:: Deepquest ::

The Tokend OS X module suffers from privacy leak and arbitrary file creation vulnerabilities.

Apple Security Advisory 2013-02-19-1 – Multiple vulnerabilities existed in Java 1.6.0_37, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues were addressed by updating to Java version 1.6.0_41.

Transferable Remote version 1.1 for iPad and iPhone suffers from cross site scripting, remote command injection, and local file inclusion vulnerabilities.

Apple Security Advisory 2013-02-01-1 – Multiple vulnerabilities exist in Java 1.6.0_37, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user.

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing.

Apple Security Advisory 2013-01-28-2 – Apple TV 5.2 is now available and addresses multiple security vulnerabilities.

Apple QuickTime Player Windows version 7.7.3 suffers from an out of bounds read vulnerability.

Secunia Security Advisory – Two security issues and multiple vulnerabilities have been reported in Apple iOS, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user’s device.

Apple Security Advisory 2012-11-29-1 – Apple TV 5.1.1 is now available and addresses information disclosure and code execution vulnerabilities.

This Metasploit module exploits a vulnerability found in Apple QuickTime.