:: Deepquest ::

Apple Security Advisory 2011-10-12-3 – OS X Lion has a security update available that addresses findings in Apache, a format string vulnerability in the Application Firewall, an arbitrary code execution vulnerability when viewing a malicious font via ATS, and 60+ other issues.

Apple Security Advisory 2011-10-12-2 – An Apple TV software update is now available and addresses credential interception, spoofing, information disclosure, and various other vulnerabilities.

Apple Security Advisory 2011-10-12-1 – An iOS 5 software update is now available.

Secunia Security Advisory – Apple has reported multiple vulnerabilities in Apple iTunes, which can be exploited by malicious people to disclose sensitive information, manipulate certain data, conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, and compromise a user’s system.

Apple Security Advisory 2011-10-11-1 – iTunes 10.5 has been released and addresses CoreFoundation, ColorSync, CoreAudio, CoreMedia, ImageIO, WebKit, and various other vulnerabilities.

Apple’s website suffered from a cross site scripting vulnerability.

Proof of concept Mac OS X versions prior to 10.6.7 kernel panic exploit.

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually

Trusteer Rapport key encryption switch off exploit that switches off anti-keylogger protections on OS X allowing your already existing keylogger to function correctly once again.

Apple Security Advisory 2011-09-09-1 – Fraudulent certificates were issued by multiple certificate authorities operated by DigiNotar.