:: Deepquest ::

Secunia Security Advisory – A vulnerability has been reported in Apple iPhone iOS, which can be exploited by malicious people to compromise a vulnerable device.

VSR identified a vulnerability in HFS+, a filesystem implemented in the OS X XNU kernel. HFS+ is the default filesystem in use on many installations of the Mac OS X operating system. By exploiting this vulnerability, an unprivileged user with local access to a machine using HFS+ may be able to read raw filesystem data, bypassing file permissions and resulting in information disclosure.

Paul Harrington of NGS Secure has discovered a high risk vulnerability in Mac OS X Image RAW. Multiple buffer overflow issues existed in Image RAW’s handling of Canon RAW images. Viewing a maliciously crafted Canon RAW image may result in an unexpected application termination or arbitrary code execution.

Dominic Chell of NGS Secure has discovered a High risk vulnerability in Mac OS X ImageIO. An integer overflow issue exists in ImageIO’s handling of JPEG-encoded TIFF images

iDefense Security Advisory 03.21.11 -Remote exploitation of a memory corruption vulnerability in Apple Inc.’s OfficeImport framework could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing an Excel file with a certain maliciously constructed record.

Zero Day Initiative Advisory 11-109 – This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari on the iPhone. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the support for parsing Office files.

Zero Day Initiative Advisory 11-108 – This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mac OS X’s CFF Decoder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file

Secunia Security Advisory – Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.

Checkview version 1.1 for iPhone / iPod Touch suffers from a directory traversal vulnerability.

The VUPEN Vulnerability Research Team discovered a critical vulnerability in Apple Safari. The vulnerability is caused by an integer overflow error in the WebKit library when handling block dimensions, which could be exploited by remote attackers to compromise a vulnerable system by tricking a user into visiting a specially crafted web page. Versions 5.0.3 and below are affected.