WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93098 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Apple updates...

Started by AplusWebMaster , Nov 03 2007 06:10 AM

Please log in to reply

240 replies to this topic

#16 AplusWebMaster

AplusWebMaster

Authentic Member
10,472 posts

Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 03 April 2008 - 08:02 AM

FYI...

QuickTime 7.4.5 for Windows
- http://www.apple.com...port/downloads/
04/02/2008
"This release is recommended for all QuickTime 7 users..."

QuickTime 7.4.5 for Windows
- http://www.apple.com...forwindows.html

- http://support.apple.com/kb/HT1241

- http://www.apple.com...port/quicktime/

- http://isc.sans.org/...ml?storyid=4232
Last Updated: 2008-04-03 12:14:28 UTC - "...QuickTime version 7.4.5 which addresses 11 vulnerabilities. Vulnerabilities range from denial of service attacks, information leaks to (of course) remote code execution..."

- http://secunia.com/advisories/29650/
Release Date: 2008-04-03
Critical: Highly critical
Impact: Exposure of sensitive information, DoS, System access
Where: From remote
Solution Status: Vendor Patch
...Successful exploitation of these vulnerabilities may allow execution of arbitrary code.
Solution: Update to version 7.4.5...

:ph34r:

Edited by AplusWebMaster, 03 April 2008 - 09:44 AM.

.The machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

Advertisements

Register to Remove

#17 AplusWebMaster

AplusWebMaster

Authentic Member
10,472 posts

Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 17 April 2008 - 07:47 AM

FYI...

Safari 3.1.1 released
* http://support.apple.com/kb/HT1467
4/16/2008 - "For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available..."
- http://www.apple.com...port/downloads/

- http://secunia.com/advisories/29846/
Release Date: 2008-04-17
Critical: Highly critical
Impact: Cross Site Scripting, DoS, System access
Where: From remote
Solution Status: Vendor Patch
...The vulnerabilities are reported in versions prior to 3.1.1...

.

.The machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#18 AplusWebMaster

AplusWebMaster

Authentic Member
10,472 posts

Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 24 May 2008 - 06:08 AM

FYI...

Java for Mac OS X 10.5 Update 1
- http://www.apple.com...port/downloads/
This Java for Mac OS X 10.5 Update 1 adds
Java SE 6 version 1.6.0_05 to your Mac.

.

.The machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#19 AplusWebMaster

AplusWebMaster

Authentic Member
10,472 posts

Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 28 May 2008 - 06:17 PM

FYI...

Mac OS X 10.5.3 Update / 2008-003
- http://www.apple.com...1053update.html
May 28, 2008

Security Updates
- http://support.apple.com/kb/HT1222

Security Update 2008-003 / Mac OS X 10.5.3
- http://support.apple.com/kb/HT1897

- http://secunia.com/advisories/30430/
Release Date: 2008-05-29
Critical: Highly critical
Impact: Security Bypass, Cross Site Scripting, Exposure of system information, Exposure of sensitive information, Privilege escalation, DoS, System access
Where: From remote
Solution Status: Vendor Patch
OS: Apple Macintosh OS X ...
Solution: Update to Mac OS X 10.5.3 or apply Security Update 2008-003...

Edited by AplusWebMaster, 29 May 2008 - 05:07 AM.

.The machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#20 AplusWebMaster

AplusWebMaster

Authentic Member
10,472 posts

Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 10 June 2008 - 05:48 AM

FYI...

QuickTime 7.5
- http://isc.sans.org/...ml?storyid=4547
Last Updated: 2008-06-10 11:27:16 UTC - "...Apple's security improvements* include fixes for:
- CVE-2008-1581: PICT images can lead to an heap overflow and code execution
- CVE-2008-1582: AAC coded media can lead to code execution
- CVE-2008-1583: PICT images can lead to an heap overflow and code execution
- CVE-2008-1584: Indeo video codec can lead to a stack buffer overflow and code execution - note the fix: "This update addresses the issue by not rendering Indeo video codec content."
- CVE-2008-1585: URL handling of URLs in QuickTime files could lead to attacker controlled application launch and code execution - note the fix: "This update addresses the issue by revealing files in Finder or Windows Explorer rather than launching them."
* http://support.apple.com/kb/HT1991

Download:
- http://www.apple.com...ktime/download/

Also see: http://secunia.com/advisories/29293/
Release Date: 2008-06-10
Critical: Highly critical
Solution: Update to version 7.5...

:ph34r:

Edited by AplusWebMaster, 10 June 2008 - 02:58 PM.

.The machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#21 AplusWebMaster

AplusWebMaster

Authentic Member
10,472 posts

Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 01 July 2008 - 10:08 AM

FYI...

Security Update 2008-004 and Mac OS X 10.5.4
- http://support.apple.com/kb/HT2163
Last Modified: June 30, 2008
Article: HT2163

Safari 3.1.2 for Mac OS X 10.4.11
- http://support.apple.com/kb/HT2165
Last Modified: June 30, 2008
Article: HT2165

- http://isc.sans.org/...ml?storyid=4651
Last Updated: 2008-07-01 17:17:35 UTC ...(Version: 2) - "...One thing interesting that is not fixed, is the Apple Remote Desktop vuln..."

.

Edited by AplusWebMaster, 01 July 2008 - 11:35 AM.
Added ISC notes...

.The machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#22 AplusWebMaster

AplusWebMaster

Authentic Member
10,472 posts

Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 01 August 2008 - 03:45 AM

FYI...

Apple Security Update 2008-005...
- http://isc.sans.org/...ml?storyid=4810
Last Updated: 2008-08-01 08:27:35 UTC - "Apple released their patch overnight... Most importantly it contains the workaround for the DNS bug CVE-2008-1447. Also included is an upgrade to PHP 5.2.6 (which was released in source code at http://www.php.net/ on May 1st). Seems we all need to urge Job's gang to release patches significantly faster: it's the price to pay to base parts of your system on open source code. Apple Mac OS X users get it though software update. As always it's one big patch, given that little choice, you'll want to PATCH NOW."

- http://support.apple.com/kb/HT2647
August 01, 2008

- http://www.apple.com...port/downloads/
07/31/2008

- http://secunia.com/advisories/31326/
Release Date: 2008-08-01
Critical: Highly critical
Impact: Security Bypass, Spoofing, Privilege escalation, DoS, System access
Where: From remote
Solution Status: Vendor Patch
OS: Apple Macintosh OS X ...
Solution: Apply Security Update 2008-005...

---

- http://isc.sans.org/...ml?storyid=4810
Last Updated: 2008-08-01 20:06:50 UTC ...(Version: 3) "...UPDATE ...Apple might have fixed some of the more important parts for servers, but is far from done yet as all the clients linked against a DNS client library still need to get the workaround for the protocol weakness..."

//

Edited by AplusWebMaster, 02 August 2008 - 07:11 AM.
Added Secunia advisory, ISC update...

.The machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#23 AplusWebMaster

AplusWebMaster

Authentic Member
10,472 posts

Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 09 September 2008 - 06:41 PM

FYI...

QuickTime v7.5.5 released
- http://www.apple.com...ktime/download/
09.09.2008

QuickTime 7.5.5
- http://support.apple.com/kb/HT3027
Mac OS X v10.4.9 - v10.4.11, Mac OS X v10.5 or later, Windows Vista, XP, SP2, and SP3
09 Sept 2008

- http://isc.sans.org/...ml?storyid=5014
Last Updated: 2008-09-09 20:28:34 UTC - "...The QuickTime update to 7.5.5 refers to following CVE names: CVE-2008-3615, CVE-2008-3635, CVE-2008-3624, CVE-2008-3625, CVE-2008-3614, CVE-2008-3626, CVE-2008-3627, CVE-2008-3628, CVE-2008-3629
...All of them are relating to opening "crafted" media files. Read: it's the typical list of input validation failures leading to code execution. You want this one if you have QuickTime installed..."

- http://secunia.com/advisories/31821/
Release Date: 2008-09-10
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch...

- http://web.nvd.nist....d=CVE-2008-3614
- http://web.nvd.nist....d=CVE-2008-3615
- http://web.nvd.nist....d=CVE-2008-3624
- http://web.nvd.nist....d=CVE-2008-3625
- http://web.nvd.nist....d=CVE-2008-3626
- http://web.nvd.nist....d=CVE-2008-3627
- http://web.nvd.nist....d=CVE-2008-3628
- http://web.nvd.nist....d=CVE-2008-3629
- http://web.nvd.nist....d=CVE-2008-3635

- http://www.us-cert.g...curity_updates1

:ph34r:

Edited by AplusWebMaster, 11 September 2008 - 07:06 AM.
Added CVE and US-CERT references...

.The machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#24 AplusWebMaster

AplusWebMaster

Authentic Member
10,472 posts

Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 15 September 2008 - 05:16 PM

FYI...

Mac OSX 10.5.5 and Security Update 2008-006
- http://isc.sans.org/...ml?storyid=5041
Last Updated: 2008-09-15 21:51:39 UTC - "...Apple released OSX update 10.5.5*. Built into 10.5.5 is Security Update 2008-006**, marking the 6th major security update of the year. So aside from the ton of updates in 10.5.5 for OSX Leopard, check out the below updates included with it. Keep in mind that Security Update is not just for 10.5 (OSX Leopard), being that it is also available for 10.4, Desktop and Server releases..."

* http://support.apple.com/kb/HT2405
"...Choose Software Update from the Apple menu to automatically check for the latest Apple software via the Internet, including this update..."

** http://support.apple.com/kb/HT3137

- http://www.theregist...ty_update_sept/
16 September 2008 - "...Both updates mend DNS security holes in older versions of BIND previously bundled with Apple's software..."

- http://secunia.com/advisories/31882/
Release Date: 2008-09-16
Critical: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, Manipulation of data, Exposure of system information, Exposure of sensitive information, DoS, System access
Where: From remote
Solution Status: Vendor Patch ...

:ph34r:

Edited by AplusWebMaster, 16 September 2008 - 08:03 AM.
Added Secunia advisory...

.The machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#25 AplusWebMaster

AplusWebMaster

Authentic Member
10,472 posts

Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 25 September 2008 - 08:42 AM

Edited by AplusWebMaster, 27 September 2008 - 05:58 AM.
Added CVE ref links...

.The machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

Advertisements

Register to Remove

#26 AplusWebMaster

AplusWebMaster

Authentic Member
10,472 posts

Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 10 October 2008 - 07:35 AM

FYI...

Apple Mac OS X Security Update 2008-007 released
- http://secunia.com/advisories/32222/
Release Date: 2008-10-10
Critical: Moderately critical
Impact: Security Bypass, Cross Site Scripting, Manipulation of data, Exposure of system information, Exposure of sensitive information, Privilege escalation, DoS, System access
Where: From remote
Solution Status: Vendor Patch
OS: Apple Macintosh OS X...
Original Advisory: Apple Security Update 2008-007:
http://support.apple.com/kb/HT3216

> http://www.apple.com...port/downloads/

:ph34r:

.The machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#27 AplusWebMaster

AplusWebMaster

Authentic Member
10,472 posts

Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 11 November 2008 - 07:45 AM

FYI...

Apple fixes three iLife flaws - Mac OS v10.4.9 through v10.4.11
- http://news.cnet.com...-1009_3-83.html
November 10, 2008 - "Apple released an update on Monday for iLife 8.0 and Aperture 2 running on Mac OS v10.4.9 through v10.4.11. The update does -not- affect those running Mac OS X v10.5.5. The update affects system software components shared by all iLife '08 applications and, in most cases, the specific vulnerabilities could lead to application termination or arbitrary code execution. iLife Support 8.3.1 may be obtained from the Software Update pane in System Preferences -or- Apple's Software Downloads* Web site..."
* http://www.apple.com...port/downloads/

- http://support.apple.com/kb/HT3276

- http://secunia.com/advisories/32688/
Release Date: 2008-11-12
Critical: Highly critical
Impact: DoS, System access
Where: From remote
Solution Status: Vendor Patch
Software: Apple Aperture 2.x, Apple iLife 8.x
...The vulnerabilities are reported in Apple iLife 8.0 and Aperture 2 on Mac OS 10.4.9 through 10.4.11.
Solution: Apply iLife Support 8.3.1.
http://www.apple.com...support831.html

:ph34r:

Edited by AplusWebMaster, 12 November 2008 - 06:43 AM.

.The machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#28 AplusWebMaster

AplusWebMaster

Authentic Member
10,472 posts

Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 15 December 2008 - 02:17 PM

FYI...

Apple OSX 10.5.6 - Security update 2008-008
- http://isc.sans.org/...ml?storyid=5488
Last Updated: 2008-12-15 18:25:13 UTC - "Apple's released an update for OSX, you can now download 10.5.6 through the Software Update app. It patches a large number of vulns*..."

> http://support.apple.com/downloads/
Mac OS X 10.5.6 Update
The 10.5.6 Update is recommended for all users running Mac OS X Leopard...

* http://support.apple.com/kb/HT3338
December 15, 2008

:ph34r:

.The machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#29 AplusWebMaster

AplusWebMaster

Authentic Member
10,472 posts

Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 20 December 2008 - 01:19 PM

FYI...

- http://www.theinquir...pgrade-problems
19 December 2008 - "... In a support document posted to its site*, Apple said that the problem was caused by an incomplete update getting seeded into the Software Update process... According to Apple, you should force Software Update to quit, remove the partial update from your library, and re-download the update. The combo update that was offered at the same time was more stable than the stand-alone update, apparently."

Mac OS X 10.5: Software Update stops responding during "Configuring installation"
- http://support.apple.com/kb/TS2383
Last Modified: December 18, 2008

:blink:

.The machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#30 AplusWebMaster

AplusWebMaster

Authentic Member
10,472 posts

Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 21 January 2009 - 03:47 PM

FYI...

QuickTime v7.6 released
- http://support.apple.com/kb/HT3403
January 21, 2009

Download:
- http://support.apple...7_6_for_Windows

- http://lists.apple.c...n/msg00000.html

- http://www.us-cert.g...s_quicktime_7_6

- http://secunia.com/advisories/33632/
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: Apple QuickTime 7.x ...
http://web.nvd.nist....d=CVE-2009-0001
http://web.nvd.nist....d=CVE-2009-0002
http://web.nvd.nist....d=CVE-2009-0003
http://web.nvd.nist....d=CVE-2009-0004
http://web.nvd.nist....d=CVE-2009-0005
http://web.nvd.nist....d=CVE-2009-0006
http://web.nvd.nist....d=CVE-2009-0007
...Successful exploitation of these vulnerabilities may allow execution of arbitrary code.
Solution: Update to version 7.6 ...

:ph34r:

Edited by AplusWebMaster, 22 January 2009 - 05:58 AM.

.The machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

Body Background

skin color theme