:: Deepquest ::

Apple Security Advisory 2013-09-12-2 – Safari 5.1.10 is now available. Multiple memory corruption issues existed in JavaScriptCore’s JSArray::sort() method

This Metasploit module gains a session with root permissions on versions of OS X with sudo binary vulnerable to CVE-2013-1775.

This application assists in generating an iOS hotspot cracking word list, which might be used in subsequent attacks on other hotspot users. The application also gives explanations and hints on how to crack a captured WPA2 handshake using well-known password crackers.

Apple Security Advisory 2013-03-19-2 – Apple TV 5.2.1 is now available and addresses multiple security issues such as execution of unsigned code and information disclosure issues.

This Metasploit module exploits a vulnerability in Viscosity 1.4.1 on Mac OS X. The vulnerability exists in the setuid ViscosityHelper, where an insufficient validation of path names allows execution of arbitrary python code as root. This Metasploit module has been tested successfully on Viscosity 1.4.1 over Mac OS X 10.7.5.

Apple Security Advisory 2012-11-01-2 – Safari 6.0.2 is now available and addresses multiple arbitrary code execution vulnerabilities.

Apple Security Advisory 2012-09-05-1 – An opportunity for security-in-depth hardening is addressed by updating to Java version 1.6.0_35.

Secunia Security Advisory – A security issue has been reported in Apple Remote Desktop, which may disclose sensitive information to malicious people.

The Apple Quicktime plugin for Windows is vulnerable to a remote buffer overflow vulnerability.

Zero Day Initiative Advisory 12-137 – This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Mac OSX. Authentication is not required to exploit this vulnerability. The flaw exists within the libsecurity_cdsa_plugin which implements routines defined in libsecurity_cssm.