:: Deepquest ::

ClubHACK Magazine Issue 31 – Topics covered include Tamper Data, Apple iOS vulnerabilities, Matriux Ec-Centric, and more.

Zero Day Initiative Advisory 12-130 – This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Secunia Security Advisory – Multiple vulnerabilities have been reported in Apple Safari for Mac OS X, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, disclose sensitive information, bypass certain security restrictions, and compromise a user’s system.

Security Explorations does not agree with Apple’s evaluation of a vulnerability they reported. They have decided to release proof of concept code to demonstrate a bypass vulnerability in Apple QuickTime Java extensions.

Zero Day Initiative Advisory 12-095 – This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XML elements within a TeXML file.

Secunia Security Advisory – Apple has issued an update for Java for Mac OS X.

HULK is a Python script, that generates randomly crafted, unique HTTP requests, generating a fair load on a web server, eventually exhausting it of resources. It uses various techniques to make the requests dynamic and thus more difficult to detect, such as randomising both User-Agent and Referer fields.

Proof of concept crash exploit for Safari on iOS that leverage a denial of service vulnerability.

Zero Day Initiative Advisory 12-078 – This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Apple QuickTime handles file with the Sorenson v3 Codec

Apple Security Advisory 2012-05-14-1 – This update runs a malware removal tool that will remove the most common variants of the Flashback malware.