Apple Security Advisory 2011-11-14-1 – iTunes 10.5.1 is now available and addresses a man-in-the-middle vulnerability. iTunes periodically checks for software updates using an HTTP request to Apple. This request may cause iTunes to indicate that an update is available.
>> CATEGORY: OSX security tools
Secunia Security Advisory – A weakness has been reported in Apple iTunes, which can be exploited by malicious people to conduct spoofing attacks.
Apple Security Advisory 2011-11-10-2 – Time Capsule and AirPort Base Station (802.11n) Firmware 7.6 is now available and addresses a security vulnerability. dhclient allowed remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message. This issue is addressed by stripping shell meta-characters in dhclient-script.
Apple Security Advisory 2011-11-10-1 – The new iOS 5.0.1 software update addresses multiple vulnerabilities.
Secunia Security Advisory – Multiple vulnerabilities have been reported in Apple iOS, which can be exploited by malicious people to disclose certain sensitive information, conduct spoofing attacks, and compromise a user’s device.
strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols.
Secunia Security Advisory – Apple has acknowledged a vulnerability in Apple AirPort and Time Capsule, which can be exploited by malicious people to compromise a vulnerable device.
Secunia Security Advisory – Multiple vulnerabilities have been reported in Apple iOS, which can be exploited by malicious people with physical access to bypass certain security restrictions and by malicious people to disclose certain sensitive information, conduct spoofing attacks, and compromise a user’s device.
Core Security Technologies Advisory – Apple OS X suffered from a sandbox predefined profiles bypass vulnerability.
Apple Security Advisory 2011-11-08-1 – Multiple vulnerabilities exist in Java 1.6.0_26, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox.