240 replies to this topic

[AplusWebMaster]

FYI...

Apple TV 6.0 released
- http://support.apple.com/kb/HT5935
Last Modified: Sep 20, 2013
- http://lists.apple.c...p/msg00008.html

- https://secunia.com/advisories/54961/
Release Date: 2013-09-23
Criticality: Highly Critical
Where: From remote
Impact: Security Bypass, DoS, System access
... weakness and the vulnerabilities are reported in versions prior to 6.0.
Solution: Upgrade to version 6.0.
Original Advisory: APPLE-SA-2013-09-20-1:
http://support.apple.com/kb/HT5935
___

Xcode 5.0 released
- http://support.apple.com/kb/HT5937
Last Modified: Sep 18, 2013 - Available for: OS X Mountain Lion v10.8.4 or later...
- http://lists.apple.c...p/msg00007.html

[AplusWebMaster]

FYI...

iOS 7.0.2 released
- http://support.apple.com/kb/HT5957
Sep 26, 2013
- http://lists.apple.c...p/msg00009.html

- http://www.securityt....com/id/1029100
CVE Reference:
- https://web.nvd.nist...d=CVE-2013-5160 - 3.3
- https://web.nvd.nist...d=CVE-2013-5161 - 4.4
Sep 26 2013
Impact: User access via local system
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 7.0 ...
Solution: The vendor has issued a fix (7.0.2)...
___

iPhone and iPad users - iMessage bug in iOS 7
- http://www.theinquir...ge-bug-in-ios-7
Oct 01 2013 - "... some of Apple's forum members appear to have discovered a solution for the problem. Those suffering from the bug should disable iMessage in Settings > Messages, then reset the iPhone's network under Settings > General > Reset, then enable iMessage again. We've tried this, and our iMessage function seems to be back up and running as normal..."

Edited by AplusWebMaster, 01 October 2013 - 03:04 PM.

[AplusWebMaster]

FYI...

Apple OS X v10.8.5 Supplemental Update
- http://support.apple.com/kb/HT5964
Oct 3, 2013
- http://lists.apple.c...t/msg00000.html

- http://www.securityt....com/id/1029126
CVE Reference: https://web.nvd.nist...d=CVE-2013-5163 - 6.6
Oct 3 2013
Impact: Modification of system information
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 10.8 - 10.8.5...
The vendor's advisory is available at:
http://support.apple.com/kb/HT5964
___

iTunes 11.1.1
- https://support.apple.com/kb/DL1614
Oct 2, 2013 - "This update resolves an issue that may cause iTunes Extras to display incorrectly, fixes a problem with deleted podcasts, and improves stability..."

Edited by AplusWebMaster, 13 October 2013 - 05:42 PM.

[AplusWebMaster]

FYI...

Apple-SA-2013-10-15-1 Java for OS X 2013-005 and Mac OS X v10.6 Update 17
- http://lists.apple.c...t/msg00001.html
15 Oct 2013

- https://secunia.com/advisories/55328/
Release Date: 2013-10-16
Criticality: Highly Critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information, DoS, System access
CVE Reference(s): CVE-2013-3829, CVE-2013-4002, CVE-2013-5772, CVE-2013-5774, CVE-2013-5775, CVE-2013-5776, CVE-2013-5777, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5787, CVE-2013-5788, CVE-2013-5789, CVE-2013-5790, CVE-2013-5797, CVE-2013-5800, CVE-2013-5801, CVE-2013-5802, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5805, CVE-2013-5806, CVE-2013-5809, CVE-2013-5810, CVE-2013-5812, CVE-2013-5814, CVE-2013-5817, CVE-2013-5818, CVE-2013-5819, CVE-2013-5820, CVE-2013-5823, CVE-2013-5824, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5831, CVE-2013-5832, CVE-2013-5838, CVE-2013-5840, CVE-2013-5842, CVE-2013-5843, CVE-2013-5844, CVE-2013-5846, CVE-2013-5848, CVE-2013-5849, CVE-2013-5850, CVE-2013-5851, CVE-2013-5852, CVE-2013-5854
... update for Java for Mac OS X. This fixes multiple vulnerabilities, which can be exploited by malicious users to manipulate certain data and by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
For more information: https://secunia.com/SA55315/
Solution: Apply Java for OS X 2013-005 or Mac OS X v10.6 Update 17 (please see the vendor's advisory for details).
Original Advisory: APPLE-SA-2013-10-15-1:
http://lists.apple.c...t/msg00001.html

[AplusWebMaster]

FYI...

iOS 7.0.3 ...
- http://lists.apple.c...t/msg00002.html
22 Oct 2013
- https://secunia.com/advisories/55447/
Release Date: 2013-10-23
NOT Critical ...

- http://www.securityt....com/id/1029233
CVE Reference: CVE-2013-5144, CVE-2013-5162, CVE-2013-5164
Oct 23 2013
Impact: User access via local system
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 7.0.2; iPhone 4 and later ...
Solution: The vendor has issued a fix (7.0.3).
The vendor's advisory is available at:
http://support.apple.com/kb/HT6010
___

Safari 6.1 ...
- http://lists.apple.c...t/msg00003.html
22 Oct 2013
- https://secunia.com/advisories/55448/
Release Date: 2013-10-23
Criticality: Highly Critical
Where: From remote
Impact: Cross Site Scripting, Exposure of sensitive information, System access
CVE Reference(s): CVE-2013-1036, CVE-2013-1037, CVE-2013-1038, CVE-2013-1039, CVE-2013-1040, CVE-2013-1041, CVE-2013-1042, CVE-2013-1043, CVE-2013-1044, CVE-2013-1045, CVE-2013-1046, CVE-2013-1047, CVE-2013-2842, CVE-2013-2848, CVE-2013-5125, CVE-2013-5126, CVE-2013-5127, CVE-2013-5128, CVE-2013-5129, CVE-2013-5130, CVE-2013-5131
... vulnerabilities are reported in versions prior to 6.1.
Solution: Update to version 6.1.
Original Advisory: APPLE-SA-2013-10-22-2:
http://support.apple.com/kb/HT6000
___

OS X Mavericks v10.9 ...
- http://lists.apple.c...t/msg00004.html
22 Oct 2013
- https://secunia.com/advisories/55446/
Release Date: 2013-10-23
Criticality: Highly Critical
Where: From remote
Impact: Hijacking, Security Bypass, Spoofing, Exposure of sensitive information, Privilege escalation, DoS, System access
Operating System: Apple Macintosh OS X
CVE Reference(s): CVE-2011-2391, CVE-2011-3389, CVE-2011-3427, CVE-2011-4944, CVE-2012-0845, CVE-2012-0876, CVE-2012-1150, CVE-2013-0249, CVE-2013-1667, CVE-2013-1944, CVE-2013-3950, CVE-2013-3954, CVE-2013-4073, CVE-2013-5135, CVE-2013-5138, CVE-2013-5139, CVE-2013-5141, CVE-2013-5142, CVE-2013-5145, CVE-2013-5165, CVE-2013-5166, CVE-2013-5167, CVE-2013-5168, CVE-2013-5169, CVE-2013-5170, CVE-2013-5171, CVE-2013-5172, CVE-2013-5173, CVE-2013-5174, CVE-2013-5175, CVE-2013-5176, CVE-2013-5177, CVE-2013-5178, CVE-2013-5179, CVE-2013-5180, CVE-2013-5181, CVE-2013-5182, CVE-2013-5183, CVE-2013-5184, CVE-2013-5185, CVE-2013-5186, CVE-2013-5187, CVE-2013-5188, CVE-2013-5189, CVE-2013-5190, CVE-2013-5191, CVE-2013-5192
Solution: Update to version 10.9 (Maverick).
Original Advisory: APPLE-SA-2013-10-22-3:
http://support.apple.com/kb/HT6011
http://lists.apple.c...t/msg00004.html
___

iTunes 11.1.2
- http://lists.apple.c...t/msg00009.html
22 Oct 2013
- https://secunia.com/advisories/55442/
Release Date: 2013-10-23
Criticality: Highly Critical
Where: From remote
Impact: Exposure of sensitive information, DoS, System access
Solution Status: Vendor Patch
CVE Reference(s): CVE-2011-3102, CVE-2012-0841, CVE-2012-2807, CVE-2012-2825, CVE-2012-2870, CVE-2012-2871, CVE-2012-5134, CVE-2013-1024, CVE-2013-1037, CVE-2013-1038, CVE-2013-1039, CVE-2013-1040, CVE-2013-1041, CVE-2013-1042, CVE-2013-1043, CVE-2013-1044, CVE-2013-1045, CVE-2013-1046, CVE-2013-1047, CVE-2013-2842, CVE-2013-5125, CVE-2013-5126, CVE-2013-5127, CVE-2013-5128
... vulnerabilities are reported in versions prior to 11.1.2.
Solution: Update to version 11.1.2.
Original Advisory: APPLE-SA-2013-10-22-8:
http://support.apple.com/kb/HT6001

Edited by AplusWebMaster, 23 October 2013 - 09:28 AM.

[AplusWebMaster]

FYI...

OS X Mavericks upgr. destroys data, reports WD
Issues extend to external hard drives, as well as eSATA- or Thunderbolt-based peripherals from other vendors
- http://www.infoworld...-digital-230100
Nov 04, 2013
 

[AplusWebMaster]

FYI...

iOS 7.0.4 released
- http://lists.apple.c...v/msg00000.html
14 Nov 2013
CVE-2013-5193
Impact: App and In-App purchases may be completed with insufficient authorization
Description: A signed-in user may be able to complete a transaction without providing a password when prompted. This issue was addressed by additional enforcement of purchase authorization.
... update is available through iTunes and Software Update on your iOS device, and will -not- appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes...

- http://www.securityt....com/id/1029346
CVE Reference: CVE-2013-5193
Nov 14 2013
Impact: Modification of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 7.0.3 and prior...
Impact: A local user can make purchases without proper authorization.
Solution: The vendor has issued a fix (7.0.4)...
The vendor's advisory is available at:
- http://support.apple.com/kb/HT6058
 

Edited by AplusWebMaster, 15 November 2013 - 05:42 AM.

[AplusWebMaster]

FYI...

Safari 7.0.1 released
- https://secunia.com/advisories/56122/
Release Date: 2013-12-17
Criticality: Highly Critical
Where: From remote
Impact: Security Bypass, System access
CVE Reference(s): CVE-2013-2909, CVE-2013-5195, CVE-2013-5196, CVE-2013-5197, CVE-2013-5198,
CVE-2013-5199, CVE-2013-5225, CVE-2013-5227, CVE-2013-5228
Solution: Update to version 6.1.1. or 7.0.1.
Original Advisory: APPLE-SA-2013-12-16-1:
http://support.apple.com/kb/HT6082
___

OSX 10.9.1 released
- https://secunia.com/advisories/56144/
Release Date: 2013-12-17
Criticality: Highly Critical
Where: From remote
Impact: Security Bypass, System access
CVE Reference(s): CVE-2013-2909, CVE-2013-5195, CVE-2013-5196, CVE-2013-5197, CVE-2013-5198,
CVE-2013-5199, CVE-2013-5225, CVE-2013-5227, CVE-2013-5228
For more information: https://secunia.com/SA56122/
... security issue and vulnerabilities are reported in version 10.9.
Solution: Update to version 10.9.1.
Original Advisory: APPLE-SA-2013-12-16-2:
http://support.apple.com/kb/HT6084
 

[AplusWebMaster]

FYI...

Apple Motion 5.1 released
- http://www.securityt....com/id/1029521
CVE Reference: https://web.nvd.nist...d=CVE-2013-6114 - 5.0
Dec 19 2013
Impact: Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 5.1 ...
Solution: The vendor has issued a fix (5.1), available from the Mac App Store.
The vendor's advisory is available at: http://support.apple.com/kb/HT6041

- https://secunia.com/advisories/56196/
Release Date: 2013-12-20
Criticality: Highly Critical
Where: From remote
Impact: System access ...
CVE Reference: CVE-2013-6114
... vulnerability is reported in versions prior to 5.1.
Solution: Update to version 5.1.
Original Advisory: APPLE-SA-2013-12-19-1:
- http://support.apple.com/kb/HT6041
 

[AplusWebMaster]

FYI...

iTunes 11.1.4 released
- https://support.apple.com/kb/HT6001
Jan 22, 2014
CVE-2011-3102, CVE-2012-0841, CVE-2012-2807, CVE-2012-2825, CVE-2012-5134, CVE-2012-2870, CVE-2012-2871, CVE-2013-1024, CVE-2013-1037, CVE-2013-1038, CVE-2013-1039, CVE-2013-1040, CVE-2013-1041, CVE-2013-1042, CVE-2013-1043, CVE-2013-1044, CVE-2013-1045, CVE-2013-1046, CVE-2013-1047, CVE-2013-2842, CVE-2013-5125, CVE-2013-5126, CVE-2013-5127, CVE-2013-5128,
CVE-2014-1242

Use Apple Software Update to get it.

- http://www.securityt....com/id/1029671
- https://web.nvd.nist...d=CVE-2014-1242 - 5.8
Jan 23 2014
Impact:   Disclosure of system information, Modification of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 11.1.4
Description:  A vulnerability was reported in Apple iTunes. A remote user can conduct man-in-the-middle attacks.
Solution: The vendor has issued a fix (11.1.4)...
 

Edited by AplusWebMaster, 24 January 2014 - 06:21 PM.

[AplusWebMaster]

FYI...

Apple Pages 5.1 / 2.1 released
- https://secunia.com/advisories/56630/
Release Date: 2014-01-24
Criticality: Highly Critical
Where: From remote
Impact: System access...
Software: Apple Pages 5.x
CVE Reference: https://web.nvd.nist...d=CVE-2014-1252 - 7.5 (HIGH)
vulnerability is reported in versions prior to 5.1.
Solution: Update to version 5.1.
Original Advisory: APPLE-SA-2014-01-23-1:
http://support.apple.com/kb/HT6117
Jan 23, 2014

- https://itunes.apple...409201541?mt=12
Updated: Jan 23, 2014
Version: 5.1

- https://www.apple.co...port/ios/pages/

- https://secunia.com/advisories/56615/
Release Date: 2014-01-24
Criticality: Highly Critical
Where: From remote
Impact: System access...
Software: Apple Pages for iOS 2.x
CVE Reference: CVE-2014-1252
... vulnerability is reported in versions prior to 2.1.
Solution: Update to version 2.1.

- https://itunes.apple...d361309726?mt=8
Updated: Jan 23, 2014
Version: 2.1
 

 

Edited by AplusWebMaster, 24 January 2014 - 05:14 PM.

[AplusWebMaster]

FYI...

Missing msvcr80.dll not found after the install of iTunes latest update
Had to uninstall iTunes and reinstall ...

Microsoft Visual C++ 2005 SP1 Redistributable Package (x64)
- http://www.microsoft...s.aspx?id=18471

- https://discussions....633790#24633790

- https://discussions....tart=0&tstart=0

... patchmanagement.org // get patchmanagement 32979
Date: Mon, 27 Jan 2014 16:32:59 -0800
From: Susan Bradley ...
___

- http://www.infoworld...-windows-235228
Jan 29, 2014
 

Edited by AplusWebMaster, 29 January 2014 - 09:07 AM.

[AplusWebMaster]

FYI...

iOS 7.0.6
- http://support.apple.com/kb/HT6147
Feb 21, 2014 - "... Data Security: Available for: iPhone 4 and later, iPod touch (5th generation), iPad 2 and later...
CVE-2014-1266..."

- https://web.nvd.nist...d=CVE-2014-1266 - 6.8

iOS 6.1.6
- http://support.apple.com/kb/HT6146
Feb 21, 2014 - "... Data Security: Available for: iPhone 3GS, iPod touch (4th generation)...
CVE-2014-1266..."

- http://www.securityt....com/id/1029811
CVE Reference: CVE-2014-1266
Feb 21 2014
Fix Available:  Yes  Vendor Confirmed:  Yes...
Impact: A remote user with the ability to conduct a man-in-the-middle attack can decrypt SSL/TLS sessions.
Solution: The vendor has issued a fix (6.1.6, 7.0.6)...
___

Apple TV 6.0.2
- http://support.apple.com/kb/HT6148
Feb 21, 2014 - "... Apple TV: Available for: Apple TV 2nd generation and later...
CVE-2014-1266..."

- http://www.securityt....com/id/1029812
CVE Reference: CVE-2014-1266
Feb 22 2014
Fix Available:  Yes  Vendor Confirmed:  Yes...  
Impact: A remote user with the ability to conduct a man-in-the-middle attack can decrypt SSL/TLS sessions.
Solution: The vendor has issued a fix (6.0.2)...
___

Apple Releases Security Updates for iOS devices and Apple TV
- https://www.us-cert....es-and-Apple-TV
Feb 21, 2014

- http://support.apple.com/kb/HT1222
 

Edited by AplusWebMaster, 24 February 2014 - 10:44 AM.

[AplusWebMaster]

FYI...

OS X Mavericks v10.9.2 update
- http://support.apple.com/kb/HT6114
Feb 25, 2014 - "OS X Mavericks v10.9.2 Update is recommended for all OS X Mavericks users. It improves the stability, compatibility, and security of your Mac..."
(More detail at the URL above.)

OS X Mavericks 10.9.2 and Security Update 2014-001
- http://support.apple.com/kb/HT6150
Feb 25, 2014

- http://lists.apple.c...b/msg00000.html

- http://www.securityt....com/id/1029825
CVE Reference: CVE-2014-1254, CVE-2014-1255, CVE-2014-1256, CVE-2014-1257, CVE-2014-1258, CVE-2014-1259, CVE-2014-1260, CVE-2014-1261, CVE-2014-1262, CVE-2014-1263, CVE-2014-1264, CVE-2014-1265
Feb 26 2014
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via local system, Execution of arbitrary code via network, Modification of system information, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10.7.5, 10.8.5, 10.9, 10.9.1...
Solution: The vendor has issued a fix (OS X Mavericks v10.9.2, Security Update 2014-001)...
___

Safari 6.1.2, 7.0.2
- http://support.apple.com/kb/HT6145
Feb 25, 2014

- http://lists.apple.c...b/msg00001.html

- http://www.securityt....com/id/1029826
CVE Reference: CVE-2014-1268, CVE-2014-1269, CVE-2014-1270
Feb 26 2014
Impact: Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to versions 6.1.2 and 7.0.2...
Solution: The vendor has issued a fix (6.1.2, 7.0.2)...
___

QuickTime 7.7.5 released
- http://support.apple.com/kb/HT6151
Feb 25, 2014 - "Available for: Windows 7, Vista, XP SP2 or later..."

- http://lists.apple.c...b/msg00002.html

- http://www.securityt....com/id/1029823
CVE Reference: CVE-2014-1243, CVE-2014-1244, CVE-2014-1245, CVE-2014-1246, CVE-2014-1247, CVE-2014-1248, CVE-2014-1249, CVE-2014-1250, CVE-2014-1251
Feb 26 2014
Impact: Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 7.7.5 for Windows...
Solution: The vendor has issued a fix (7.7.5 for Windows; on OS X apply APPLE-SA-2014-02-25-1 OS X Mavericks 10.9.2 or Security Update 2014-001)...

... use Apple Software Update.
 

Edited by AplusWebMaster, 26 February 2014 - 08:30 AM.

[AplusWebMaster]

FYI...

iOS 7.1 released
- http://www.securityt....com/id/1029888
CVE Reference: CVE-2013-5133, CVE-2013-6835, CVE-2014-1267, CVE-2014-1271, CVE-2014-1272, CVE-2014-1273, CVE-2014-1274, CVE-2014-1275, CVE-2014-1276, CVE-2014-1277, CVE-2014-1278, CVE-2014-1281, CVE-2014-1282, CVE-2014-1284, CVE-2014-1285, CVE-2014-1286, CVE-2014-1287, CVE-2014-1280, CVE-2014-1289, CVE-2014-1290, CVE-2014-1291, CVE-2014-1292, CVE-2014-1293, CVE-2014-1294
Mar 11 2014
Impact: Denial of service via network, Disclosure of user information, Execution of arbitrary code via local system, Execution of arbitrary code via network, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 7.1 ...
Solution: The vendor has issued a fix (7.1).
The vendor's advisory is available at:
- http://support.apple.com/kb/HT6162

"... Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later..."

- https://secunia.com/advisories/57294/
Release Date: 2014-03-11
Criticality: Highly Critical
Where: From remote
Impact: Security Bypass, Spoofing, Exposure of sensitive information, System access
Operating System: Apple iOS 7.x for iPhone 4 and later, Apple iOS for iPad 7.x, Apple iOS for iPod touch 7.x
Solution: Update to version 7.1.
___

Apple TV 6.1 released
- http://www.securityt....com/id/1029889
CVE Reference: CVE-2014-1267, CVE-2014-1271, CVE-2014-1272, CVE-2014-1273, CVE-2014-1275, CVE-2014-1278, CVE-2014-1279, CVE-2014-1280, CVE-2014-1282, CVE-2014-1287, CVE-2014-1289, CVE-2014-1290, CVE-2014-1291, CVE-2014-1292, CVE-2014-1293, CVE-2014-1294
Mar 11 2014
Impact: Denial of service via network, Execution of arbitrary code via network, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 6.1 ...
Solution: The vendor has issued a fix (6.1).
The vendor's advisory is available at:
- http://support.apple.com/kb/HT6163

- https://secunia.com/advisories/57297/
Release Date: 2014-03-11
Criticality: Highly Critical
Where: From remote
Impact: Security Bypass, Spoofing, Exposure of sensitive information, System access
Operating System: Apple TV 6.x
Solution: Update to version 6.1.
 

Edited by AplusWebMaster, 11 March 2014 - 08:07 AM.