:: Deepquest ::

Apple Security Advisory 2017-09-25-7 – iTunes 12.7 addresses a backup disclosure vulnerability.

Apple Security Advisory 2017-09-25-8 – iTunes 12.7 for Windows addresses code execution, memory corruption, and various other vulnerabilities.

Apple Security Advisory 2017-09-25-9 – macOS Server 5.4 is now available and addresses multiple vulnerabilities in FreeRADIUS.

There is a heap overflow in Apple’s AppleBCMWLANCore driver when handling Completed Firmware Timestamp messages (0x27).

There is a heap overflow vulnerability in Apple’s assembleBGScanResults when handling ioctl results.

A heap overflow vulnerability exists in Apple’s updateRateSetAsyncCallback when handling ioctl results.

Apple products suffer from an issue where an out-of-band NUL byte write occurs when handling WLC_E_TRACE event packets.

Heap overflow and information disclosure vulnerabilities exist in Apple’s setVendorIE when handling ioctl results.

The Apple PCIe Message Ring protocol suffers from multiple race conditions that can lead to out-of-bounds read and writes.

Apple products suffers from an information leak when handling WLC_E_COUNTRY_CODE_CHANGED event packets.