Tag: Apple

Appleexploitfacebookiphonem$OSX security toolsPrivacySecuritytoolstwitterXSS

Apple Security Advisory 2013-09-18-3

Apple Security Advisory 2013-09-18-3 - Xcode 5.0 is now available and addresses a security issue in Git. When using the imap-send command, git did not verify that the server hostname matched a domain name in the X.509 certificate, which allowed a man-in-the-middle attacker to spoof SSL servers via an arbitrary valid certificate. This issue was addressed by updating git to version 1.8.3.1.
Appleexploitfacebookiphonem$OSX security toolsPrivacySecuritytoolstwitterXSS

Packet Storm Exploit 2013-0827-1 – Oracle Java ByteComponentRaster.verify() Memory Corruption

The ByteComponentRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a memory corruption vulnerability that allows bypassing of "dataOffsets[]" boundary checks. This exploit code demonstrates remote code execution by popping calc.exe. It was obtained through the Packet Storm Bug Bounty program.