:: Deepquest ::

Zero Day Initiative Advisory 12-137 – This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Mac OSX. Authentication is not required to exploit this vulnerability. The flaw exists within the libsecurity_cdsa_plugin which implements routines defined in libsecurity_cssm.

Zero Day Initiative Advisory 12-136 – This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple’s QuickTime player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page

ClubHACK Magazine Issue 31 – Topics covered include Tamper Data, Apple iOS vulnerabilities, Matriux Ec-Centric, and more.

Viscosity OpenVPN client for Mac OS X suffers from a local root command execution vulnerability due to a suid binary executing site.py.

Pwnnel-Blicker is a second local root exploit for Tunnel Blick OS X OpenVPN manager.

Zero Day Initiative Advisory 12-135 – This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file

Zero Day Initiative Advisory 12-130 – This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Secunia Security Advisory – Multiple vulnerabilities have been reported in Apple Safari for Mac OS X, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, disclose sensitive information, bypass certain security restrictions, and compromise a user’s system.

Secunia Security Advisory – A weakness and a vulnerability have been reported in Apple Xcode, which can be exploited by malicious people to disclose potentially sensitive information, hijack a user’s session, and bypass certain security restrictions.

This is a MobileSubstrate extension to disable certificate validation within NSURLConnection in order to facilitate black-box testing of iOS Apps. Once installed on a jailbroken device, iOS SSL Kill Switch patches NSURLConnection to override and disable the system’s default certificate validation as well as any kind of custom certificate validation (such as certificate pinning).