Secunia Security Advisory – Apple has issued an update for Java for Mac OS X. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
>> CATEGORY: XSS
Apple Security Advisory 2012-10-16-1 – Multiple vulnerabilities exist in Java 1.6.0_35, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user.
CVE-2012-1535: Adobe Flash Player Integer Overflow Vulnerability Analysis
This Metasploit module exploits the default credentials of Apple iOS when it has been jailbroken and the passwords for the ‘root’ and ‘mobile’ users have not been changed.
Web Help Desk by SolarWinds – Stored XSS
This is a 64bit Mac OS-X kernel rootkit that uses no hardcoded address to hook the BSD subsystem in all OS-X Lion and below.
strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols
Secunia Security Advisory – Some vulnerabilities have been reported in Apple OS X Server, which can be exploited by malicious people to disclose certain sensitive information, bypass certain security restrictions, and compromise a user’s system.
OPlayer version 2.0.05 iOS suffers from multiple cross site scripting vulnerabilities.
Andy Davis of NCC Group has discovered an arbitrary code execution vulnerability in Apple OS X Lion versions 10.7 to 10.7.4 and OS X Lion Server versions 10.7 to 10.7.4.