Subscribe via feed.

OS X / Safari / Firefox REGEX Denial Of Service

Posted by deepcore under Apple (No Respond)

Mac OS X, Safari, Firefox and Kaspersky all suffer from a regular expression denial of service condition that was discovered long ago in regcomp().

Tags: , ,

Apple TV Touch Password Disclosure

Posted by deepcore under Apple (No Respond)

Apple TV had an issue where it was logging a user’s Apple ID and password via debug output in logs.

Tags: , ,

Apple Facetime Information Disclosure

Posted by deepcore under Apple (No Respond)

Facetime allows video calls for iOS. Facetime-Audio, added in iOS 7, allows audio only calls. The audio version uses a vulnerable URL scheme which is not used by Facetime Video. The URL Scheme used for Facetime-Audio allows a website to establish a Facetime-audio call to the attacker’s account, revealing the phone number or email address […]

Tags: , ,

Apple Security Advisory 2014-03-10-1

Posted by deepcore under Apple (No Respond)

Apple Security Advisory 2014-03-10-1 – iOS 7.1 is now available and addresses multiple security vulnerabilities.

Tags: , ,

Apple Security Advisory 2014-03-10-2

Posted by deepcore under Apple (No Respond)

Apple Security Advisory 2014-03-10-2 – Apple TV 6.1 is now available and addresses information disclosure, date checking failure, buffer overflow, and various other vulnerabilities.

Tags: , ,

Safari User-Assisted Download / Run Attack

Posted by deepcore under Apple (No Respond)

This Metasploit module abuses some Safari functionality to force the download of a zipped .app OSX application containing our payload. The app is then invoked using a custom URL scheme. At this point, the user is presented with Gatekeeper’s prompt: “APP_NAME” is an application downloaded from the internet. Are you sure you want to open […]

Tags: , ,

Apple Security Advisory 2014-02-25-1

Posted by deepcore under Apple (No Respond)

Apple Security Advisory 2014-02-25-1 – OS X Mavericks 10.9.2 and Security Update 2014-001 is now available and addresses multiple security issues including the recent SSL vulnerability.

Tags: , ,

Apple Security Advisory 2014-02-25-2

Posted by deepcore under Apple (No Respond)

Apple Security Advisory 2014-02-25-2 – Safari 6.1.2 and Safari 7.0.2 is now available and addresses an issue where visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.

Tags: , ,

Apple Security Advisory 2014-02-25-3

Posted by deepcore under Apple (No Respond)

Apple Security Advisory 2014-02-25-3 – QuickTime 7.7.5 is now available and addresses multiple security issues related to denial of service and arbitrary code execution.

Tags: , ,

Apple Security Advisory 2014-02-21-3

Posted by deepcore under Apple (No Respond)

Apple Security Advisory 2014-02-21-3 – Apple TV 6.0.2 is now available and addresses a security issue. Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps.

Tags: , ,