240 replies to this topic

[AplusWebMaster]

FYI...

> https://support.appl.../en-us/HT201222

Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6
- https://support.appl.../en-us/HT205373
Oct 15, 2015

Keynote 6.6
- http://www.securityt....com/id/1033823
CVE Reference: CVE-2015-7032, CVE-2015-7033
Oct 16 2015
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes ...
Solution: The vendor has issued a fix (6.6).

Pages 5.6
- http://www.securityt....com/id/1033821
CVE Reference: CVE-2015-7034
Oct 16 2015
Impact: Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes ...
Solution: The vendor has issued a fix (5.6).
- http://www.securityt....com/id/1033826
CVE Reference: CVE-2015-7032, CVE-2015-7033
Oct 16 2015
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes ...
Solution: The vendor has issued a fix (5.6).

Numbers 3.6
- http://www.securityt....com/id/1033825
CVE Reference: CVE-2015-7032, CVE-2015-7033
Oct 16 2015
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes
Solution: The vendor has issued a fix (3.6).
___

- https://www.us-cert....ges-and-Numbers
Oct 15, 2015 - "... Available updates include:
    Keynote 6.6, Pages 5.6, and Numbers 3.6 for OS X Yosemite v10.10.4 or later
    Keynote 6.6, Pages 5.6, and Numbers 3.6 for iOS v8.4 or later ..."
 

Edited by AplusWebMaster, 16 October 2015 - 07:11 AM.

[AplusWebMaster]

FYI...

> https://support.appl.../en-us/HT201222

iOS 9.1
- https://support.appl.../en-us/HT205370
Oct 21, 2015 - "Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later. Impact: Visiting a maliciously crafted website may lead to arbitrary code execution..."
- http://www.securityt....com/id/1033931
CVE Reference: CVE-2015-7010, CVE-2015-7018
Oct 22 2015
Impact: Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 9.1 ...

Safari 9.0.1
- https://support.appl.../en-us/HT205377
Oct 21, 2015 - "Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5 and OS X El Capitan v10.11. Impact: Visiting a maliciously crafted website may lead to arbitrary code execution..."
- http://www.securityt....com/id/1033939
CVE Reference: CVE-2015-5931, CVE-2015-7011, CVE-2015-7013
Oct 22 2015
Impact: Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 9.0.1

iTunes 12.3.1
- https://support.appl.../en-us/HT205372
Oct 21, 2015 - "Available for: Windows 7 and later. Impact: A man-in-the-middle attack while browsing the iTunes Store via iTunes may result in unexpected application termination or arbitrary code execution..."

Mac EFI Security Update 2015-002
- https://support.appl.../en-us/HT205317
Oct 21, 2015 - "Available for: OS X Mavericks v10.9.5. Impact: An attacker can exercise unused EFI functions..."

OS X Server 5.0.15
- https://support.appl.../en-us/HT205376
Oct 21, 2015 - "BIND: Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.1 or later
Impact: Multiple vulnerabilities in BIND
Description: Multiple vulnerabilities existed in BIND versions prior to 9.9.7-P3, one of which may have allowed a remote attacker to cause a denial of service. These issues were addressed by updating BIND to version 9.9.7-P3..."
- http://www.securityt....com/id/1033933
CVE Reference: CVE-2015-7031
Oct 22 2015
Impact: Host/resource access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): OS X Server prior to 5.0.15 ...

OS X El Capitan v10.11.1 and Security Update 2015-007
- https://support.appl.../en-us/HT205375
Oct 21, 2015 - "Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11. Impact: Visiting a maliciously crafted website may lead to arbitrary code execution..."
- http://www.securityt....com/id/1033929
CVE Reference: CVE-2015-5924, CVE-2015-5925, CVE-2015-5926, CVE-2015-5927, CVE-2015-5928, CVE-2015-5929, CVE-2015-5930, CVE-2015-5935, CVE-2015-5936, CVE-2015-5937, CVE-2015-5939, CVE-2015-5940, CVE-2015-5942, CVE-2015-6974, CVE-2015-6975, CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6979, CVE-2015-6981, CVE-2015-6982, CVE-2015-6983, CVE-2015-6986, CVE-2015-6988, CVE-2015-6989, CVE-2015-6990, CVE-2015-6991, CVE-2015-6992, CVE-2015-6993, CVE-2015-6994, CVE-2015-6995, CVE-2015-6996, CVE-2015-6997, CVE-2015-6999, CVE-2015-7000, CVE-2015-7002, CVE-2015-7004, CVE-2015-7005, CVE-2015-7006, CVE-2015-7008, CVE-2015-7009, CVE-2015-7012, CVE-2015-7014, CVE-2015-7015, CVE-2015-7017, CVE-2015-7022, CVE-2015-7023   
Oct 22 2015
Impact: Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10.9.5, 10.10.5, 10.11 ...

Xcode 7.1
- https://support.appl.../en-us/HT205379
Oct 21, 2015 - "Available for: OS X Yosemite v10.10.5 or later. Impact: Swift programs performing certain type conversions may receive unexpected values. Description: A type conversion issue existed that could lead to conversions returning unexpected values. This issue was addressed through improved type checking..."
- http://www.securityt....com/id/1033930
CVE Reference: CVE-2015-7030
Oct 22 2015
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to versions 7.1R22.1, 7.4, 8.0R11, 8.1R3 ...

watchOS 2.0.1
- https://support.appl.../en-us/HT205378
Oct 21, 2015 - "Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes. Impact: Some cards may allow a terminal to retrieve limited recent transaction information when making a payment. Description: The transaction log functionality was enabled in certain configurations. This issue was addressed by removing the transaction log functionality. This update additionally addresses the issue for Apple Watches manufactured with watchOS 2..."
___

> https://www.us-cert....ecurity-Updates
Oct 21, 2015
 

Edited by AplusWebMaster, 23 October 2015 - 07:51 AM.

[AplusWebMaster]

FYI...

> https://support.appl.../en-us/HT201222

iOS 9.2
- https://support.appl.../en-us/HT205635
Dec 8, 2015 - "Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later..."
- http://www.securityt....com/id/1034348
CVE Reference: CVE-2015-7037, CVE-2015-7051, CVE-2015-7055, CVE-2015-7069, CVE-2015-7070, CVE-2015-7072, CVE-2015-7079, CVE-2015-7080, CVE-2015-7093, CVE-2015-7113
Dec 9 2015
Impact: Disclosure of system information, Disclosure of user information, Modification of system information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 9.2 ...

Safari 9.0.2
- https://support.appl.../en-us/HT205639
Dec 8, 2015 - "Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1 ..."
- http://www.securityt....com/id/1034341
CVE Reference: CVE-2015-7048, CVE-2015-7050, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, CVE-2015-7103, CVE-2015-7104
Dec 9 2015
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 9.0.2 ...

OS X El Capitan 10.11.2 and Security Update 2015-008
- https://support.appl.../en-us/HT205637
Dec 8, 2015 - "Available for: OS X El Capitan v10.11 and v10.11.1
Impact: Multiple vulnerabilities in PHP
Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.29, the most serious of which may have led to remote code execution. These were addressed by updating PHP to version 5.5.30..."
- http://www.securityt....com/id/1034344
CVE Reference: CVE-2012-1147, CVE-2012-1148, CVE-2015-5333, CVE-2015-5334, CVE-2015-7001, CVE-2015-7038, CVE-2015-7039, CVE-2015-7040, CVE-2015-7041, CVE-2015-7042, CVE-2015-7043, CVE-2015-7044, CVE-2015-7045, CVE-2015-7046, CVE-2015-7047, CVE-2015-7052, CVE-2015-7053, CVE-2015-7054, CVE-2015-7058, CVE-2015-7059, CVE-2015-7060, CVE-2015-7061, CVE-2015-7062, CVE-2015-7063, CVE-2015-7064, CVE-2015-7065, CVE-2015-7066, CVE-2015-7067, CVE-2015-7068, CVE-2015-7071, CVE-2015-7073, CVE-2015-7074, CVE-2015-7075, CVE-2015-7076, CVE-2015-7077, CVE-2015-7078, CVE-2015-7081, CVE-2015-7083, CVE-2015-7084, CVE-2015-7094, CVE-2015-7105, CVE-2015-7106, CVE-2015-7107, CVE-2015-7108, CVE-2015-7109, CVE-2015-7110, CVE-2015-7111, CVE-2015-7112
Dec 9 2015
Impact: Denial of service via local system, Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Root access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes ...
Solution: The vendor has issued a fix.

Xcode 7.2
- https://support.appl.../en-us/HT205642
Dec 8, 2015 - "Available for: OS X Yosemite v10.10.5 or later..."
- http://www.securityt....com/id/1034340
CVE Reference: CVE-2015-7049, CVE-2015-7056, CVE-2015-7057, CVE-2015-7082
Dec 9 2015
Impact: Execution of arbitrary code via local system, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes ...
Solution: The vendor has issued a fix (7.2).

tvOS 9.1
- https://support.appl.../en-us/HT205640
Dec 8, 2015 - "Available for: Apple TV (4th generation)..."

watchOS 2.1
- https://support.appl.../en-us/HT205641
Dec 8, 2015 - "Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes..."
___

- https://www.us-cert....ecurity-Updates
Dec 08, 2015
 

Edited by AplusWebMaster, 09 December 2015 - 06:33 AM.

[AplusWebMaster]

FYI...

> https://support.appl.../en-us/HT201222

iTunes 12.3.2 released
- https://support.appl.../en-us/HT205636
Dec 11, 2015 - "Available for: Windows 7 and later..."
___

Security Update 2015-006 Yosemite
- https://support.appl.../en-us/HT205653
Last Modified: Dec 12, 2015

OS X El Capitan 10.11.2, Security Update 2015-005 Yosemite, and Security Update 2015-008 Mavericks
- https://support.appl.../en-us/HT205637
Dec 12, 2015 - "Available for: OS X El Capitan v10.11 and v10.11.1..."
___

- https://www.us-cert....y-Update-iTunes
Dec 11, 2015
 

[AplusWebMaster]

FYI...

QuickTime 7.7.9 released
- https://support.appl.../en-us/HT205638
Jan 7, 2016

Download:
- https://www.apple.co...ktime/download/

... for Windows Vista or Windows 7
___

- http://www.securityt....com/id/1034610
CVE Reference: CVE-2015-7085, CVE-2015-7086, CVE-2015-7087, CVE-2015-7088, CVE-2015-7089, CVE-2015-7090, CVE-2015-7091, CVE-2015-7092, CVE-2015-7117
Jan 8 2016
Impact: Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 7.7.9 ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (7.7.9)...
___

... fails to install plug-in on Firefox - unless this procedure is followed:

1. Download QT 7.7.9 from:
> https://www.apple.co...ktime/download/
... save download where you want.
2. Dble-click the .exe file.
3. Choose "Custom" install.
4. See "Optional Quicktime Features" and choose "QuickTime Web Plugin" (eliminate the red-x).
5. Choose "Next" and the upgrade/install should complete OK. If you don't do this in the recommended sequence, it will -fail- to install the plug-in for Firefox - likely other browsers, too.
 

Edited by AplusWebMaster, 20 January 2016 - 11:50 AM.

[AplusWebMaster]

FYI...

- https://support.appl.../en-us/HT201222

iOS 9.2.1 released
- https://support.appl.../en-us/HT205732
Jan 14, 2016 - "Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later.."
- http://www.securityt....com/id/1034737
CVE Reference: CVE-2016-1723, CVE-2016-1724, CVE-2016-1725, CVE-2016-1726, CVE-2016-1727, CVE-2016-1728, CVE-2016-1730
Jan 20 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 9.2.1
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can obtain potentially sensitive information on the target system.
A remote user can read and write cookies on the target user's system.
Solution: The vendor has issued a fix (9.2.1)...

Safari 9.0.3 released
- https://support.appl.../en-us/HT205730
Jan 15, 2016 - "Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.2..."

OS X El Capitan 10.11.3 and Security Update 2016-001
- https://support.appl.../en-us/HT205731
Jan 19, 2016
- http://www.securityt....com/id/1034736
CVE Reference: CVE-2015-7995, CVE-2016-1716, CVE-2016-1717, CVE-2016-1718, CVE-2016-1719, CVE-2016-1720, CVE-2016-1721, CVE-2016-1722, CVE-2016-1729
Jan 20 2016
Impact: A local user can obtain kernel-level or root privileges on the target system.
Solution: The vendor has issued a fix (10.11.3; Security Update 2016-001).
___

- https://www.us-cert....itan-and-Safari
Jan 19, 2016
 

Edited by AplusWebMaster, 20 January 2016 - 05:13 AM.

[AplusWebMaster]

FYI...

Apple confirms OS X update broke Ethernet port on some Macs, here’s how to fix ...
- http://9to5mac.com/2...res-how-to-fix/
"... Read the -full- steps on Apple’s Support Site* and take care not to delete anything but the file in question. If you don’t mind losing data, it may be simpler to use Recovery Mode to just Reinstall OS X. This will fix the problem when OS X is started afresh, but obviously has the big downside of deleting other data. Make sure you have recent -backups- in any case."
* https://support.appl.../en-us/HT205956
Last Modified: Mar 4, 2016
 

[AplusWebMaster]

FYI...

Do NOT install iOS 9.3 on your iPad 2 - Upgrade bricks slabs
> http://www.theregist...bricks_ipad_2s/
23 Mar 2016 at 20:30

... iPad 2 (GSM model) after you update to iOS 9.3
>> https://support.appl.../en-us/HT206214
Mar 25, 2016 Mar 28, 2016
 

> https://support.appl.../en-us/HT206203
Mar 25, 2016 Mar 28, 2016  Mar 29, 2016

- https://apple.slashd...iphone-and-ipad
Mar 29, 2016 - "Many users are experiencing an issue with their iPhone and iPad wherein trying to open a link on Safari, Mail, Chrome or any other app causes it to freeze and crash*. The issue renders any type of search with Safari as useless as none of the links returned will open. The wide-spread issue - for which there's no-known-workaround just yet - seems to be affecting users on both iOS 9.2 and iOS 9.3. Apple has acknowledged the issue and says it will release a fix "soon." There's no official word on what's causing the issue, but a popular theory with developers is that the glitch has something to do with Universal Links, a feature Apple first introduced with iOS 9. It appears some apps, such as Booking .com, are abusing this capability, causing the Universal Link database to overload."
* https://discussions....rt=765&tstart=0
___

- https://support.appl.../en-us/HT201222

iOS 9.3 released
- https://support.appl.../en-us/HT206166
21 Mar 2016 - "Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later..."
- http://www.securityt....com/id/1035353
CVE Reference: CVE-2015-8659, CVE-2016-0801, CVE-2016-0802, CVE-2016-1734, CVE-2016-1740, CVE-2016-1748, CVE-2016-1750, CVE-2016-1751, CVE-2016-1752, CVE-2016-1753, CVE-2016-1754, CVE-2016-1755, CVE-2016-1756, CVE-2016-1757, CVE-2016-1758, CVE-2016-1760, CVE-2016-1761, CVE-2016-1762, CVE-2016-1763, CVE-2016-1766, CVE-2016-1775, CVE-2016-1778, CVE-2016-1779, CVE-2016-1780, CVE-2016-1781, CVE-2016-1782, CVE-2016-1783, CVE-2016-1784, CVE-2016-1785, CVE-2016-1786, CVE-2016-1788
Mar 22 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 9.3 ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote or local user can obtain potentially sensitive information on the target system.
An application can obtain elevated privileges on the target system.
An application can bypass security controls on the target system.
Solution: The vendor has issued a fix (9.3)...

Safari 9.1
- https://support.appl.../en-us/HT206171
21 Mar 2016 - "Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.3..."
- http://www.securityt....com/id/1035354
CVE Reference: CVE-2009-2197, CVE-2016-1771, CVE-2016-1772
Mar 22 2016
Impact: A remote user can cause denial of service conditions on the target system.
A remote user can obtain potentially sensitive information on the target system.
A remote user can spoof the user interface.
Solution: The vendor has issued a fix (9.1)...

OS X El Capitan v10.11.4 and Security Update 2016-002
- https://support.appl.../en-us/HT206167
21 Mar 2016 - "Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3..."
- http://www.securityt....com/id/1035363
CVE Reference: CVE-2016-1732, CVE-2016-1733, CVE-2016-1735, CVE-2016-1736, CVE-2016-1737, CVE-2016-1738, CVE-2016-1741, CVE-2016-1743, CVE-2016-1744, CVE-2016-1745, CVE-2016-1746, CVE-2016-1747, CVE-2016-1749, CVE-2016-1764, CVE-2016-1767, CVE-2016-1768, CVE-2016-1769, CVE-2016-1770, CVE-2016-1773
Mar 22 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A local or remote user can obtain potentially sensitive information on the target system.
A local user can obtain elevated privileges on the target system.
Solution: The vendor has issued a fix (10.11.4, Security Update 2016-002)...

OS X Server 5.1
- https://support.appl.../en-us/HT206173
21 Mar 2016 - "Available for: OS X Yosemite v10.10.5 and later..."
- http://www.securityt....com/id/1035342
CVE Reference: CVE-2016-1774, CVE-2016-1776, CVE-2016-1777, CVE-2016-1787
Mar 22 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): OS X Server prior to 5.1; OS X 10.10.5 and after...
Impact: A local user can obtain privileged files on the target system.
A remote user can obtain potentially sensitive information on the target system.
Solution: The vendor has issued a fix (OS X Server 5.1)...

Xcode 7.3
- https://support.appl.../en-us/HT206172
21 Mar 2016 - "Available for: OS X El Capitan v10.11 and later..."
- http://www.securityt....com/id/1035352
CVE Reference: CVE-2016-1765
Mar 22 2016
Fix Available: Yes  Vendor Confirmed:  Yes  
Impact: A local user can obtain elevated privileges on the target system.
Solution: The vendor has issued a fix (7.3)...

tvOS 9.2
- https://support.appl.../en-us/HT206169
21 Mar 2016 - "Available for: Apple TV (4th generation)..."

watchOS 2.2
- https://support.appl.../en-us/HT206168
21 Mar 2016 - "Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes..."

Apple Software Update 2.2
- https://support.appl.../en-us/HT206091
Mar 10, 2016 - "Available for: Windows 7 and later..."
___

iOS 9.3
> https://lists.apple....r/msg00000.html
watchOS 2.2
> https://lists.apple....r/msg00001.html
tvOS 9.2
> https://lists.apple....r/msg00002.html
Xcode 7.3
> https://lists.apple....r/msg00003.html
OS X El Capitan 10.11.4 and Security Update 2016-002
> https://lists.apple....r/msg00004.html
Safari 9.1
> https://lists.apple....r/msg00005.html
OS X Server 5.1
> https://lists.apple....r/msg00006.html
___

- https://www.us-cert....ecurity-Updates
March 21, 2016
 

Edited by AplusWebMaster, 30 March 2016 - 05:32 AM.

[AplusWebMaster]

FYI...

- https://support.appl.../en-us/HT201222

iOS 9.3.1 released

- https://support.appl.../en-us/HT206225
Last Modified: Mar 31, 2016 - "iOS 9.3.1 includes the security content of iOS 9.3."

> https://lists.apple..../Mar/index.html

??

- http://www.theinquir...acts-and-photos
Apr 05 2016 - "... AFTER releasing iOS 9.3.1 to fix the link-crashing glitch plaguing iPhones and iPads, a bug has been spotted in the update that allows -anyone- to access photos and contacts on a locked device. A YouTube video (below) shows the vulnerability in action and reveals that all a hacker needs to pilfer contacts from a passcode-locked iPhone 6S or 6S Plus is access to Siri and 3D Touch... there -is- a way to keep your iPhone's information safe should it fall into the hands of a hacker... Siri can carry out the command in question only if given permission to access Twitter account information, as well as contacts and photos. To -revoke- these permissions, head to:
Settings > Privacy and switch -off- Siri's access to Twitter and Photos. To stop it accessing your contacts, you'll need to -disable- Siri's lock screen activation by heading to Settings > Touch ID & Passcode."
(See Video 0:49 at the URL above.)
___

iBooks Author 2.4.1
- https://support.appl.../en-us/HT206224
Last Modified: Mar 31, 2016
CVE-2016-1789

> https://lists.apple....r/msg00008.html

- https://www.us-cert....Security-Update
Apr 1, 2016
___

APPLE-SA-2016-03-28-1 OS X: Flash Player plug-in blocked
- https://lists.apple....r/msg00007.html
28 Mar 2016 - "Due to security issues in older versions, Apple has updated the web plug-in blocking mechanism to disable all versions prior to Flash Player 21.0.0.182 and 18.0.0.333. Information on blocked web plug-ins will be posted to:
- http://support.apple.../en-us/HT202681 "
Last Modified: Mar 18, 2016

 

Edited by AplusWebMaster, 05 April 2016 - 02:14 PM.

[AplusWebMaster]

FYI...

Apple Ends Support for QuickTime for Windows; New Vulnerabilities Announced
- https://www.us-cert....lerts/TA16-105A
April 14, 2016

> https://support.appl.../en-us/HT205771
___

Apple is deprecating QuickTime for Windows
- http://blog.trendmic...-windows-today/
April 14, 2016 - "... Apple is deprecating QuickTime for Microsoft Windows. They will no longer be issuing security updates for the product on the Windows Platform and recommend users uninstall it. Note that this does not apply to QuickTime on Mac OSX... our Zero Day Initiative has just released two advisories ZDI-16-241 and ZDI-16-242 detailing two new, critical vulnerabilities affecting QuickTime for Windows..."
> http://zerodayinitia...ies/ZDI-16-241/
> http://zerodayinitia...ies/ZDI-16-242/

- http://www.securityt....com/id/1035579
Apr 15 2016
___

- https://support.appl.../en-us/HT201175
Apr 20, 2016 - "QuickTime 7 for Windows is no longer supported by Apple... All current Windows web browsers support video without the need for browser plug-ins. If you no longer need QuickTime 7 on your PC, follow the instructions for uninstalling QuickTime 7 for Windows*."
* https://support.apple.com/kb/HT205771
 

Edited by AplusWebMaster, 21 April 2016 - 12:40 PM.

[AplusWebMaster]

FYI...

- https://support.appl.../en-us/HT201222

iOS 9.3.2 update appears to be bricking iPads
- http://www.theregist...e_bricks_ipads/
17 May 2016 - "... Reports of borked iPads emerged on Twitter thanks reportedly to a hardware issue requiring users to possibly restore their devices or contact support... Users have Tweeted* to Apple Support (@AppleSupport) with complaints their iPads -cannot- be restored through iTunes..."
* https://twitter.com/...rt/with_replies
___

iOS 9.3.2
- https://support.appl.../en-us/HT206568
Last Modified: May 23, 2016 - "Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later..."
> http://www.securityt....com/id/1035890
CVE Reference: CVE-2016-1790, CVE-2016-1801, CVE-2016-1802, CVE-2016-1803, CVE-2016-1807, CVE-2016-1808, CVE-2016-1811, CVE-2016-1813, CVE-2016-1814, CVE-2016-1817, CVE-2016-1818, CVE-2016-1819, CVE-2016-1823, CVE-2016-1824, CVE-2016-1827, CVE-2016-1828, CVE-2016-1829, CVE-2016-1830, CVE-2016-1831, CVE-2016-1832, CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-1841, CVE-2016-1842, CVE-2016-1847, CVE-2016-1852
May 17 2016
Version(s): prior to 9.3.2 ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can cause the target system to crash.
A remote or local user can obtain potentially sensitive information on the target system.
A remote user can gain elevated privileges on the target system.
Solution: The vendor has issued a fix (9.3.2)...
___

iTunes 12.4
- https://support.appl.../en-us/HT206379
May 16, 2016 - "Available for: Windows 7 and later..."
> http://www.securityt....com/id/1035887
CVE Reference: CVE-2016-1742
May 17 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 12.4 ...
Impact: A local user can obtain elevated privileges on the target system.
Solution: The vendor has issued a fix (12.4)...
___

Safari 9.1.1
- https://support.appl.../en-us/HT206565
May 16, 2016 - "Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.5..."
> http://www.securityt....com/id/1035888
CVE Reference: CVE-2016-1849, CVE-2016-1854, CVE-2016-1855, CVE-2016-1856, CVE-2016-1857, CVE-2016-1858, CVE-2016-1859
May 17 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 9.1.1 ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can obtain potentially sensitive information on the target system.
Solution: The vendor has issued a fix (9.1.1)...
___

OS X El Capitan v10.11.5 and Security Update 2016-003
- https://support.appl.../en-us/HT206567
May 16, 2016
> http://www.securityt....com/id/1035895
CVE Reference: CVE-2016-1791, CVE-2016-1792, CVE-2016-1793, CVE-2016-1794, CVE-2016-1795, CVE-2016-1796, CVE-2016-1797, CVE-2016-1798, CVE-2016-1799, CVE-2016-1800, CVE-2016-1804, CVE-2016-1805, CVE-2016-1806, CVE-2016-1809, CVE-2016-1810, CVE-2016-1812, CVE-2016-1815, CVE-2016-1816, CVE-2016-1820, CVE-2016-1821, CVE-2016-1822, CVE-2016-1825, CVE-2016-1826, CVE-2016-1843, CVE-2016-1844, CVE-2016-1846, CVE-2016-1848, CVE-2016-1850, CVE-2016-1851, CVE-2016-1853
May 17 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote or local user can modify data on the target system.
A remote user can cause denial of service conditions.
A local user can obtain elevated privileges on the target system.
A remote user can gain elevated privileges on the target system.
Solution: The vendor has issued a fix (10.11.5 and Security Update 2016-003)...
___

tvOS 9.2.1
- https://support.appl.../en-us/HT206564
May 16, 2016
> http://www.securityt....com/id/1035893
May 17 2016
___

watchOS 2.2.1
- https://support.appl.../en-us/HT206566
May 16, 2016
> http://www.securityt....com/id/1035894
May 17 2016
___

- https://www.us-cert....ecurity-Updates
May 16, 2016
 

Edited by AplusWebMaster, 31 May 2016 - 12:11 PM.

[AplusWebMaster]

FYI...

Apple - AirPort Base Station - Firmware Update 7.6.7 and 7.7.7
- https://support.appl.../en-us/HT206849
Jun 20, 2016

- http://www.securityt....com/id/1036136
CVE Reference: CVE-2015-7029
Jun 21 2016
Fix Available:  Yes  Vendor Confirmed:  Yes ...
Impact: A remote user can execute arbitrary code on the target system.
Solution: The vendor has issued a fix (7.6.7, 7.7.7)...

- https://www.us-cert....Security-Update
June 21, 2016
 

[AplusWebMaster]

FYI...

- https://support.appl.../en-us/HT201222

- https://lists.apple....ul/threads.html

iOS 9.3.3
- https://support.appl.../en-us/HT206902
July 18, 2016 - "Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later..."
- http://www.securityt....com/id/1036344
CVE Reference:   CVE-2016-1863, CVE-2016-1864, CVE-2016-1865, CVE-2016-4582, CVE-2016-4587, CVE-2016-4593, CVE-2016-4594, CVE-2016-4603, CVE-2016-4604, CVE-2016-4605, CVE-2016-4626, CVE-2016-4627, CVE-2016-4628, CVE-2016-4631, CVE-2016-4632, CVE-2016-4635, CVE-2016-4637
Jul 19 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 9.3.3 ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote or local user can cause denial of service conditions on the target system.
A remote or local user can obtain potentially sensitive information on the target system.
A local user can obtain elevated privileges on the target system.
A remote user can spoof a URL or content.
Solution: The vendor has issued a fix (9.3.3)...
___

iTunes 12.4.2 for Windows
- https://support.appl.../en-us/HT206901
July 18, 2016 - "Available for: Windows 7 and later..."

iCloud for Windows 5.2.1
- https://support.appl.../en-us/HT206899
July 18, 2016 - "Available for: Windows 7 and later..."

Safari 9.1.2
- https://support.appl.../en-us/HT206900
July 18, 2016 - "Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.6..."
- http://www.securityt....com/id/1036343
CVE Reference: CVE-2016-4583, CVE-2016-4584, CVE-2016-4585, CVE-2016-4586, CVE-2016-4589, CVE-2016-4590, CVE-2016-4591, CVE-2016-4592, CVE-2016-4622, CVE-2016-4623, CVE-2016-4624, CVE-2016-4651
Jul 19 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 9.1.2 ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can consume excessive memory resources on the target system.
A remote user can obtain potentially sensitive information on the target system.
A remote user can spoof user interface elements.
Solution: The vendor has issued a fix (9.1.2)...
___

OS X El Capitan v10.11.6 and Security Update 2016-004
- https://support.appl.../en-us/HT206903
July 18, 2016 - "Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later..."
- http://www.securityt....com/id/1036348
CVE Reference: CVE-2016-0718, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483, CVE-2016-4595, CVE-2016-4596, CVE-2016-4597, CVE-2016-4598, CVE-2016-4599, CVE-2016-4600, CVE-2016-4601, CVE-2016-4602, CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, CVE-2016-4612, CVE-2016-4614, CVE-2016-4615, CVE-2016-4616, CVE-2016-4619, CVE-2016-4621, CVE-2016-4625, CVE-2016-4629, CVE-2016-4630, CVE-2016-4633, CVE-2016-4634, CVE-2016-4638, CVE-2016-4639, CVE-2016-4640, CVE-2016-4641, CVE-2016-4645, CVE-2016-4646, CVE-2016-4647, CVE-2016-4648, CVE-2016-4649, CVE-2016-4650, CVE-2016-4652
Jul 19 2016
Fix Available:  Yes  Vendor Confirmed:  Yes ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A local user can cause denial of service conditions on the target system.
A remote or local user can obtain potentially sensitive information on the target system.
A local user can obtain elevated privileges on the target system.
A physically local user can view passwords.
Solution: The vendor has issued a fix (10.11.6, Security Update 2016-004)...
___

tvOS 9.2.2
- https://support.appl.../en-us/HT206905
July 18, 2016 - "Available for: Apple TV (4th generation)..."

watchOS 2.2.2
- https://support.appl.../en-us/HT206904
July 18, 2016 - "Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes..."
___

- https://www.us-cert....ecurity-Updates
July 18, 2016
 

Edited by AplusWebMaster, 20 July 2016 - 04:25 AM.

[AplusWebMaster]

FYI...

- https://support.appl.../en-us/HT201222

iOS 9.3.4 released
- https://support.appl.../en-us/HT207026
Aug 4, 2016 - "Available for: iPhone 4s and later, iPad 2 and later, iPod touch (5th generation) and later..."
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed through improved memory handling.
CVE-2016-4654: Team Pangu

... Update fixes a single issue credited to prominent jailbreaking...
> http://arstechnica.c...s-9-3-4-update/
8/4/2016
___

- http://www.securityt....com/id/1036546
CVE Reference: CVE-2016-4654
Aug 6 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9.3.3; possibly earlier versions...
Impact: An application can execute arbitrary code on the target system with kernel-level privileges.
Solution: The vendor has issued a fix (9.3.4)...
___

- https://www.us-cert....Security-Update
Aug 05, 2016
 

Edited by AplusWebMaster, 06 August 2016 - 07:32 AM.

[AplusWebMaster]

FYI...

Out-of-Band iOS Patch Fixes 0-Day ...
- https://isc.sans.edu...l?storyid=21409
2016-08-25 - "A new spyware has been discovered on the Apple platform. Called Pegasus... it turns out to be a sophisticated targeted spyware. Developed by professionals, it uses 0-day vulnerabilities, code obfuscation and encryption techniques. Apple released today an out-of-band patch for iOS (version 9.3.5)*. It fixes three critical vulnerabilities..."

iOS 9.3.5 released
* https://support.appl.../en-us/HT207107
Aug 25, 2016 - "Available for: iPhone 4s and later, iPad 2 and later, iPod touch (5th generation) and later..."

- https://lists.apple....g/msg00000.html
25 Aug 2016

- http://www.securityt....com/id/1036694
CVE Reference: CVE-2016-4655, CVE-2016-4656, CVE-2016-4657
Aug 25 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 9.3.5...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
An application can obtain portions of kernel memory contents.
An application can obtain elevated privileges on the target system.
Solution: The vendor has issued a fix (9.3.5)...

- https://www.us-cert....Security-Update
Aug 25, 2016
 

Edited by AplusWebMaster, 25 August 2016 - 04:16 PM.