Bluetooth Chat Connect version 1.0 for iOS suffers from cross site scripting and denial of service vulnerabilities.
>> CATEGORY: OSX security tools
Apple Security Advisory 2013-06-04-1 – OS X Mountain Lion version 10.8.4 and Security Update 2013-002 is now available and addresses over 30 security issues.
Apple Security Advisory 2013-06-04-2 – Safari 6.0.5 is now available and addresses 26 security issues.
Core Security Technologies Advisory – A memory corruption vulnerability was found in Mac OSX Directory Service. By sending a maliciously crafted message, a remote attacker could cause the directory server to terminate or execute arbitrary code with system privileges.
Apple Security Advisory 2013-05-22-1 – QuickTime 7.7.4 is now available and addresses multiple issues including buffer overflows and arbitrary code execution vulnerabilities.
Apple Security Advisory 2013-05-16-1 – iTunes 11.0.3 is now available and addresses multiple vulnerabilities. In versions prior to 11.0.3, an attacker in a privileged network position may manipulate HTTPS server certificates, leading to the disclosure of sensitive information and a man-in-the-middle attack is possible while browsing the iTunes Store via iTunes and may lead to an unexpected application termination or arbitrary code execution.
This whitepaper discusses the security of Apple iOS with particular focus on its usage in the workplace.
strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface.
Apple Security Advisory 2013-04-16-2 – Java for OS X 2013-003 and Mac OS X v10.6 Update 15 are now available and address many vulnerabilities in 1.6.0_43.
Apple Security Advisory 2013-04-16-1 – Safari 6.0.4 is now available and fixes one vulnerability. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: An invalid cast issue existed in the handling of SVG files. This issue was addressed through improved type checking.