:: Deepquest ::

This advisory discusses a re mote scripting injection issue with Skype on Mac OS X.

131 bytes small Mac OS X / Intel reverse TCP shell shellcode for x86_64.

Secunia Security Advisory – Apple has acknowledged two vulnerabilities in iTunes, which can be exploited by malicious people to compromise a user’s system.

Zero Day Initiative Advisory 11-140 – This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari WebKit.

Zero Day Initiative Advisory 11-139 – This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the library’s implementation of a frame element.

Zero Day Initiative Advisory 11-138 – This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application’s implementation of a Frame element.

Secunia Security Advisory – Two vulnerabilities have been reported in Apple Safari, which can be exploited by malicious people to compromise a user’s system.

Secunia Security Advisory – Some vulnerabilities has been reported in Apple iOS for iPhone 4 (CDMA), which can be exploited by malicious people to compromise a vulnerable device.

Secunia Security Advisory – Some vulnerabilities has been reported in Apple iOS, which can be exploited by malicious people to disclose system information and compromise a vulnerable device.

The VUPEN Vulnerability Research Team discovered a critical vulnerability in Apple Safari. The vulnerability is caused by a use-after-free error in the WebKit library when processing certain text nodes, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.