Zero Day Initiative Advisory 10-254
Zero Day Initiative Advisory 10-254 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the QuickTimeMPEG.qtx module. When handling an ELST atom's edit list table data large values are not handled properly. Specifically, the media rate field is explicitly trusted and can be abused to control memory copy operations. By specifying a large enough value, an attacker can utilize this to write to an arbitrary address in process memory. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the user.
Zero Day Initiative Advisory 10-253
Zero Day Initiative Advisory 10-253 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required in that a target must open a malicious media file or visit a malicious page. The specific flaw exists within the application's implementation of the LZW compression when opening a certain file format. The application will allocate a buffer for the image and then decompress image data into it. Due to explicitly trusting the decompressed data, a buffer overflow will occur. This can lead to memory corruption and code execution under the context of the application.
Converts your iPhone / iPod touch to a flash drive (USB Mass Storage)
We’ve been waiting for so long...
Apple thefts continue, but don’t work so well for the crooks
Another day, another dumb criminal gets...
Attack of the killer PNGs
Apple on Wednesday patched 18 holes in its Mac OS X operating system, seven that could allow an attacker to remotely take over a machine when a user does nothing more than view a booby-trapped image.