Zero Day Initiative Advisory 11-311
Zero Day Initiative Advisory 11-311 - This vulnerability allows remote attackers to potentially disclose memory addresses on vulnerable installations of Apple QuickTime Player.
Secunia Security Advisory 46618
Secunia Security Advisory - Multiple vulnerabilities have been reported in Apple Quicktime, which can be exploited by malicious people to compromise a user's system.
Zero Day Initiative Advisory 11-304
Zero Day Initiative Advisory 11-304 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. Authentication is not required to exploit this vulnerability
Zero Day Initiative Advisory 11-303
Zero Day Initiative Advisory 11-303 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime handles H.264 streams.
RIM outage aftermath and going from outsourcing to insourcing
Apple and Android, the slow pall bearers to RIM's eventual demise : RIM lost much of its credibility last week with an outage lasting several days, but the company was already in trouble. Long a trusted name in the enterprise, RIM is being left in the dust by the consumerization of IT. Now hiring: companies move away from outsourcing to control their IT destiny : The tight IT jobs market and ...
Zero Day Initiative Advisory 11-295
Zero Day Initiative Advisory 11-295 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file
Packet Storm Mac OS X Widget
Packet Storm Widget is a Mac OS X widget that allows users to see all latest news from packetstormsecurity.org. A user can choose between different kind of news to see: All of the Latest Content, Latest News, Latest Files, Latest 0 Days, Latest Vulnerabilities and Latest Exploits. This allows a user to always keep up to date on their favorite security topics
Apple Safari file:// Arbitrary Code Execution
This Metasploit module exploits a vulnerability found in Apple Safari on OSX platform. A policy issue in the handling of file:// URLs may allow arbitrary remote code execution under the context of the user. In order to trigger arbitrary remote code execution, the best way seems to be opening a share on the victim machine first (this can be SMB/WebDav/FTP, or a fileformat that OSX might automount), and then execute it in /Volumes/[share]
Apple Safari Arbitrary Code Execution
Apple Safari versions prior to 5.1.1 fail to enforce an intended policy for file:// URLs and in turn allows for remote attackers to execute code.
Apple Safari Directory Traversal
Apple Safari versions 5.0 and later on Mac OS and Windows are vulnerable to a directory traversal issue with the handling of "safari-extension://" URLs. Attackers can create malicious websites that trigger Safari to send files from the victim's system to the attacker. Arbitrary Javascript can be executed in the web context of the Safari extension.