Secunia Security Advisory 43574
Secunia Security Advisory - Apple has issued an update for Java for Mac OS X. This fixes some vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
Zero Day Initiative Advisory 11-038
Zero Day Initiative Advisory 11-038 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The Apple Sandbox
Whitepaper called The Apple Sandbox. It discuss the access control system in OS X and iOS operating systems.
Top Media Stories of 2010: Apple iPad, Howard Stern and WikiLeaks – DailyFinance
Top Media Stories of 2010: Apple iPad, Howard Stern and WikiLeaks DailyFinance Hello, Julian Assange: The founder and editor-in-chief of WikiLeaks became the most infamous disseminator of classified information since Daniel "Pentagon ...
Apple Quicktime Memory Corruption
The Apple QuickTime player does not properly parse .fpx media files, which causes a memory corruption by opening a malformed file with an invalid value located in PoC repro.fpx at offset 0x49. Tested vulnerable are versions 7.6.8 (1675) and 7.6.6 (1671).
Apple Security Advisory 2010-12-16
Apple Security Advisory 2010-12-16-1 - Multiple vulnerabilities have been addressed in Time Capsule and the Airport Base Station.
Zero Day Initiative Advisory 10-261
Zero Day Initiative Advisory 10-261 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's implementation of a custom compression algorithm. The application will trust a field within a DirectBitsRect structure which is used for an allocation, and later attempt to decompress data into this buffer. Due to the value for the allocation being different from the length of the data being decompressed a buffer overflow will occur which can lead to code execution with the privileges of the application.
Zero Day Initiative Advisory 10-260
Zero Day Initiative Advisory 10-260 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that a user must be coerced into visiting a malicious page or opening a malicious file. The specific flaw exists within Apple's support for Panoramic Images and occurs due to the application trusting a particular field for calculation of an offset. Due to the field being treated as a signed integer, the calculated offset can result in a pointer outside the bounds of the expected buffer. Upon usage of this out-of-bounds pointer, the application will write proceed to write image data to the invalid location. Successful exploitation can lead to code execution under the context of the application.