Apple Security Advisory 2013-09-17-1 – OS X Server v2.2.2 is now available and addresses issues in ClamAV, PostgreSQL, and Wiki Server.
>> TAG: #javascript
Apple Security Advisory 2013-09-12-2 – Safari 5.1.10 is now available. Multiple memory corruption issues existed in JavaScriptCore’s JSArray::sort() method
A heap memory buffer overflow vulnerability exists within the WebKit’s JavaScriptCore JSArray::sort(…) method. The exploit for this vulnerability is javascript code which shows how to use it for memory corruption of internal JS objects (Unit32Array and etc.) and subsequent arbitrary code execution (custom ARM/x64 payloads can be pasted into the JS code). This exploit affects Apple Safari version 6.0.1 for iOS 6.0 and OS X 10.7/8.
The BytePackedRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a signed integer overflow that allows bypassing of “dataBitOffset” boundary checks. This vulnerability allows for remote code execution. User interaction is required for this exploit in that the target must visit a malicious page or open a malicious file
The IntegerInterleavedRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a signed integer overflow that allows bypassing of “dataOffsets[0]” boundary checks. This vulnerability allows for remote code execution
This is a whitepaper called Usability vs. Security: The Everlasting Trade-Off in the Context of Apple iOS Mobile Hotspots.
This whitepaper discusses the security of Apple iOS with particular focus on its usage in the workplace.
Apple Security Advisory 2013-03-19-1 – iOS 6.1.3 is now available and addresses multiple security issues such as execution of unsigned code, permission changes, and more.
strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems.
Secunia Security Advisory – Apple has acknowledged a vulnerability in Apple TV, which can be exploited by malicious people to compromise a user’s device.