:: Deepquest ::

Apple Security Advisory 2012-09-17-1 – Apple Remote Desktop 3.5.3 is now available and addresses an information disclosure vulnerability.

Apple Security Advisory 2012-09-12-1 – iTunes 10.7 is now available and addresses multiple memory corruption issues in webkit.

Secunia Security Advisory – Multiple vulnerabilities have been reported in Apple iTunes, which can be exploited by malicious people to compromise a user’s system.

Secunia Security Advisory – Apple has issued an update for Java for Mac OS X.

Apple Security Advisory 2012-09-05-1 – An opportunity for security-in-depth hardening is addressed by updating to Java version 1.6.0_35.

This Metasploit module exploits a vulnerability in Java 7, which allows an attacker to run arbitrary Java code outside the sandbox. The vulnerability seems to be related to the use of the newly introduced ClassFinder#resolveClass in Java 7, which allows the sun.awt.SunToolkit class to be loaded and modified. Please note this flaw is also being exploited in the wild, and there is no patch from Oracle at this point

Zero Day Initiative Advisory 12-153 – This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Quicktime.qts when parsing the ‘sean’ atom

Secunia Security Advisory – A security issue has been reported in Apple Remote Desktop, which may disclose sensitive information to malicious people.

Apple Security Advisory 2012-08-20-1 – Apple Remote Desktop 3.6.1 is now available and addresses a failed encrypted connection that may result in an information disclosure vulnerability.

The Apple Quicktime plugin for Windows is vulnerable to a remote buffer overflow vulnerability.