:: Deepquest ::

Apple Security Advisory 2015-10-21-8 – OS X Server 5.0.15 is now available and addresses BIND and bypass vulnerabilities.

In versions of Mac OS X before 10.11.1, the applescript:// URL scheme is provided, which opens the provided script in the Applescript Editor. Pressing cmd-R in the Editor executes the code without any additional confirmation from the user. By getting the user to press cmd-R in Safari, and by hooking the cmd-key keypress event, a […]

Apple Security Advisory 2015-10-21-1 – iOS 9.1 is now available and addresses arbitrary code execution, cookies being overwritten, heap based buffer overflow, and various other vulnerabilities.

Apple Security Advisory 2015-10-21-2 – watchOS 2.0.1 is now available and addresses arbitrary code execution, heap buffer overflow, and various other vulnerabilities.

Apple Security Advisory 2015-10-15-1 – Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 are now available which address information compromise, arbitrary code execution, and various other vulnerabilities.

Apple Safari version 8.0.8 was prone to a URI spoofing vulnerability.

Apple Security Advisory 2015-09-30-01 – iOS 9.0.2 is now available and addresses a lock screen vulnerability.

Apple Security Advisory 2015-09-30-02 – Safari 9 is now available and addresses spoofing, communication compromise, and various other vulnerabilities.

Apple Security Advisory 2015-09-30-03 – OS X El Capitan 10.11 is now available and addresses close to 100 vulnerabilities that may exist in prior releases.

The setuid root FinderLoadBundle that was included in older DropboxHelperTools versions for OS X allows loading of dynamically linked shared libraries that are residing in the same directory. The directory in which FinderLoadBundle is located is owned by root and that prevents placing arbitrary files there. But creating a hard link from FinderLoadBundle to somewhere […]