Apple iTunes suffers from a malicious script insertion vulnerability.
>> TAG: #ios
Apple iTunes suffers from a malicious script insertion vulnerability.
There is an ipc_port_t reference count leak due to incorrect externalMethod overrides that lead to a Mac OS X / iOS kernel use-after-free vulnerability.
A broken kernel mach port name uref handling on iOS and Mac OS can lead to privileged port name replacement in other processes.
A lack of error checking leads to a reference count leak and OS X / iOS kernel use-after-free vulnerability in _kernelrpc_mach_port_insert_right_trap.
syslogd on Mac OS and iOS suffers from an arbitrary port replacement vulnerability.
Apple Security Advisory 2016-12-13-1 – macOS 10.12.2 is now available and addresses arbitrary code execution, denial of service, and various other vulnerabilities.
Apple Security Advisory 2016-12-13-2 – Safari 10.0.2 is now available and addresses cross site scripting, arbitrary code execution, and various other vulnerabilities.
Apple Security Advisory 2016-12-13-3 – iTunes 12.5.4 is now available and addresses memory corruption, arbitrary code execution, and various other vulnerabilities.
Apple Security Advisory 2016-12-13-6 – This advisory provides additional information in regards to tvOS 10.1 fixes as originally documented in APPLE-SA-2016-12-12-3.
Apple Security Advisory 2016-12-13-4 – iCloud for Windows v6.1 is now available and addresses memory corruption, arbitrary code execution, and various other vulnerabilities.