Subscribe via feed.

Apple Security Advisory 2013-09-18-1

Apple Security Advisory 2013-09-18-1 – iTunes 11.1 is now available.

Tags: , , ,

Packet Storm Advisory 2013-0813-1 – Oracle Java IntegerInterleavedRaster.verify()

The IntegerInterleavedRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a signed integer overflow that allows bypassing of “dataOffsets[0]” boundary checks. This vulnerability allows for remote code execution

Tags: , , ,

Oracle Java storeImageArray() Invalid Array Indexing Code Execution

Oracle Java versions prior to 7u25 suffer from an invalid array indexing vulnerability that exists within the native storeImageArray() function inside jre/bin/awt.dll.

Tags: , ,

The Roundup for April 18, 2013 – Firedoglake

Posted by deepcore under DDOS, m$, Wikileak (No Respond)

The Roundup for April 18, 2013 Firedoglake Justice, UK style. “Chagossians [ref: US airbase on Diego Garcia] suffer blow in fight to go home as court rejects WikiLeak cable: US embassy cables allegedly detailing UK plan to stop return to Indian Ocean islands used by US military is ruled …

Tags: , ,

Apple Security Advisory 2011-11-14-1

Posted by deepcore under Apple, OSX security tools, Security, software (No Respond)

Apple Security Advisory 2011-11-14-1 – iTunes 10.5.1 is now available and addresses a man-in-the-middle vulnerability. iTunes periodically checks for software updates using an HTTP request to Apple. This request may cause iTunes to indicate that an update is available.

Tags: , ,

Skype VoIP 5.2.x / 5.3.x Memory Corruption

Posted by deepcore under Apple, OSX security tools, software (No Respond)

A critical pointer vulnerability is located in the Mac OS X and Windows versions of Skype. The bug is located in 2 input forms of a unicode HTTP search request to the Skype search directory server.

Tags: , , , ,

Zero Day Initiative Advisory 11-228

Posted by deepcore under Apple, exploit, OSX security tools (No Respond)

Zero Day Initiative Advisory 11-228 – This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari on Windows and multiple applications on OSX.

Tags: , ,

iDEFENSE Security Advisory 2011-06-01.1

Posted by deepcore under Apple, exploit, OSX security tools, Security (No Respond)

iDefense Security Advisory 06.01.11 – Remote exploitation of a design error within Cisco Systems Inc’s AnyConnect VPN client allows attackers to execute arbitrary code with the privileges of a user running Internet Explorer.

Tags: , ,

Zorg 1.0 + PJSIP 1.8.5 + libtomcrypt Back-End

Posted by deepcore under Apple, iphone, OSX security tools (No Respond)

ZORG is an open source implementation of the ZRTP protocol implementation. ZRTP provides end-to-end key exchange with Elliptic Curve Diffie-Hellmann 384bit and AES-256 SRTP encryption.

Tags: , ,

Zed Attack Proxy (ZAP) 1.1.0

Posted by deepcore under Apple, OSX security tools, Security, tools (No Respond)

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Mac OS X, Windows and Cross Platform releases are all included in this file.

Tags: , , ,