Apple Safari versions prior to 5.1.1 fail to enforce an intended policy for file:// URLs and in turn allows for remote attackers to execute code.
Apple Safari versions 5.0 and later on Mac OS and Windows are vulnerable to a directory traversal issue with the handling of “safari-extension://” URLs. Attackers can create malicious websites that trigger Safari to send files from the victim’s system to the attacker. Arbitrary Javascript can be executed in the web context of the Safari extension.
http://www.deqp.go.th defaced by MCA-CRB
http://kettree.go.th defaced by MCA-CRB
http://www.mch.go.th defaced by MCA-CRB
iDefense Security Advisory 10.12.11 – Remote exploitation of a memory corruption vulnerability in Apple Inc.’s OfficeImport framework could allow an attacker to execute arbitrary code with the privileges of the current user. iOS versions prior to 5 are vulnerable.
iDefense Security Advisory 10.12.11 – Remote exploitation of a cross site scripting vulnerability in Apple Inc.’s MobileSafari could allow an attacker to view sensitive information in the context of the targeted domain. iOS versions prior to 5 are vulnerable.
Technical Cyber Security Alert 2011-286A – There are multiple vulnerabilities in Mac OS X 10.6.8, 10.7, and 10.7.1 and Mac OS X Server 10.6.8, 10.7, and 10.7.1.
http://rayong1.go.th defaced by MCA-CRB
An anonymous reader writes “Security firm RSA has revealed that it believes two groups, working on behalf of a single nation state, hacked into its servers and stole information related to the company’s SecurID two-factor authentication products. Speaking at the RSA Security Conference in London, RSA executive chairman Art Coviello described the high profile attack thus: ‘There were two …