>> TAG: #osx

Apple Security Advisory 2015-03-09-1 – iOS 8.2 is now available and addresses null pointer dereference, code execution, buffer overflows, and various other vulnerabilities.

Apple Security Advisory 2015-03-09-2 – AppleTV 7.1 is now available and addresses folder creation, code execution, and tls-related vulnerabilities.

Apple Security Advisory 2015-03-09-3 – Security Update 2015-002 is now available and addresses buffer overflow, off-by-one, type confusion, and secure transport vulnerabilities.

Apple Security Advisory 2015-03-09-4 – Xcode 6.2 is now available and addresses spoofing and validation checking issues.

A malicious Jar file can bypass all OS X Gatekeeper warnings and protections, allowing a remote attacker to execute arbitrary unsigned code downloaded by the user. Java must be installed…

Apple Security Advisory 2015-01-27-1 – Apple TV 7.0.3 is now available and addresses arbitrary code execution, access bypass, unsigned code execution, information disclosure, and various other vulnerabilities.

Apple Security Advisory 2015-01-27-2 – iOS 8.1.3 is now available and addresses access bypass, arbitrary code execution, denial of service, and various other vulnerabilities.

Apple Security Advisory 2015-01-27-3 – Safari 8.0.3, Safari 7.1.3, and Safari 6.2.3 are now available and address memory corruption issues that can lead to arbitrary code execution.

Apple Security Advisory 2015-01-27-4 – OS X 10.10.2 and Security Update 2015-001 are now available and address information disclosure, arbitrary code execution, cache clearing, integer overflow, and various other vulnerabilities.

OS X networkd “effective_audit_token” XPC type confusion sandbox escape proof of concept exploit.