240 replies to this topic

[AplusWebMaster]

FYI...

APPLE-SA-2013-03-04-1: Apple Mac OS X update for Java
- https://secunia.com/advisories/52484/
Release Date: 2013-03-05
Criticality level: Highly critical
Impact: System access
Where: From remote
CVE Reference(s): CVE-2013-0809, CVE-2013-1493
For more information: https://secunia.com/SA52451/
Original Advisory: APPLE-SA-2013-03-04-1:
- http://support.apple.com/kb/HT5677
- http://prod.lists.ap.../Mar/index.html

- http://prod.lists.ap...r/msg00000.html
___

Apple Web Server notifications
- https://support.apple.com/kb/HT1318
Products Affected: Mac OS X Server, Product Security
Last Modified: Feb 23, 2013

Edited by AplusWebMaster, 11 March 2013 - 03:07 PM.

[AplusWebMaster]

FYI...

Safari v6.0.3 released
- https://support.apple.com/kb/HT5671
14 Mar 2013
> http://prod.lists.ap...r/msg00003.html

- https://secunia.com/advisories/52658/
Release Date: 2013-03-15
Criticality level: Highly critical
Impact: Cross Site Scripting, System access
Where: From remote ...
Solution: Update to version 6.0.3.

- http://www.securityt....com/id/1028292
CVE Reference: CVE-2013-0960, CVE-2013-0961
Mar 14 2013
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 6.0.3...
___

APPLE-SA-2013-03-14-1 OS X Mountain Lion v10.8.3 and Security Update 2013-001
- https://support.apple.com/kb/HT5672
14 Mar 2013
> http://prod.lists.ap...r/msg00002.html

- http://prod.lists.ap.../Mar/index.html

- https://secunia.com/advisories/52643/
Release Date: 2013-03-15
Criticality level: Highly critical
Impact: Spoofing, Security Bypass, Exposure of system information, Exposure of sensitive, information, Cross Site Scripting, System access
Where: From remote ...
Solution: Update to OS X Mountain Lion 10.8.3 or apply Security Update 2013-001.

- http://atlas.arbor.n...dex#-1321171050
High Severity
March 15, 2013
Apple releases security patches for a variety of issues in OSX.
Analysis: Considering a typical attack on a end-user system, there are several issues that require attention to include: 1) A method for an attacker to launch a Java application even though Java may be disabled 2) Quicktime security vulnerabilities in the handling of MP4 files and 3) security issues in the way PDFKit handles certain malformed PDF documents. In addition to these issues there are multiple other issues that affect specific scenarios on a server install or issues that would open up the system to a local attack...

- http://www.securityt....com/id/1028294
CVE Reference: CVE-2013-0963, CVE-2013-0967, CVE-2013-0969, CVE-2013-0970, CVE-2013-0971, CVE-2013-0973, CVE-2013-0976
Updated: Mar 15 2013
Impact: Execution of arbitrary code via network, Modification of system information, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 10.6.x, 10.7.x, 10.8.x...

About the OS X Mountain Lion v10.8.3 Update
- https://support.apple.com/kb/HT5612
Mar 14, 2013

OS X Mountain Lion Update v10.8.3 (Combo)
- https://support.apple.com/kb/DL1640
Mar 14, 2013

Security Update 2013-001 (Snow Leopard)
- https://support.apple.com/kb/DL1642
Mar 14, 2013

Security Update 2013-001 (Lion)
- https://support.apple.com/kb/DL1643
Mar 14, 2013

Edited by AplusWebMaster, 16 March 2013 - 01:29 PM.

[AplusWebMaster]

FYI...

APPLE-SA-2013-03-19-1 iOS 6.1.3
- http://prod.lists.ap...r/msg00004.html
19 Mar 2013

- https://support.apple.com/kb/HT5704

- http://www.securityt....com/id/1028314
CVE Reference: CVE-2013-0977, CVE-2013-0978, CVE-2013-0979, CVE-2013-0981
Mar 19 2013
Impact: Disclosure of system information, Execution of arbitrary code via local system, Modification of system information, Root access via local system, User access via local system
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 6.1.3...
Impact: A local user can obtain elevated privileges on the target system.
Solution: The vendor has issued a fix (iOS 6.1.3) as part of APPLE-SA-2013-03-19-1 iOS 6.1.3.

- https://secunia.com/advisories/52173/
Last Update: 2013-03-20
Criticality level: Highly critical
Impact: Security Bypass, System access
Where: From remote...
Operating System: Apple iOS 6.x for iPhone 3GS and later, iPad 6.x, iPod touch 6.x
Solution: Apply iOS 6.1.3 Software Update.
___

APPLE-SA-2013-03-19-2 Apple TV 5.2.1
- http://prod.lists.ap...r/msg00005.html
19 Mar 2013

- https://secunia.com/advisories/52685/
Release Date: 2013-03-20
CVE Reference(s): CVE-2013-0977, CVE-2013-0978, CVE-2013-0981
Impact: Security Bypass
Where: Local system
Solution: Update to version 5.2.1.
___

Apple changes iOS 6.1 VPN feature
- http://h-online.com/-1837018
8 April 2013

Edited by AplusWebMaster, 08 April 2013 - 10:43 AM.

[AplusWebMaster]

FYI...

Safari 6.0.4 released
- https://support.apple.com/kb/HT5701
Apr 16, 2013

- https://support.apple.com/kb/HT1222
___

- http://h-online.com/-1843736
17 April 2013

[AplusWebMaster]

FYI...

iOS 6.1.4 update
- https://support.apple.com/kb/DL1652
May 2, 2013 - "This update contains security content originally included in previous iOS Software Updates..."

- http://nakedsecurity...e-to-ios-6-1-4/
May 3, 2013 - "... iPhone 5 only..."

iOS: How to update...
- https://support.apple.com/kb/HT4623

[AplusWebMaster]

FYI...

iTunes 11.0.3 released
- https://support.apple.com/kb/HT5766
May 16, 2013

- http://prod.lists.ap...y/msg00000.html
May 16, 2013

Use Apple Software Update
-or-
- https://www.apple.com/itunes/download/
iTunes 11.0.3 for Windows XP, Vista or Windows 7

- http://www.securityt....com/id/1028575
CVE Reference: CVE-2013-0879, CVE-2013-0991, CVE-2013-0992, CVE-2013-0993, CVE-2013-0994, CVE-2013-0995, CVE-2013-0996, CVE-2013-0997, CVE-2013-0998, CVE-2013-0999, CVE-2013-1000, CVE-2013-1001, CVE-2013-1002, CVE-2013-1003, CVE-2013-1004, CVE-2013-1005, CVE-2013-1006, CVE-2013-1007, CVE-2013-1008, CVE-2013-1010, CVE-2013-1011, CVE-2013-1014
May 16 2013
Impact: Execution of arbitrary code via network, Modification of authentication information, User access via network
Fix Available: Yes Vendor Confirmed: Yes ...
Impact: A remote user can execute arbitrary code on the target system.
A remote user can spoof digital certificates.
Solution: The vendor has issued a fix (11.0.3).

[AplusWebMaster]

FYI...

QuickTime 7.7.4 released
- https://support.apple.com/kb/HT5770
May 22, 2013

- https://support.apple.com/kb/HT1222

> http://prod.lists.ap...y/msg00001.html
... QuickTime 7.7.4 may be obtained from the QuickTime Downloads site:
http://www.apple.com...ktime/download/
-or-
Use Apple Software Update.

- https://secunia.com/advisories/53520/
Release Date: 2013-05-23
Criticality level: Highly critical
Impact: System access
Where: From remote...
CVE Reference(s): CVE-2013-0986, CVE-2013-0987, CVE-2013-0988, CVE-2013-0989, CVE-2013-1015, CVE-2013-1016, CVE-2013-1017, CVE-2013-1018, CVE-2013-1019, CVE-2013-1020, CVE-2013-1021, CVE-2013-1022
... vulnerabilities are reported in versions prior to 7.7.4.
Solution: Update to version 7.7.4.

- http://www.securityt....com/id/1028589
CVE Reference: CVE-2013-0986, CVE-2013-0987, CVE-2013-0988, CVE-2013-0989, CVE-2013-1015, CVE-2013-1016, CVE-2013-1017, CVE-2013-1018, CVE-2013-1019, CVE-2013-1020, CVE-2013-1021, CVE-2013-1022
May 23 2013
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 7.7.4 ...

- http://h-online.com/-1868186
23 May 2013

Edited by AplusWebMaster, 23 May 2013 - 01:55 PM.

[AplusWebMaster]

FYI...

Apple OS X 10.8.4 - Security Update 2013-002
- http://www.securityt....com/id/1028625
CVE Reference: CVE-2013-0982, CVE-2013-0983, CVE-2013-0984, CVE-2013-0985, CVE-2013-0975, CVE-2013-0990, CVE-2013-1024
Jun 5 2013
Impact: Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via local system, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 10.8.x prior to 10.8.4; 10.6.x, 10.7.x ...
Solution: The vendor has issued a fix (10.8.4; Security Update 2013-002).
Vendor URL: http://support.apple.com/kb/HT5784

- http://prod.lists.ap...n/msg00000.html

- https://secunia.com/advisories/53684/
Release Date: 2013-06-05
Criticality level: Highly critical
Impact: Cross Site Scripting, Exposure of sensitive information, Security Bypass, DoS,
System access
Where: From remote...

- http://h-online.com/-1883007
5 June 2013

- https://support.apple.com/kb/HT1222
___

Safari v6.0.5 released
- http://www.securityt....com/id/1028627
CVE Reference: CVE-2013-0926, CVE-2013-1009, CVE-2013-1012, CVE-2013-1013, CVE-2013-1023
Jun 5 2013
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 6.0.5
Solution: The vendor has issued a fix (6.0.5).
Vendor URL: http://support.apple.com/kb/HT5785

- http://prod.lists.ap...n/msg00001.html

- https://secunia.com/advisories/53711/
Release Date: 2013-06-05
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, System access
Where: From remote...
___

- https://isc.sans.edu...l?storyid=15929
Last Updated: 2013-06-05 02:43:44 UTC

Edited by AplusWebMaster, 05 June 2013 - 05:17 AM.

[AplusWebMaster]

FYI...

Apple Mac OS X update for Java
- https://secunia.com/advisories/53890/
Release Date: 2013-06-19
Criticality level: Highly critical
Impact: Manipulation of data, Exposure of sensitive information, Privilege escalation, DoS, System access
Where: From remote ...
For more information: https://secunia.com/SA53846/
Original Advisory: APPLE-SA-2013-06-18-1:
http://support.apple.com/kb/HT5797
"... issues were addressed by updating to Java version 1.6.0_51 ..."

- http://prod.lists.ap...n/msg00002.html
18 Jun 2013

Edited by AplusWebMaster, 19 June 2013 - 01:15 PM.

[AplusWebMaster]

FYI...

Apple Mac OS X update 2013-003
- https://secunia.com/advisories/54049/
Release Date: 2013-07-03
Criticality: Highly Critical
Where: From remote
Impact: System access
CVE Reference(s): CVE-2013-1018, CVE-2013-1019, CVE-2013-1022
Also see: https://secunia.com/SA53520/
Solution: Apply Security Update 2013-003.
Original Advisory:
http://lists.apple.c...l/msg00000.html

- http://support.apple.com/kb/HT5806

[AplusWebMaster]

FYI...

MacBook Air (Mid 2013) Software Update 1.0
- https://support.apple.com/kb/DL1672
Jul 18, 2013 - "This update is recommended for MacBook Air (mid 2013) models. This update fixes an issue that in rare instances may cause an intermittent loss in wireless connectivity, an issue with Adobe Photoshop which may cause occasional screen flickering, and an issue which may cause audio volume to fluctuate during video playback."

[AplusWebMaster]

FYI...

Apple AirPort - Firmware update 7.6.4
- https://secunia.com/advisories/54733/
Release Date: 2013-09-09
CVE Reference: https://web.nvd.nist...d=CVE-2013-5132
... vulnerability can be exploited by malicious people to cause a DoS... reported in firmware versions prior to 7.6.4.
Solution: Update to firmware version 7.6.4 via AirPort Utility.
Original Advisory: Apple (HT5920):
http://support.apple.com/kb/HT5920

Edited by AplusWebMaster, 09 September 2013 - 03:45 AM.

[AplusWebMaster]

FYI...

Safari 5.1.10 released
- https://secunia.com/advisories/54827/
Release Date: 2013-09-13
Criticality: Highly Critical
Where: From remote
Impact: System access
Software: Apple Safari 5.x
CVE Reference(s): CVE-2012-3748, CVE-2013-0997
... vulnerabilities are reported in versions prior to 5.1.10 running on OS X Snow Leopard version 10.6.8 and OS X Snow Leopard Server version 10.6.8.
Solution: Update to version 5.1.10.
Original Advisory: APPLE-SA-2013-09-12-2:
http://support.apple.com/kb/HT5921
http://lists.apple.c...p/msg00003.html
___

Apple Mac OS X Security Update 2013-004
- https://secunia.com/advisories/54829/
Release Date: 2013-09-13
Criticality: Highly Critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Spoofing, Brute force, Exposure of sensitive information, Privilege escalation, DoS, System access
CVE Reference(s): CVE-2012-0883, CVE-2012-2686, CVE-2012-2687, CVE-2012-3499, CVE-2012-3817, CVE-2012-4244, CVE-2012-4558, CVE-2012-5166, CVE-2012-5688, CVE-2013-0166, CVE-2013-0169, CVE-2013-1025, CVE-2013-1026, CVE-2013-1027, CVE-2013-1028, CVE-2013-1029, CVE-2013-1030, CVE-2013-1031, CVE-2013-1032, CVE-2013-1033, CVE-2013-1635, CVE-2013-1643, CVE-2013-1775, CVE-2013-1824, CVE-2013-1899, CVE-2013-1900, CVE-2013-1901, CVE-2013-2020, CVE-2013-2021, CVE-2013-2110, CVE-2013-2266
... vulnerabilities are reported in versions prior to 10.8.5.
Solution: Update to version 10.8.5 or apply Security Update 2013-004.
Original Advisory: APPLE-SA-2013-09-12-1:
http://lists.apple.c...p/msg00002.html
Security Update 2013-004:
http://support.apple.com/kb/HT5880
___

Flash Player updates available for OS X ...
- http://support.apple.com/kb/HT5655
Last Modified: Sep 13, 2013
- http://lists.apple.c...p/msg00001.html

Edited by AplusWebMaster, 14 September 2013 - 03:18 AM.

[AplusWebMaster]

FYI...

Apple OS X Server v2.2.2 released
- https://secunia.com/advisories/54891/
Release Date: 2013-09-18
Criticality: Moderately Critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Brute force, DoS, System access
Solution Status: Vendor Patch
Software: Apple OS X Server 2.x
CVE Reference(s): CVE-2013-1034, CVE-2013-1899, CVE-2013-1900, CVE-2013-1901, CVE-2013-2020,
CVE-2013-2021
... vulnerabilities are reported in versions prior to 2.2.2.
Original Advisory: APPLE-SA-2013-09-17-1:
http://support.apple.com/kb/HT5892

- http://www.securityt....com/id/1029047
CVE Reference: CVE-2013-1034
Sep 17 2013
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Fix Available: Yes Vendor Confirmed: Yes
Version(s): OS X 10.8; OS X Server prior to 2.2.2...

[AplusWebMaster]

FYI...

iOS7 released
- http://support.apple.com/kb/HT5934
Sep 18, 2013
- http://lists.apple.c...p/msg00006.html

- https://secunia.com/advisories/54886/
Release Date: 2013-09-19
Criticality: Highly Critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Spoofing, Brute force, Exposure of sensitive information, DoS, System access
Operating System: Apple iOS 4.x for iPhone 3GS and later, Apple iOS 4.x for iPhone 4 (CDMA), Apple iOS 5.x for iPhone 3GS and later, Apple iOS 6.x for iPhone 3GS and later, Apple iOS for iPad 4.x, Apple iOS for iPad 5.x, Apple iOS for iPad 6.x, Apple iOS for iPod touch 6.x ...
Solution: Upgrade to version 7...
Original Advisory: APPLE-SA-2013-09-18-2:
http://support.apple.com/kb/HT5934

- http://www.securityt....com/id/1029054
CVE Reference: CVE-2011-2391, CVE-2013-0957, CVE-2013-1036, CVE-2013-1037, CVE-2013-1038, CVE-2013-1039, CVE-2013-1040, CVE-2013-1041, CVE-2013-1042, CVE-2013-1043, CVE-2013-1044, CVE-2013-1045, CVE-2013-1046, CVE-2013-1047, CVE-2013-3950, CVE-2013-3953, CVE-2013-3954, CVE-2013-3955, CVE-2013-4616, CVE-2013-5125, CVE-2013-5126, CVE-2013-5127, CVE-2013-5128, CVE-2013-5129, CVE-2013-5131, CVE-2013-5134, CVE-2013-5137, CVE-2013-5138, CVE-2013-5139, CVE-2013-5140, CVE-2013-5141, CVE-2013-5142, CVE-2013-5145, CVE-2013-5149, CVE-2013-5150, CVE-2013-5151, CVE-2013-5152, CVE-2013-5153, CVE-2013-5154, CVE-2013-5155, CVE-2013-5156, CVE-2013-5157, CVE-2013-5158, CVE-2013-5159
Sep 18 2013
Impact: Denial of service via local system, Denial of service via network, Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via local system, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 7 ...

- http://www.securityt....com/id/1029072
Sep 20 2013
Impact: User access via local system
Vendor Confirmed: Yes Exploit Included: Yes
Version(s): 7
... A local user can invoke the Apple Control Center and bypass the passcode lock screen to access photos and related photo sharing applications.... No solution was available at the time of this entry.
The vendor is working on a fix...
___

- http://www.theinquir...ate-apple-users
Sep 19 2013 - "... Apple released its iOS 7 mobile operating system update on Wednesday, although download problems have meant that thousands still haven't been able to upgrade to the latest software. As seems typical with iOS updates, the release of iOS 7 didn't go smoothly. Thousands of keen iPhone and iPad users tried to download the iOS 7 update as soon as it went live... some users inundated with error messages after trying to install the software, while others were unable to download it at all... download failures likely having occurred because the firm's network and servers infrastructure couldn't handle the huge surge in traffic..."
___

iTunes 11.1 released
- http://support.apple.com/kb/HT5936
Sep 18, 2013
- http://lists.apple.c...p/msg00005.html

- https://secunia.com/advisories/54893/
Release Date: 2013-09-19
Criticality: Highly Critical
Where: From remote
Impact: System access
CVE Reference: https://web.nvd.nist...d=CVE-2013-1035 - 9.3 (HIGH)
... vulnerability is reported in versions prior to 11.1.
Solution: Update to version 11.1.
Original Advisory: APPLE-SA-2013-09-18-1:
http://support.apple.com/kb/HT5936

- http://www.securityt....com/id/1029053
CVE Reference: CVE-2013-1035
Sep 18 2013
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 11.1 ...

Edited by AplusWebMaster, 21 September 2013 - 10:54 AM.