Secunia Security Advisory 46618
Secunia Security Advisory - Multiple vulnerabilities have been reported in Apple Quicktime, which can be exploited by malicious people to compromise a user's system.
Zero Day Initiative Advisory 11-304
Zero Day Initiative Advisory 11-304 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. Authentication is not required to exploit this vulnerability
Zero Day Initiative Advisory 11-303
Zero Day Initiative Advisory 11-303 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime handles H.264 streams.
Zero Day Initiative Advisory 11-295
Zero Day Initiative Advisory 11-295 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file
Packet Storm Mac OS X Widget
Packet Storm Widget is a Mac OS X widget that allows users to see all latest news from packetstormsecurity.org. A user can choose between different kind of news to see: All of the Latest Content, Latest News, Latest Files, Latest 0 Days, Latest Vulnerabilities and Latest Exploits. This allows a user to always keep up to date on their favorite security topics
Apple Safari file:// Arbitrary Code Execution
This Metasploit module exploits a vulnerability found in Apple Safari on OSX platform. A policy issue in the handling of file:// URLs may allow arbitrary remote code execution under the context of the user. In order to trigger arbitrary remote code execution, the best way seems to be opening a share on the victim machine first (this can be SMB/WebDav/FTP, or a fileformat that OSX might automount), and then execute it in /Volumes/[share]
Apple Safari Arbitrary Code Execution
Apple Safari versions prior to 5.1.1 fail to enforce an intended policy for file:// URLs and in turn allows for remote attackers to execute code.
Apple Safari Directory Traversal
Apple Safari versions 5.0 and later on Mac OS and Windows are vulnerable to a directory traversal issue with the handling of "safari-extension://" URLs. Attackers can create malicious websites that trigger Safari to send files from the victim's system to the attacker. Arbitrary Javascript can be executed in the web context of the Safari extension.
iDefense Security Advisory 10.12.11 – OfficeImport
iDefense Security Advisory 10.12.11 - Remote exploitation of a memory corruption vulnerability in Apple Inc.'s OfficeImport framework could allow an attacker to execute arbitrary code with the privileges of the current user. iOS versions prior to 5 are vulnerable.
iDefense Security Advisory 10.12.11 – MobileSafari
iDefense Security Advisory 10.12.11 - Remote exploitation of a cross site scripting vulnerability in Apple Inc.'s MobileSafari could allow an attacker to view sensitive information in the context of the targeted domain. iOS versions prior to 5 are vulnerable.