Secunia Security Advisory – Multiple vulnerabilities have been reported in Apple Quicktime, which can be exploited by malicious people to compromise a user’s system.
>> TAG: #Apple
Zero Day Initiative Advisory 11-304 – This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. Authentication is not required to exploit this vulnerability
Zero Day Initiative Advisory 11-303 – This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime handles H.264 streams.
Zero Day Initiative Advisory 11-295 – This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file
Apple Safari versions prior to 5.1.1 fail to enforce an intended policy for file:// URLs and in turn allows for remote attackers to execute code.
Apple Safari versions 5.0 and later on Mac OS and Windows are vulnerable to a directory traversal issue with the handling of “safari-extension://” URLs. Attackers can create malicious websites that trigger Safari to send files from the victim’s system to the attacker. Arbitrary Javascript can be executed in the web context of the Safari extension.
iDefense Security Advisory 10.12.11 – Remote exploitation of a memory corruption vulnerability in Apple Inc.’s OfficeImport framework could allow an attacker to execute arbitrary code with the privileges of the current user. iOS versions prior to 5 are vulnerable.
iDefense Security Advisory 10.12.11 – Remote exploitation of a cross site scripting vulnerability in Apple Inc.’s MobileSafari could allow an attacker to view sensitive information in the context of the targeted domain. iOS versions prior to 5 are vulnerable.
Technical Cyber Security Alert 2011-286A – There are multiple vulnerabilities in Mac OS X 10.6.8, 10.7, and 10.7.1 and Mac OS X Server 10.6.8, 10.7, and 10.7.1.
Secunia Security Advisory – Two vulnerabilities have been reported in Apple Numbers for iOS, which can be exploited by malicious people to compromise a user’s device.