FYI...

Apple iPhone / iPod touch multiple vulns - update available
- http://secunia.com/advisories/35449/2/
Release Date: 2009-06-18
Critical: Highly critical
Impact: Security Bypass, Cross Site Scripting, Exposure of sensitive information, DoS, System access
Where: From remote
Solution Status: Vendor Patch
OS: Apple iPhone, Apple iPod touch
Original Advisory: Apple: http://support.apple.com/kb/HT3639 ...

iPhone OS 3.0 Software Update
> http://www.apple.com/iphone/softwareupdate/

FYI...

Safari 4.0.2 released
- http://support.apple.com/kb/HT3666
July 08, 2009

- http://support.apple.com/downloads/
July 08, 2009 - 40MB ( Leopard) 26 MB (Tiger) 47MB (Windows)
"This update is recommended for all Safari users and improves the stability of the Nitro JavaScript engine and includes the latest compatibility and security fixes."

- http://secunia.com/advisories/35758/2/
Release Date: 2009-07-09
Critical: Highly critical
Impact: Cross Site Scripting, System access
Solution: Update to version 4.0.2.

FYI...

Apple Mac OS X v10.5.8 / Security Update 2009-003
- http://support.apple.com/kb/HT3757
Last Modified: August 05, 2009

- http://support.apple.com/downloads/

- http://lists.apple.com/archives/security-a...g/msg00001.html

- http://www.us-cert.gov/current/#apple_releases_mac_os_x1
August 6, 2009
- http://www.us-cert.gov/cas/techalerts/TA09-218A.html

- http://secunia.com/advisories/36096/2/
Release Date: 2009-08-06
Critical: Highly critical
Impact: Security Bypass, Spoofing, DoS, System access
Where: From remote
Solution Status: Vendor Patch
OS: Apple Macintosh OS X ...
Solution: Update to Mac OS X v10.5.8 or apply Security Update 2009-003...

FYI...

Apple Safari v4.0.3 released
- http://support.apple.com/downloads/
August 11, 2009 - "This update is recommended for all Safari users and includes improvements to stability, compatibility and security..."

- http://secunia.com/advisories/36269/2/
Release Date: 2009-08-12
Critical: Highly critical
Impact: Spoofing, Manipulation of data, Exposure of sensitive information, System access
Where: From remote
Solution Status: Vendor Patch
Software: Apple Safari 4.x
Solution: Update to version 4.0.3...
Original Advisory: Apple:
http://support.apple.com/kb/HT3733

FYI...

Apple Mac OSX Security Update 2009-004
- http://support.apple.com/kb/HT3776
August 12, 2009
Security Update 2009-004
• BIND - CVE-ID:
http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-0696

- http://lists.apple.com/archives/security-a...g/msg00003.html
12 Aug 2009

> http://support.apple.com/downloads/

- http://secunia.com/advisories/36299/2/
Release Date: 2009-08-13
Critical: Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch
OS: Apple Macintosh OS X ...
Solution: Apply Security Update 2009-004...

- http://blog.trendmicro.com/mac-os-x-dns-ch...an-in-the-wild/
Aug. 11, 2009 - "... be wary of prompts to download software updates that do not come from Apple’s legitimate website."



This post has been edited by AplusWebMaster: Aug 13 2009, 06:23 AM

FYI...

Java for Mac OS X 10.5 Update 5
- http://support.apple.com/kb/HT3851
September 03, 2009

> http://support.apple.com/downloads/
161.35MB

- http://voices.washingtonpost.com/securityf...ackdates_f.html
September 3, 2009 - "... The Java update brings Mac's version of Java to 10.5 Update 5, and fixes at least 16 security flaws in the program. Users can grab the patch through Software Update or directly from Apple Software Downloads. Mac users who have upgraded to Snow Leopard should be aware that the current version of the installation disc comes with an outdated version of Flash - version 10.0.23.1. Snow Leopard users can upgrade to the latest version - 10.0.32.18 - by visiting the Flash Player Download Center*."
* http://get.adobe.com/flashplayer/

- http://blogs.adobe.com/psirt/2009/09/flash...and_snow_l.html
September 2, 2009

- http://secunia.com/advisories/36598/2/
Release Date: 2009-09-04
Critical: Highly critical
Impact: Unknown, Security Bypass, Spoofing, Exposure of sensitive information, DoS, System access
Where: From remote
Solution Status: Vendor Patch
OS: Apple Macintosh OS X...
Solution: Apply Java for Mac OS X 10.5 Update 5...

.

This post has been edited by AplusWebMaster: Sep 4 2009, 02:33 PM

FYI...

Apple Mac OSX Security Update 2009-005
- http://support.apple.com/kb/HT3865
September 10, 2009
- http://support.apple.com/kb/HT3864
Mac OS X v10.6.1 Update
Last Modified: September 11, 2009

- http://support.apple.com/downloads/

- http://secunia.com/advisories/36701/2/
Release Date: 2009-09-11
Critical: Highly critical
Impact: Security Bypass, Cross Site Scripting, Exposure of sensitive information, Privilege escalation, DoS, System access
Where: From remote
Solution Status: Vendor Patch
OS: Apple Macintosh OS X ...
Solution: Update to Mac OS X v10.6.1 or apply Security Update 2009-005...

> http://www.theregister.co.uk/2009/09/11/ap...curity_updates/
11 September 2009 - "... more than 47 security bugs in its iPhone, QuickTime media player and Mac operating system..."
> http://voices.washingtonpost.com/securityf...one_quickt.html
September 10, 2009



This post has been edited by AplusWebMaster: Sep 11 2009, 08:07 AM

FYI...

iTunes playlist vuln - update available
- http://www.securityfocus.com/brief/1015
2009-09-23 - "... a single flaw in the way that iTunes 9, the latest version of its popular multimedia management software, handles playlists on both the Mac OS X and Windows operating systems. The vulnerability could allow an attacker to create a specially-crafted playlist that compromises a victim's computer with malicious software... Cybercriminals have increasingly focused on attacking third-party applications..."

- http://secunia.com/advisories/36744/2/
Release Date: 2009-09-23
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: iTunes 9.x...
Solution: Update to version 9.0.1...
Original Advisory:
http://support.apple.com/kb/HT3884
September 22, 2009

> http://www.apple.com/itunes/download/
iTunes 9.0.1 for Windows XP or Vista
-or-
...use Apple Software Update

- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2817

- http://www.us-cert.gov/current/#apple_releases_itunes_9_0
September 23, 2009



This post has been edited by AplusWebMaster: Sep 23 2009, 11:59 AM

FYI...

Apple Security Update 2009-006
- http://lists.apple.com/archives/security-a...v/msg00000.html
9 Nov 2009

- http://support.apple.com/downloads/
Mac OS X v10.6.2 Update

- http://secunia.com/advisories/37313/2/
Release Date: 2009-11-10
Critical: Highly critical
Impact: Unknown, Security Bypass, Cross Site Scripting, Spoofing, Manipulation of data, Brute force, Exposure of sensitive information, Privilege escalation, DoS, System access
Where: From remote
Solution Status: Vendor Patch
OS: Apple Macintosh OS X ...
Original Advisory: Apple:
http://support.apple.com/kb/HT3937

- http://secunia.com/advisories/37313/3/
CVE reference: CVE-2007-5707, CVE-2007-6698, CVE-2008-0658, CVE-2009-0023, CVE-2009-1191, CVE-2009-1195, CVE-2009-1574, CVE-2009-1632, CVE-2009-1890, CVE-2009-1891, CVE-2009-1955, CVE-2009-1956, CVE-2009-2202, CVE-2009-2285, CVE-2009-2408, CVE-2009-2409, CVE-2009-2412, CVE-2009-2414, CVE-2009-2416, CVE-2009-2666, CVE-2009-2799, CVE-2009-2808, CVE-2009-2810, CVE-2009-2818, CVE-2009-2819, CVE-2009-2820, CVE-2009-2823, CVE-2009-2824, CVE-2009-2825, CVE-2009-2826, CVE-2009-2827, CVE-2009-2828, CVE-2009-2829, CVE-2009-2830, CVE-2009-2831, CVE-2009-2832, CVE-2009-2833, CVE-2009-2834, CVE-2009-2835, CVE-2009-2836, CVE-2009-2837, CVE-2009-2838, CVE-2009-2839, CVE-2009-2840, CVE-2009-3111, CVE-2009-3291, CVE-2009-3292, CVE-2009-3293



This post has been edited by AplusWebMaster: Nov 10 2009, 08:42 AM

FYI...

Apple Safari v4.0.4 released
- http://secunia.com/advisories/37346/2/
Release Date: 2009-11-12
Critical: Highly critical
Impact: Security Bypass, Exposure of sensitive information, System access
Where: From remote
Solution Status: Vendor Patch
Software: Apple Safari 4.x
Solution: Update to version 4.0.4...
Original Advisory:
http://support.apple.com/kb/HT3949

CVE reference: CVE-2009-2414, CVE-2009-2416, CVE-2009-2804, CVE-2009-2816, CVE-2009-2841, CVE-2009-2842, CVE-2009-3384

- http://support.apple.com/downloads/

FYI...

Java for Mac OS X 10.6 Update 1
- http://support.apple.com/kb/DL972
December 03, 2009 - "Java for Mac OS X 10.6 Update 1 delivers improved reliability, security, and compatibility for Java SE 6. Java for Mac OS X 10.6 Update 1 supersedes the previous Java for Mac OS X 10.6... For more details on this update, please visit this website: http://support.apple.com/kb/HT3892 "

Java for Mac OS X 10.5 Update 6
- http://support.apple.com/kb/DL971
December 03, 2009 - "Java for Mac OS X 10.5 Update 6 delivers improved reliability, security, and compatibility for J2SE 5.0 and Java SE 6. Java for Mac OS X 10.5 Update 6 supersedes all previous updates of Java for Mac OS X 10.5... For more details on this update, please visit this website: http://support.apple.com/kb/HT3891 "

- http://support.apple.com/kb/HT1222

- http://secunia.com/advisories/37581/2/
Release Date: 2009-12-04
Critical: Highly critical
Impact: Security Bypass, Exposure of sensitive information, DoS, System access
Where: From remote
Solution Status: Vendor Patch
OS: Apple Macintosh OS X ...
Solution: Apply updates...
- http://secunia.com/advisories/37581/3/
CVE reference: CVE-2009-2843, CVE-2009-3728, CVE-2009-3865, CVE-2009-3866, CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3877, CVE-2009-3884



This post has been edited by AplusWebMaster: Dec 4 2009, 03:25 AM

FYI...

Apple Security Update 2010-001
- http://isc.sans.org/diary.html?storyid=8026
Last Updated: 2010-01-19 21:57:15 UTC - "In an effort not to be left out, Apple has released Security Update 2010-001 which patches a dozen vulnerabilities in CoreAudio (code execution via crafted MP4), CUPS (remote DoS), Flash Player Plug-in (multiple including arbitrary code execution), ImageIO (code execution via crafted TIFF file), Image Raw (code execution via crafted DNG image), and OpenSSL (the renegotiation exploit). Details can be found here:
http://support.apple.com/kb/HT4004 "

- http://secunia.com/advisories/38241/2/
Release Date: 2010-01-20
Critical: Highly critical
Impact: Manipulation of data, Exposure of system information, DoS, System access
Where: From remote
Solution Status: Vendor Patch
OS: Apple Macintosh OS X ...
Solution: Apply Security Update 2010-001.
Security Update 2010-001 (Snow Leopard):
http://support.apple.com/kb/DL994
Security Update 2010-001 Server (Leopard):
http://support.apple.com/kb/DL992
Security Update 2010-001 Client (Leopard):
http://support.apple.com/kb/DL993

- http://www.theinquirer.net/inquirer/news/1...fixes-bugs-os-x
20 January 2010 - "... Security update 2010-001, the first from Apple this year, is noticeably smaller than the monster issued last November that fixed almost 60 flaws, er, different levels of perfection. For those who have a little difficulty reading Apple's security updates the phrase "may lead to arbitrary code execution" is Apple's way of saying, "This flaw is so critical that it will wipe your hard-drive, melt your face, cause the return of the Cold War and lead to mass global extinction of the human race unless the patch is installed." The problem is that Apple can't bear to use the term 'critical vulnerability' and admit it can be used by attackers to hijack a Mac because its marketing machine insists that only happens to computers made by other people..."



This post has been edited by AplusWebMaster: Jan 20 2010, 06:23 AM

FYI...

Apple iPhone / iPod touch multiple vulns - update available
- http://secunia.com/advisories/38362/2/
Release Date: 2010-02-03
Critical: Highly critical
Impact: Security Bypass, Exposure of sensitive information, System access
Where: From remote
Solution Status: Vendor Patch
OS: Apple iPhone, Apple iPod touch
Solution: Update to iPhone OS 3.1.3 or iPhone OS for iPod touch 3.1.3 (downloadable and installable via iTunes).
Original Advisory: http://support.apple.com/kb/HT4013

- http://www.reghardware.co.uk/2010/02/03/ip...irmware_update/
3 February 2010

- http://blog.iphone-dev.org/

- http://isc.sans.org/diary.html?storyid=8143
Last Updated: 2010-02-03 13:41:25 UTC
"... CVE-2010-0036, CVE-2009-2285, CVE-2010-0038, CVE-2009-3384 and CVE-2009-2841
These updates are available on iTunes..."



This post has been edited by AplusWebMaster: Feb 3 2010, 12:54 PM

FYI...

Apple Safari v4.0.5 released
- http://secunia.com/advisories/38932/
Release Date: 2010-03-12
Criticality level: Highly critical
Impact: Security Bypass, Exposure of sensitive information, System access
Where: From remote
Solution Status: Vendor Patch
Solution: Update to version 4.0.5.
CVE Reference(s):
CVE-2009-2285, CVE-2010-0040, CVE-2010-0041, CVE-2010-0042, CVE-2010-0043, CVE-2010-0044, CVE-2010-0045, CVE-2010-0046, CVE-2010-0047, CVE-2010-0048, CVE-2010-0049, CVE-2010-0050, CVE-2010-0051, CVE-2010-0052, CVE-2010-0053, CVE-2010-0054
Original Advisory: Apple:
http://support.apple.com/kb/HT4070

- http://www.apple.com/safari/download/

- http://www.apple.com/support/safari/

- http://sunbeltblog.blogspot.com/2010/03/big-safari-fix.html
March 12, 2010 - "... fixes 16 vulnerabilities – six for Windows versions and ten for Mac OS X and Windows..."



This post has been edited by AplusWebMaster: Mar 12 2010, 06:45 PM