:: Deepquest ::

Apple Security Advisory 2015-03-09-4 – Xcode 6.2 is now available and addresses spoofing and validation checking issues.

A malicious Jar file can bypass all OS X Gatekeeper warnings and protections, allowing a remote attacker to execute arbitrary unsigned code downloaded by the user. Java must be installed on the victim’s machine.

Apple Security Advisory 2015-01-27-1 – Apple TV 7.0.3 is now available and addresses arbitrary code execution, access bypass, unsigned code execution, information disclosure, and various other vulnerabilities.

Apple Security Advisory 2015-01-27-2 – iOS 8.1.3 is now available and addresses access bypass, arbitrary code execution, denial of service, and various other vulnerabilities.

Apple Security Advisory 2015-01-27-3 – Safari 8.0.3, Safari 7.1.3, and Safari 6.2.3 are now available and address memory corruption issues that can lead to arbitrary code execution.

Apple Security Advisory 2015-01-27-4 – OS X 10.10.2 and Security Update 2015-001 are now available and address information disclosure, arbitrary code execution, cache clearing, integer overflow, and various other vulnerabilities.

OS X networkd “effective_audit_token” XPC type confusion sandbox escape proof of concept exploit.

OS X 10.10 IOKit IntelAccelerator suffers from a null pointer dereference vulnerability. This is the proof of concept exploit released by Google.

OS X 10.9.5 IOKit IntelAccelerator suffers from a null pointer dereference vulnerability. This is the proof of concept exploit released by Google.

OS X 10.10 Bluetooth DispatchHCICreateConnection crash denial of service proof of concept exploit.