:: Deepquest ::

ftpd on Mac OS X 10.8.3 suffers from a denial of service vulnerability.

Mandriva Linux Security Advisory 2013-034 – During the process of CUPS socket activation code refactoring in favour of systemd capability a security flaw was found in the way CUPS service honored Listen localhost:631 cupsd.conf configuration option.

OpenSC.tokend OS X module suffers from privacy leak and arbitrary file creation vulnerabilities.

The Tokend OS X module suffers from privacy leak and arbitrary file creation vulnerabilities.

Apple Security Advisory 2013-03-19-2 – Apple TV 5.2.1 is now available and addresses multiple security issues such as execution of unsigned code and information disclosure issues.

Apple Security Advisory 2013-03-19-1 – iOS 6.1.3 is now available and addresses multiple security issues such as execution of unsigned code, permission changes, and more.

Apple Security Advisory 2013-03-14-2 – Safari 6.0.3 is now available and addresses multiple security issues.

Apple Security Advisory 2013-03-14-1 – OS X Mountain Lion version 10.8.3 and Security Update 2013-001 addresses multiple vulnerabilities. These updates address a canonicalization issue with HFS and Apache, a buffer overflow in libtiff, an authentication bypass, and more.

Apple Security Advisory 2013-03-04-1 – Multiple vulnerabilities existed in Java 1.6.0_41, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox, have been addressed.

This Metasploit module exploits a vulnerability in Viscosity 1.4.1 on Mac OS X. The vulnerability exists in the setuid ViscosityHelper, where an insufficient validation of path names allows execution of arbitrary python code as root. This Metasploit module has been tested successfully on Viscosity 1.4.1 over Mac OS X 10.7.5.