Apple Security Advisory 2012-09-12-1
Apple Security Advisory 2012-09-12-1 - iTunes 10.7 is now available and addresses multiple memory corruption issues in webkit.
Secunia Security Advisory 50618
Secunia Security Advisory - Multiple vulnerabilities have been reported in Apple iTunes, which can be exploited by malicious people to compromise a user's system.
[papers] – CVE-2012-4681 Technical Analysis Report
CVE-2012-4681 Technical Analysis Report
[webapps] – Trend Micro InterScan Messaging Security Suite Stored XSS and CSRF
Trend Micro InterScan Messaging Security Suite Stored XSS and CSRF
[papers] – Detecting and Exploiting XSS Vulnerabilities with Xenotix XSS Exploit Framework
Detecting and Exploiting XSS Vulnerabilities with Xenotix XSS Exploit Framework
[webapps] – Clipster Video Persistent XSS Vulnerability
Clipster Video Persistent XSS Vulnerability
Secunia Security Advisory 50545
Secunia Security Advisory - Apple has issued an update for Java for Mac OS X.
Apple Security Advisory 2012-09-05-1
Apple Security Advisory 2012-09-05-1 - An opportunity for security-in-depth hardening is addressed by updating to Java version 1.6.0_35.
[webapps] – OTRS Open Technology Real Services 3.1.8 and 3.1.9 XSS Vulnerability
OTRS Open Technology Real Services 3.1.8 and 3.1.9 XSS Vulnerability
Java 7 Applet Remote Code Execution
This Metasploit module exploits a vulnerability in Java 7, which allows an attacker to run arbitrary Java code outside the sandbox. The vulnerability seems to be related to the use of the newly introduced ClassFinder#resolveClass in Java 7, which allows the sun.awt.SunToolkit class to be loaded and modified. Please note this flaw is also being exploited in the wild, and there is no patch from Oracle at this point