradited ITProPortal The WikiLeaks founder Julian Assange has lost his last ditch Supreme Court battle to block extradition to Sweden to face allegations of rape and sexual assault. The central issue of the legal case was whether the public prosecutor in Sweden that issued … and more

Apple Security Advisory 2012-05-15-1 – QuickTime 7.7.2 is now available and addresses multiple security issues. Multiple stack overflows existed in QuickTime’s handling of TeXML files. A heap overflow existed in QuickTime’s handling of text tracks.