Apple Security Advisory 2012-09-12-1 – iTunes 10.7 is now available and addresses multiple memory corruption issues in webkit.
>> CATEGORY: XSS
Secunia Security Advisory – Multiple vulnerabilities have been reported in Apple iTunes, which can be exploited by malicious people to compromise a user’s system.
CVE-2012-4681 Technical Analysis Report
Trend Micro InterScan Messaging Security Suite Stored XSS and CSRF
Detecting and Exploiting XSS Vulnerabilities with Xenotix XSS Exploit Framework
Clipster Video Persistent XSS Vulnerability
Secunia Security Advisory – Apple has issued an update for Java for Mac OS X.
Apple Security Advisory 2012-09-05-1 – An opportunity for security-in-depth hardening is addressed by updating to Java version 1.6.0_35.
OTRS Open Technology Real Services 3.1.8 and 3.1.9 XSS Vulnerability
This Metasploit module exploits a vulnerability in Java 7, which allows an attacker to run arbitrary Java code outside the sandbox. The vulnerability seems to be related to the use of the newly introduced ClassFinder#resolveClass in Java 7, which allows the sun.awt.SunToolkit class to be loaded and modified. Please note this flaw is also being exploited in the wild, and there is no patch from Oracle at this point