240 replies to this topic

[AplusWebMaster]

FYI...

iOS 8.1.2
- http://support.apple.com/en-us/HT6598
Last Modified: Dec 10, 2014 - "Available for... iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later"
 

[AplusWebMaster]

FYI...

OS X NTP Security Update
- https://support.apple.com/en-us/HT6601
Dec 22, 2014
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10.1
Impact: A remote attacker may be able to execute arbitrary code
Description: Several issues existed in ntpd that would have allowed an attacker to trigger buffer overflows. These issues were addressed through improved error checking.
To verify the ntpd version, type the following command in Terminal: what /usr/sbin/ntpd. This update includes the following versions:
    Mountain Lion: ntp-77.1.1
    Mavericks: ntp-88.1.1
    Yosemite: ntp-92.5.1
CVE-ID: https://web.nvd.nist...d=CVE-2014-9295 - 7.5 (HIGH)
___

- http://www.reuters.c...N0K108W20141223
Dec 23, 2014 - "Apple Inc has pushed out its first-ever automated security update to Macintosh computers to help defend against newly identified bugs that security researchers have warned could enable hackers to gain remote control of machines. The company pushed out the software on Monday to fix critical security vulnerabilities in a component of its OS X operating system called the network time protocol, or NTP, according to Apple spokesman Bill Evans. NTP is used for synchronizing clocks on computer systems. The bugs were made public in security bulletins on Friday by the Department of Homeland Security and the Carnegie Mellon University Software Engineering Institute. Carnegie Mellon identified dozens of technology companies, including Apple, whose products might be vulnerable. When Apple has released previous security patches, it has done so through its regular software update system, which typically requires user intervention. The company decided to deliver the NTP bug fixes with its technology for automatically pushing out security updates, which Apple introduced two years ago but had never previously used, because it wanted to protect customers as quickly as possible due to the severity of the vulnerabilities, Evans said. "The update is seamless," he said. "It doesn’t even require a restart." Apple does not know of any cases where vulnerable Mac computers were targeted by hackers looking to exploit the bugs, he added."

- http://arstechnica.c...-security-flaw/
Dec 23, 2014
 

Edited by AplusWebMaster, 23 December 2014 - 11:52 AM.

[AplusWebMaster]

FYI...

OS X v10.10.2 and Security Update 2015-001
- http://support.apple.../en-us/HT204244
Jan 27, 2015
> AFP Server, bash, Bluetooth, CFNetwork Cache, CoreGraphics, CPU Software, CommerceKit Framework, CoreGraphics, CoreSymbolication, FontParser, Foundation, Intel Graphics Driver, IOAcceleratorFamily, IOHIDFamily, IOKit, IOUSBFamily, Kernel, LaunchServices, libnetcore, LoginWindow, lukemftp, OpenSSL, Sandbox, SceneKit, Security, security_taskgate, Spotlight, SpotlightIndex, sysmond, UserAccountUpdater
(More detail at the URL above.)
> http://www.securityt....com/id/1031650

Safari 8.0.3, 7.1.3, 6.2.3 released
- http://support.apple.../en-us/HT204243
Jan 27, 2015
> Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10.1
CVE-2014-3192, CVE-2014-4476, CVE-2014-4477, CVE-2014-4479
> http://www.securityt....com/id/1031647

iOS 8.1.3
- http://support.apple.../en-us/HT204245
Jan 27, 2015
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
> AppleFileConduit, CoreGraphics, dyld, FontParser, Foundation, IOAcceleratorFamily, IOHIDFamily, iTunes Store, Kernel, libnetcore, MobileInstallation, Springboard, WebKit
(More detail at the URL above.)
> http://www.securityt....com/id/1031652

Apple TV 7.0.3
- http://support.apple.../en-us/HT204246
Jan 27, 2015
> Available for: Apple TV 3rd generation and later
(More detail at the URL above.)

> http://support.apple.com/en-us/HT1222
 

Edited by AplusWebMaster, 28 January 2015 - 05:03 AM.

[AplusWebMaster]

FYI...

Apple Security Update 2015-002
- https://support.appl.../en-us/HT204413
Mar 9, 2015
- http://www.securityt....com/id/1031869
CVE Reference: CVE-2015-1066
Mar 10 2015
Impact: Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10.8.5, 10.9.5, 10.10.2...
- https://lists.apple....r/msg00002.html

iOS 8.2 released
- https://support.appl.../en-us/HT204423
Mar 9, 2015
- http://www.securityt....com/id/1031868
CVE Reference: CVE-2015-1061, CVE-2015-1065
Mar 10 2015
Impact: Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Root access via local system, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10.8.5, 10.9.5, 10.10.2 ...
- https://lists.apple....r/msg00000.html

Apple TV 7.1
- https://support.appl.../en-us/HT204426
Mar 9, 2015
- https://lists.apple....r/msg00001.html

Xcode 6.2
- https://support.appl.../en-us/HT204427
Mar 9, 2015
- https://lists.apple....r/msg00003.html

- https://support.apple.com/en-us/HT1222

- https://isc.sans.edu...l?storyid=19443
Last Updated: 2015-03-10 - "... Apple also addressed a number of security vulnerabilities, most notably the "Freak" vulnerability. After updating, the affected operating systems no longer support export quality ciphers. However, Apple browsers continue to support SSLv3 and as a result, continue to be vulnerable to POODLE*...

* http://www.poodletest.com/

Quick Summary of the security content of Apple's updates:
- XCode 6.2: This update addresses 4 vulnerabilities in subversion and 1 in git.
- OS X: 5 vulnerabilities. The most serious of which is likely a code execution vulnerability in Keychain.
- Apple TV: 3 vulnerabilities. One of which would allow an attacker to write files to the system if the user mounts a corrupt disk image.
- iOS: 6 vulnerabilities. In addition to FREAK and the above mentioned Keychain problem, a vulnerability that allows an attacker with physical access to the device to see the home screen on a locked devices is patched..."

- https://www.us-cert....OS-and-Apple-TV
Mar 9, 2015
 

Edited by AplusWebMaster, 17 March 2015 - 12:54 AM.

[AplusWebMaster]

FYI...

Safari 8.0.4, 7.1.4, 6.2.4 released
- https://support.appl.../en-us/HT204560
Mar 17, 2015
- https://lists.apple....r/msg00004.html

- https://support.apple.com/en-us/HT1222

- http://www.securityt....com/id/1031936
CVE Reference: CVE-2015-1068, CVE-2015-1069, CVE-2015-1070, CVE-2015-1071, CVE-2015-1072, CVE-2015-1073, CVE-2015-1074, CVE-2015-1075, CVE-2015-1076, CVE-2015-1077, CVE-2015-1078, CVE-2015-1079, CVE-2015-1080, CVE-2015-1081, CVE-2015-1082, CVE-2015-1083, CVE-2015-1084
Mar 17 2015
Impact: Execution of arbitrary code via network, Modification of system information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes...
Solution: The vendor has issued a fix (6.2.4, 7.1.4, 8.0.4).
___

- https://www.us-cert....-Updates-Safari
March 18, 2015 - "... Updates include:
        Safari 8.0.4 for OS X Mountain Lion v10.8.5
        Safari 7.1.4 for OS X Mavericks v10.9.5
        Safari 6.2.4 for OS X Yosemite v10.10.2
US-CERT encourages users and administrators to review Apple security update HT204560 ..."
 

Edited by AplusWebMaster, 18 March 2015 - 09:39 AM.

[AplusWebMaster]

FYI...

Apple Security Update 2015-003
- https://support.appl.../en-us/HT204563
Mar 17, 2015
- https://lists.apple....r/msg00005.html
Available for: OS X Yosemite v10.10.2
CVE-2015-1061, CVE-2015-1065

- https://support.apple.com/en-us/HT1222
OS X Yosemite v10.10.2 - 19 Mar 2015
___

- https://www.us-cert....e-OS-X-Yosemite
March 20, 2015
 

Edited by AplusWebMaster, 21 March 2015 - 04:37 AM.

[AplusWebMaster]

FYI...

Security Update 2015-004 - OS X Yosemite v10.10.3
- https://support.appl.../en-us/HT204659
Apr 8, 2015
> https://lists.apple....r/msg00001.html
- http://www.securityt....com/id/1032048
CVE Reference: CVE-2015-1088, CVE-2015-1089, CVE-2015-1091, CVE-2015-1093, CVE-2015-1095, CVE-2015-1096, CVE-2015-1098, CVE-2015-1099, CVE-2015-1100, CVE-2015-1101, CVE-2015-1102, CVE-2015-1103, CVE-2015-1104, CVE-2015-1105, CVE-2015-1117, CVE-2015-1118, CVE-2015-1130, CVE-2015-1131, CVE-2015-1132, CVE-2015-1133, CVE-2015-1134, CVE-2015-1135, CVE-2015-1136, CVE-2015-1137, CVE-2015-1138, CVE-2015-1139, CVE-2015-1140, CVE-2015-1141, CVE-2015-1142, CVE-2015-1143, CVE-2015-1144, CVE-2015-1145, CVE-2015-1146, CVE-2015-1147, CVE-2015-1148
Apr 8 2015

Safari 8.0.5, 7.1.5, 6.2.5
- https://support.appl.../en-us/HT204658
Apr 8, 2015 - "Available for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.2..."
> https://lists.apple....r/msg00000.html
- http://www.securityt....com/id/1032047
CVE Reference: CVE-2015-1112, CVE-2015-1119, CVE-2015-1120, CVE-2015-1121, CVE-2015-1122, CVE-2015-1124, CVE-2015-1126, CVE-2015-1127, CVE-2015-1128, CVE-2015-1129
Apr 8 2015

iOS 8.3
- https://support.appl.../en-us/HT204661
Apr 8, 2015 - "Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later..."
> https://lists.apple....r/msg00002.html
- http://www.securityt....com/id/1032050
CVE Reference: CVE-2015-1085, CVE-2015-1086, CVE-2015-1087, CVE-2015-1090, CVE-2015-1092, CVE-2015-1094, CVE-2015-1097, CVE-2015-1106, CVE-2015-1107, CVE-2015-1108, CVE-2015-1109, CVE-2015-1110, CVE-2015-1111, CVE-2015-1113, CVE-2015-1114, CVE-2015-1115, CVE-2015-1116, CVE-2015-1123, CVE-2015-1125
Apr 9 2015

Apple TV 7.2
- https://support.appl.../en-us/HT204662
Apr 8, 2015
> https://lists.apple....r/msg00003.html

Xcode 6.3
- https://support.apple.com/kb/HT204663
Apr 8, 2015 - "Available for:  OS X Mavericks v10.9.4 or later..."
> https://lists.apple....r/msg00004.html
- http://www.securityt....com/id/1032049
CVE Reference: CVE-2015-1149
Apr 9 2015

- https://support.appl.../en-us/HT201222
___

- https://web.nvd.nist...d=CVE-2015-1118
Last revised: 04/10/2015  - "... Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (memory corruption and application crash) via a crafted configuration profile..."
> http://www.theregist...attack_ios_fix/
10 Apr 2015
 

Edited by AplusWebMaster, 10 April 2015 - 11:54 AM.

[AplusWebMaster]

FYI...

APPLE-SA-2015-04-21-1 OS X: Flash Player plug-in blocked
- https://lists.apple....r/msg00005.html
21 Apr 2015 - "Due to security issues in older versions, Apple has updated the web plug-in blocking mechanism to disable all versions prior to Flash Player 17.0.0.169 and 13.0.0.281.
Information on blocked web plug-ins will be posted to:
- http://support.apple.../en-us/HT202681 "
 

[AplusWebMaster]

FYI...

Safari 8.0.6, 7.1.6, 6.2.6
- https://support.appl.../en-us/HT204826
May 4, 2015
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.3
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling...

- https://support.appl.../en-us/HT201222

- http://www.securityt....com/id/1032270
CVE Reference: CVE-2015-1152, CVE-2015-1153, CVE-2015-1154, CVE-2015-1155, CVE-2015-1156
May 7 2015
Impact: Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to versions 6.2.6, 7.1.6, 8.0.6 ...
 

[AplusWebMaster]

FYI... iPhone "Text msg" bug

If Messages quits unexpectedly after you get a text with a specific string of characters
- https://support.appl.../en-us/HT204897
Last Modified: May 29, 2015 - "Apple is aware of an iMessage issue caused by a specific series of unicode characters and we will make a fix available in a software update. Until the update is available, you can use these steps to re-open the Messages app.
1. Ask Siri* to "read unread messages."
2. Use Siri to reply to the malicious message. After you reply, you'll be able to open Messages again.
3. If the issue continues, tap and hold the malicious message, tap More, and delete the message from the thread."

About Siri
* https://support.appl.../en-us/HT204389
Last Modified: Apr 15, 2015
___

- http://www.idownload...te-coming-soon/
"... the company will be releasing a fix via a software update soon, presumably along iOS 8.4, which is still in beta stage."
 

[AplusWebMaster]

FYI...

> https://support.appl.../en-us/HT201222

iOS 8.4 released
- https://support.appl.../en-us/HT204941
Jun 30, 2015
- http://www.securityt....com/id/1032761
CVE Reference: CVE-2015-3722, CVE-2015-3723, CVE-2015-3724, CVE-2015-3725, CVE-2015-3726, CVE-2015-3728
Jul 1 2015
Impact: Denial of service via network, Execution of arbitrary code via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 8.4...
___

QuickTime 7.7.7 released
- https://support.appl.../en-us/HT204947
Jun 30, 2015
- http://www.securityt....com/id/1032756
CVE Reference: CVE-2015-3661, CVE-2015-3662, CVE-2015-3663, CVE-2015-3664, CVE-2015-3665, CVE-2015-3666, CVE-2015-3667, CVE-2015-3668, CVE-2015-3669
Jul 1 2015
Impact: Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 7.7.7 ...
Download: https://www.apple.co...ktime/download/

"QuickTime 7.7.7 for Windows Vista or Windows 7"
Alternate download site: http://www.majorgeek.../quicktime.html
Author: Apple, Inc.
Date: 07/01/2015 06:34 AM
Size: 39.9 MB
License: Freeware
Requires: Win 10/8/7/Vista

___

Safari 8.0.7, 7.1.7, 6.2.7
- https://support.appl.../en-us/HT204950
Jun 30, 2015
- http://www.securityt....com/id/1032754
CVE Reference: CVE-2015-3658, CVE-2015-3659, CVE-2015-3660, CVE-2015-3727
Jun 30 2015
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to versions 6.2.7, 7.1.7, 8.0.7 ...
___

Security Update 2015-005 - OS X Yosemite v10.10.4
- https://support.appl.../en-us/HT204942
Jun 30, 2015
- http://www.securityt....com/id/1032759
CVE Reference: CVE-2015-4000
Jul 1 2015
Impact: Modification of authentication information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10.10 to 10.10.3 ...
Solution: The vendor has issued a fix (10.10.4, Security Update 2015-005)...
- http://www.securityt....com/id/1032760
CVE Reference: CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130, CVE-2015-3671, CVE-2015-3672, CVE-2015-3673, CVE-2015-3674, CVE-2015-3675, CVE-2015-3676, CVE-2015-3677, CVE-2015-3678, CVE-2015-3679, CVE-2015-3680, CVE-2015-3681, CVE-2015-3682, CVE-2015-3683, CVE-2015-3684, CVE-2015-3685, CVE-2015-3686, CVE-2015-3687, CVE-2015-3688, CVE-2015-3689, CVE-2015-3690, CVE-2015-3691, CVE-2015-3694, CVE-2015-3695, CVE-2015-3696, CVE-2015-3697, CVE-2015-3698, CVE-2015-3699, CVE-2015-3700, CVE-2015-3701, CVE-2015-3702, CVE-2015-3703, CVE-2015-3704, CVE-2015-3705, CVE-2015-3706, CVE-2015-3707, CVE-2015-3708, CVE-2015-3709, CVE-2015-3710, CVE-2015-3711, CVE-2015-3712, CVE-2015-3714, CVE-2015-3715, CVE-2015-3716, CVE-2015-3717, CVE-2015-3718, CVE-2015-3719, CVE-2015-3721
Jul 1 2015
Impact: Disclosure of system information, Execution of arbitrary code via local system, Execution of arbitrary code via network, Root access via local system, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10.8.5, 10.9.5, 10.10 to 10.10.3 ...
Solution: The vendor has issued a fix (10.10.4, Security Update 2015-005)...
___

Security Update 2015-001 - Mac EFI
- https://support.appl.../en-us/HT204934
Jun 30, 2015
- http://www.securityt....com/id/1032755
CVE Reference: CVE-2015-3693
Jun 30 2015
Impact: Root access via local system, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10.8.5, 10.9.5, 10.10 to 10.10.3 ...
Solution: The vendor has issued a fix (Security Update 2015-001, OS X 10.10.4).
___

iTunes 12.2 for Windows
- https://support.appl.../en-us/HT204949
Jul 1, 2015

- https://www.apple.com/itunes/download/
___

- http://net-security....ld.php?id=18577
01 July 2015 - "... The OS X update contains fixes for 77 vulnerabilities, many of which can be exploited by attackers to gain admin or root privilege, crash applications, perform unauthenticated access to the system, execute arbitrary code, intercept network traffic, and so on. It also includes fixes for vulnerabilities in the Mac EFI (Extensible Firmware Interface), one of which could allow a malicious app with root privileges to modify EFI flash memory when it resumes from sleep states...
The iOS security update contains fixes for a slew of vulnerabilities that could lead to unexpected application termination or arbitrary code execution just by making the users open or the OS process a malicious crafted PDF, text, font or .tiff file.
The 'Logjam bug' in coreTLS that could be exploited by an attacker with a privileged network position to SSL/TLS connections has also been plugged, as have two vulnerabilities discovered by FireEye researchers, which could allow attackers to deploy two new kinds of Masque Attack and prevent iOS and Watch apps from launching..."

> http://lists.apple.c...ndex.html#00005
 

Edited by AplusWebMaster, 05 July 2015 - 06:20 AM.

[AplusWebMaster]

FYI....

> https://support.appl.../en-us/HT201222

iOS 8.4.1
- https://support.appl.../en-us/HT205030
13 Aug 2015 - iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Update the iOS software on your iPhone, iPad, and iPod touch
> https://support.appl.../en-us/HT204204
Last Modified: Aug 12, 2015
- http://www.securityt....com/id/1033275
CVE Reference: CVE-2015-3756, CVE-2015-3758, CVE-2015-3759, CVE-2015-3763, CVE-2015-3766, CVE-2015-3768, CVE-2015-3776, CVE-2015-3778, CVE-2015-3782, CVE-2015-3784, CVE-2015-3793, CVE-2015-3795, CVE-2015-3796, CVE-2015-3797, CVE-2015-3798, CVE-2015-3800, CVE-2015-3802, CVE-2015-3803, CVE-2015-3804, CVE-2015-3805, CVE-2015-3806, CVE-2015-3807, CVE-2015-5746, CVE-2015-5749, CVE-2015-5752, CVE-2015-5755, CVE-2015-5756, CVE-2015-5757, CVE-2015-5758, CVE-2015-5759, CVE-2015-5761, CVE-2015-5766, CVE-2015-5769, CVE-2015-5770, CVE-2015-5773, CVE-2015-5774, CVE-2015-5775, CVE-2015-5776, CVE-2015-5777, CVE-2015-5778, CVE-2015-5781, CVE-2015-5782
Aug 14 2015
Fix Available: Yes  Vendor Confirmed:  Yes  
Version(s): prior to 8.4.1...
Solution: The vendor has issued a fix (8.4.1).

OS X Server v4.1.5
- https://support.appl.../en-us/HT205032
13 Aug 2015 - BIND: Available for: OS X Yosemite v10.10.5 or later. CVE-2015-5477
> https://web.nvd.nist...d=CVE-2015-5477
Last revised: 07/29/2015
7.8 (HIGH)

OS X Yosemite 10.10.5 and Security Update 2015-006
- https://support.appl.../en-us/HT205031
13 Aug 2015 - Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4
- http://www.securityt....com/id/1033276
CVE Reference: CVE-2014-7844, CVE-2015-3757, CVE-2015-3760, CVE-2015-3761, CVE-2015-3762, CVE-2015-3764, CVE-2015-3765, CVE-2015-3767, CVE-2015-3769, CVE-2015-3770, CVE-2015-3771, CVE-2015-3772, CVE-2015-3773, CVE-2015-3774, CVE-2015-3775, CVE-2015-3777, CVE-2015-3779, CVE-2015-3780, CVE-2015-3781, CVE-2015-3783, CVE-2015-3786, CVE-2015-3787, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-3794, CVE-2015-3799, CVE-2015-5747, CVE-2015-5748, CVE-2015-5750, CVE-2015-5751, CVE-2015-5753, CVE-2015-5754, CVE-2015-5763, CVE-2015-5768, CVE-2015-5771, CVE-2015-5772, CVE-2015-5779, CVE-2015-5783, CVE-2015-5784
Aug 14 2015
Fix Available: Yes  Vendor Confirmed:  Yes  
Version(s): 10.10 - 10.10.4...
Solution: The vendor has issued a fix (10.10.5, Security Update 2015-006).

Safari 8.0.8, 7.1.8, 6.2.8
- https://support.appl.../en-us/HT205033
13 Aug 2015 - Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.4
- http://www.securityt....com/id/1033274
CVE Reference: CVE-2015-3729, CVE-2015-3730, CVE-2015-3731, CVE-2015-3732, CVE-2015-3733, CVE-2015-3734, CVE-2015-3735, CVE-2015-3736, CVE-2015-3737, CVE-2015-3738, CVE-2015-3739, CVE-2015-3740, CVE-2015-3741, CVE-2015-3742, CVE-2015-3743, CVE-2015-3744, CVE-2015-3745, CVE-2015-3746, CVE-2015-3747, CVE-2015-3748, CVE-2015-3749, CVE-2015-3750, CVE-2015-3751, CVE-2015-3752, CVE-2015-3753, CVE-2015-3754, CVE-2015-3755
Aug 13 2015
Fix Available: Yes  Vendor Confirmed:  Yes  
Version(s): prior to versions 6.2.8, 7.1.8, 8.0.8...
Solution: The vendor has issued a fix (6.2.8, 7.1.8, 8.0.8).
 

Edited by AplusWebMaster, 17 August 2015 - 10:10 AM.

[AplusWebMaster]

FYI...

QuickTime 7.7.8 released
- https://support.appl.../en-us/HT205046
Aug 18, 2015

- https://lists.apple....g/msg00004.html
20 Aug 2015

- https://support.appl.../en-us/HT201222

Download
- https://www.apple.co...ktime/download/
QuickTime 7.7.8 for Windows Vista or Windows 7

... -or- use "Apple Software Update".
___

- http://www.securityt....com/id/1033346
CVE Reference: CVE-2015-5785, CVE-2015-5786
Aug 21 2015
Impact: Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 7.7.8...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (7.7.8)...

- https://www.us-cert....pdate-QuickTime
Aug 20, 2015
 

Edited by AplusWebMaster, 21 August 2015 - 07:52 AM.

[AplusWebMaster]

FYI...

> https://support.appl.../en-us/HT201222

iOS 9 released
- https://support.appl.../en-us/HT205212
Sep 16, 2015 - "... Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later..."
APPLE-SA-2015-09-16-1 iOS 9
- https://lists.apple....p/msg00001.html

- http://www.securityt....com/id/1033609
CVE Reference: CVE-2015-3801, CVE-2015-5764, CVE-2015-5765, CVE-2015-5767, CVE-2015-5788, CVE-2015-5789, CVE-2015-5790, CVE-2015-5791, CVE-2015-5792, CVE-2015-5793, CVE-2015-5794, CVE-2015-5795, CVE-2015-5796, CVE-2015-5797, CVE-2015-5799, CVE-2015-5800, CVE-2015-5801, CVE-2015-5802, CVE-2015-5803, CVE-2015-5804, CVE-2015-5805, CVE-2015-5806, CVE-2015-5807, CVE-2015-5809, CVE-2015-5810, CVE-2015-5811, CVE-2015-5812, CVE-2015-5813, CVE-2015-5814, CVE-2015-5816, CVE-2015-5817, CVE-2015-5818, CVE-2015-5819, CVE-2015-5820, CVE-2015-5821, CVE-2015-5822, CVE-2015-5823, CVE-2015-5824, CVE-2015-5825, CVE-2015-5826, CVE-2015-5827, CVE-2015-5829, CVE-2015-5831, CVE-2015-5832, CVE-2015-5834, CVE-2015-5835, CVE-2015-5837, CVE-2015-5838, CVE-2015-5839, CVE-2015-5840, CVE-2015-5841, CVE-2015-5842, CVE-2015-5843, CVE-2015-5844, CVE-2015-5845, CVE-2015-5846, CVE-2015-5847, CVE-2015-5848, CVE-2015-5850, CVE-2015-5851, CVE-2015-5855, CVE-2015-5856, CVE-2015-5857, CVE-2015-5858, CVE-2015-5860, CVE-2015-5861, CVE-2015-5862, CVE-2015-5863, CVE-2015-5867, CVE-2015-5868, CVE-2015-5869, CVE-2015-5874, CVE-2015-5876, CVE-2015-5879, CVE-2015-5880, CVE-2015-5882, CVE-2015-5885, CVE-2015-5892, CVE-2015-5895, CVE-2015-5896, CVE-2015-5898, CVE-2015-5899, CVE-2015-5903, CVE-2015-5904, CVE-2015-5905, CVE-2015-5906, CVE-2015-5907, CVE-2015-5912, CVE-2015-5916, CVE-2015-5921   
Sep 18 2015
Impact: Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of system information, Modification of user information, Root access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 9.0...
Solution: The vendor has issued a fix (9.0)...
___

Xcode 7.0 released
- https://support.appl.../en-us/HT205217
Sep 16, 2015 - "Available for: OS X Yosemite v10.10.4 or later..."
APPLE-SA-2015-09-16-2 Xcode 7.0
- https://lists.apple....p/msg00002.html

 

- http://www.securityt....com/id/1033596
CVE Reference: CVE-2015-5909, CVE-2015-5910
Sep 17 2015
Impact: Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes...
Solution: The vendor has issued a fix (7.0).
___

iTunes 12.3 released
- https://support.appl.../en-us/HT205221
Sep 16, 2015 - "Available for: Windows 7 and later..."
APPLE-SA-2015-09-16-3 iTunes 12.3
- https://lists.apple....p/msg00003.html

- http://www.securityt....com/id/1033617
CVE Reference: CVE-2015-5798, CVE-2015-5808, CVE-2015-5815, CVE-2015-5920
Sep 19 2015
Impact: Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 12.3 ...
Solution: The vendor has issued a fix (12.3).
___

OS X Server v5.0.3
- https://support.appl.../en-us/HT205219
Sep 16, 2015 - "Available for: OS X Yosemite v10.10.5 or later..."
APPLE-SA-2015-09-16-4 OS X Server 5.0.3
- https://lists.apple....p/msg00004.html

- http://www.securityt....com/id/1033595
CVE Reference: CVE-2015-5911
Sep 17 2015
Impact: Not specified
Fix Available:  Yes  Vendor Confirmed:  Yes...
Solution: The vendor has issued a fix (OS X Server 5.0.3)...
___

- https://www.us-cert....s-Xcode-and-iOS
Sep 16, 2015
___

iOS 9, thoroughly reviewed
- http://arstechnica.c...ughly-reviewed/
Sep 16, 2015

Apple users face issues upgrading to iOS 9 ...
- http://www.reuters.c...N0RG2I720150916
Sep 16, 2015 - "Apple Inc customers were facing issues while upgrading to iOS 9, which was released on Wednesday, technology blog 9to5Mac* reported..."

* http://9to5mac.com/2...-update-issues/
Sep 16, 2015 - "... several readers are reporting issues with updating to the new operating system. Developers using the iOS 9 GM seed released last week are also able to update to today’s release over-the-air, although the same error message is impacting those users... Other users are still seeing the previous iOS 8.4.1 version and unable to attempt to update just yet... As with any major release, the best troubleshooting solution is likely being patient and letting Apple’s servers catch up. In the meantime, some but not all users are reporting some success with updating using iTunes."

Apple customers report devices crash on iOS 9 update
- http://www.reuters.c...N0RI05P20150918
Sep 18, 2015 - "A significant number of Apple Inc customers are reporting their mobile devices have crashed after attempting to upload the new iOS 9 operating system, the latest in a line of launch glitches for the tech giant. Twitter and other social media were awash with disgruntled customers reporting two distinct faults, with one appearing to be linked specifically to older models of Apple iPhones and iPads... One group of users reported that iOS 9 upgrade would fail after several minutes, requiring them to start the process over. Many posted screen shots of the error message they received: "Software Update Failed". That problem was likely caused by servers that were overloaded when too many people tried to download the upgrade simultaneously... McKay and Brown said they always advised clients to wait several days before downloading any new upgrades from Apple, Google Inc or Microsoft Corp to make sure any glitches had been found and ironed out..."
 

Edited by AplusWebMaster, 23 September 2015 - 12:35 PM.

[AplusWebMaster]

FYI...

> https://support.appl.../en-us/HT201222

iOS 9.0.2 released
- https://support.appl.../en-us/HT205284
Sep 30, 2015 - "... Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later..."
APPLE-SA-2015-09-30-01 iOS 9.0.2
- https://lists.apple....p/msg00006.html

- http://www.securityt....com/id/1033687
CVE Reference: CVE-2015-5923
Oct 1 2015
Impact: Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 9.0.2...
Impact: A physically local user can obtain photos and contacts from a locked device.
Solution: The vendor has issued a fix (9.0.2)...
___

Safari 9 released
- https://support.appl.../en-us/HT205265
"... Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5 and OS X El Capitan v10.11..."
APPLE-SA-2015-09-30-2 Safari 9
- https://lists.apple....p/msg00007.html
30 Sep 2015

- http://www.securityt....com/id/1033688
CVE Reference: CVE-2015-5780, CVE-2015-5828
Oct 1 2015
Impact: Modification of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 9.0...
Impact: A remote user can cause a Safari extension to be silently replaced on the target user's system.
A remote user can return an HTTP redirect to the target connected plug-in without detection by the plugin.
Solution: The vendor has issued a fix (9.0)...
___

OS X El Capitan v10.11 released
- https://support.appl.../en-us/HT205267
Sep 30, 2015 - "Available for: Mac OS X v10.6.8 and later..."
APPLE-SA-2015-09-30-3 OS X El Capitan 10.11
- https://lists.apple....p/msg00008.html

- http://www.securityt....com/id/1033703
CVE Reference: CVE-2013-3951, CVE-2014-9709, CVE-2015-3330, CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2015-3785, CVE-2015-5522, CVE-2015-5523, CVE-2015-5830, CVE-2015-5833, CVE-2015-5836, CVE-2015-5849, CVE-2015-5853, CVE-2015-5854, CVE-2015-5864, CVE-2015-5865, CVE-2015-5866, CVE-2015-5870, CVE-2015-5871, CVE-2015-5872, CVE-2015-5873, CVE-2015-5875, CVE-2015-5877, CVE-2015-5878, CVE-2015-5881, CVE-2015-5883, CVE-2015-5884, CVE-2015-5887, CVE-2015-5888, CVE-2015-5889, CVE-2015-5890, CVE-2015-5891, CVE-2015-5893, CVE-2015-5894, CVE-2015-5897, CVE-2015-5900, CVE-2015-5901, CVE-2015-5902, CVE-2015-5913, CVE-2015-5914, CVE-2015-5915, CVE-2015-5917, CVE-2015-5922
Oct 1 2015
Impact: Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 10.11 ...
Solution: The vendor has issued a fix (10.11)....
___

- https://www.us-cert....-Safari-and-iOS
Sep 30, 2015