Zero Day Initiative Advisory 10-258 – This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Quicktime.qts module responsible for parsing media files. While handling 3GP streams a function within this module a loop trusts a value directly from the media file and uses it during memory copy operations. By supplying a large enough value this buffer can be overflowed leading to arbitrary code execution under the context of the user accessing the file.
iDefense Security Advisory 12.07.10 – Remote exploitation of a memory corruption vulnerability in Apple Inc.’s QuickTime media player could allow attackers to execute arbitrary code in the context of the targeted user. The vulnerability specifically exists in the way specially crafted PICT image files are handled by the QuickTime PictureViewer. When processing specially crafted PICT image files, Quicktime PictureViewer uses a set value from the file to control the length of a byte swap operation. The byte swap operation is used to convert big endian data to little endian data. QuickTime fails to validate the length value properly before using it. When a length value is larger than the actual buffer size supplied, it will corrupt heap memory beyond the allocated buffer, which could lead to an exploitable condition. QuickTime Player versions prior to 7.6.9 are vulnerable.
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Mac OS X, Windows and Cross Platform releases are all included in this file.
We are all ducks, meekly sitting while those who have the hacking skills infiltrate our mind’s eyes, aka our laptops. It seems, sadly, that among the latest victims of boys…
Some online service providers are in the cross hairs this week for allegedly abandoning WikiLeaks after it published secret U.S. diplomatic cables and drew retaliatory technical, political and legal attacks….
iFTPStorage versions 1.3 and below for iPhone / iPod Touch suffers from a directory traversal vulnerability.
A bug that led popular social networking site Facebook to accidentally delete a host of legitimate accounts earlier this week was quickly seized by cybercriminals to get Facebook users to…
51 bytes small OSX / Intel setuid shell for x86_64.
Secunia Security Advisory – Multiple vulnerabilities have been reported in Apple iOS, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, disclose sensitive information, bypass certain security restrictions, or to compromise a user’s system.
Secunia Security Advisory – Apple has acknowledged multiple vulnerabilities in Apple TV, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable device.