Subscribe via feed.

Apple Security Advisory 2014-06-30-4

Posted by deepcore under Apple (No Respond)

Apple Security Advisory 2014-06-30-4 – Apple TV 6.1.2 is now available and addresses heap buffer overflow, code execution, memory disclosure, and various other vulnerabilities.

Tags: , ,

Apple Security Advisory 2014-05-12-1

Posted by deepcore under Apple (No Respond)

Apple Security Advisory 2014-05-21-1 – Safari 6.1.4 and Safari 7.0.4 are now available and address code execution vulnerabilities.

Tags: , ,

Apple Security Advisory 2014-15-20-1

Posted by deepcore under Apple (No Respond)

Apple Security Advisory 2014-15-20-1 – OS X Server 3.1.2 is now available and addresses a security issue with Ruby.

Tags: , ,

Apple Security Advisory 2014-05-16-1

Posted by deepcore under Apple (No Respond)

Apple Security Advisory 2014-05-16-1 – iTunes 11.2.1 is now available and addresses a security issue. Upon each reboot, the permissions for the /Users and /Users/Shared directories would be set to world-writable, allowing modification of these directories. This issue was addressed with improved permission handling.

Tags: , ,

Apple Security Advisory 2014-05-15-2

Posted by deepcore under Apple (No Respond)

Apple Security Advisory 2014-05-15-2 – iTunes 11.2 is now available and addresses a credential interception issue. Set-Cookie HTTP headers would be processed even if the connection closed before the header line was complete. An attacker could strip security settings from the cookie by forcing the connection to close before the security settings were sent, and […]

Tags: , ,

Apple Security Advisory 2014-0515-1

Posted by deepcore under Apple (No Respond)

Apple Security Advisory 2014-05-15-1 – OS X Mavericks version 10.9.3 is now available and includes the content of Security Update 2014-002.

Tags: , ,

Depot WiFi 1.0.0 Code Execution / Local File Inclusion

Posted by deepcore under Apple (No Respond)

Depot WiFi version 1.0.0 for iOS suffers from code execution and local file inclusion vulnerabilities.

Tags: , ,

Mac OS X NFS Mount Privilege Escalation

Posted by deepcore under Apple (No Respond)

This exploit leverage a stack overflow vulnerability to escalate privileges. The vulnerable function nfs_convert_old_nfs_args does not verify the size of a user-provided argument before copying it to the stack. As a result by passing a large size, a local user can overwrite the stack with arbitrary content. Mac OS X Lion Kernel versions equal to […]

Tags: , ,

Apple Security Advisory 2014-04-22-4

Posted by deepcore under Apple (No Respond)

Apple Security Advisory 2014-04-22-4 – AirPort Base Station Firmware Update 7.7.3 is now available and addresses a security issue. An out-of-bounds read issue existed in the OpenSSL library when handling TLS heartbeat extension packets. An attacker in a privileged network position could obtain information from process memory. This issue was addressed through additional bounds checking. […]

Tags: , ,

AirPhoto WebDisk 4.1.0 Code Execution

Posted by deepcore under Apple (No Respond)

AirPhoto WebDisk version 4.1.0 for iOS suffers from a code execution vulnerability.

Tags: , ,