Secunia Security Advisory – Apple has issued an update for Java for Mac OS X. This fixes some vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
Tags: Apple, fixes, fixes-someZero Day Initiative Advisory 11-038 – This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Tags: Apple, Application, VulnerabilityWhitepaper called The Apple Sandbox. It discuss the access control system in OS X and iOS operating systems.
Tags: access, access-control, Apple, discuss-the-accessTop Media Stories of 2010: Apple iPad, Howard Stern and WikiLeaks DailyFinance Hello, Julian Assange: The founder and editor-in-chief of WikiLeaks became the most infamous disseminator of classified information since Daniel “Pentagon …
Tags: Apple, hacker, howard-stern, mediaThe Apple QuickTime player does not properly parse .fpx media files, which causes a memory corruption by opening a malformed file with an invalid value located in PoC repro.fpx at offset 0x49. Tested vulnerable are versions 7.6.8 (1675) and 7.6.6 (1671).
Tags: Apple, invalid-valueApple Security Advisory 2010-12-16-1 – Multiple vulnerabilities have been addressed in Time Capsule and the Airport Base Station.
Tags: Apple, apple-security, SecurityZero Day Initiative Advisory 10-261 – This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application’s implementation of a custom compression algorithm. The application will trust a field within a DirectBitsRect structure which is used for an allocation, and later attempt to decompress data into this buffer. Due to the value for the allocation being different from the length of the data being decompressed a buffer overflow will occur which can lead to code execution with the privileges of the application.
Tags: Apple, Application, exploitZero Day Initiative Advisory 10-260 – This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that a user must be coerced into visiting a malicious page or opening a malicious file. The specific flaw exists within Apple’s support for Panoramic Images and occurs due to the application trusting a particular field for calculation of an offset. Due to the field being treated as a signed integer, the calculated offset can result in a pointer outside the bounds of the expected buffer. Upon usage of this out-of-bounds pointer, the application will write proceed to write image data to the invalid location. Successful exploitation can lead to code execution under the context of the application.
Tags: Apple, exploit, page-or-opening, Vulnerability
