iDefense Security Advisory 07.20.11 – Remote exploitation of a heap based buffer overflow vulnerability in WebKit, as included with Apple Inc.’s Safari Web browser, could allow an attacker to execute arbitrary code with the privileges of the current user. Safari versions prior to 5.1 and 5.0.6 are vulnerable.
>> CATEGORY: exploit
iDefense Security Advisory 07.20.11 – Remote exploitation of a use-after-free vulnerability in WebKit, as included with Apple Inc.’s Safari Web browser, could allow an attacker to execute arbitrary code with the privileges of the current user.
Secunia Security Advisory – A weakness and multiple vulnerabilities have been reported in Apple Safari, which can be exploited by malicious people to disclose sensitive information, manipulate certain data, conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, and compromise a user’s system.
Secunia Security Advisory – A vulnerability has been reported in Apple iOS, which can be exploited by malicious people to compromise a vulnerable system.
Zero Day Initiative Advisory 11-231 – This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file
Zero Day Initiative Advisory 11-230 – This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime handles Apple Lossless Audio Codec streams.
Zero Day Initiative Advisory 11-229 – This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a specially formatted RIFF WAV file
Zero Day Initiative Advisory 11-228 – This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari on Windows and multiple applications on OSX.
Secunia Security Advisory – Apple has issued an update for Java for Mac OS X. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
Zero Day Initiative Advisory 11-190 – This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java Runtime running on OSX or Linux. This vulnerability does not affect java running on Windows.