240 replies to this topic

[AplusWebMaster]

FYI...

Apple Security Updates
- http://isc.sans.org/...ml?storyid=5848
Last Updated: 2009-02-12 23:37:34 UTC ...(Version: 2) - "Apple today released a number of security updates:
1 - Safari for Windows
This update will bring Safari up ot version 3.2.2. It fixes a vulnerability within Safari which allows for the execution of Javascript in "feed:" URLs.
Safari 3.2.2 for Windows: http://support.apple.com/kb/HT3439
- http://web.nvd.nist....d=CVE-2009-0137
CVSS v2 Base Score: 10.0 (HIGH)

2 - OS X Update 2009-001
The first security update from Apple for 2009. It fixes a huge number of issues (I counted 45 CVE numbers). Many of them are in X11, perl and python. This patch includes the Safari patch mentioned above.

3 - Java update for OS X
And lastly: Apple also released a patched version of java, which will bring Java up to version 8 for OS X 10.4 (Tiger... not Leopard). For Leopard (OS X 10.5), Java update 3 was released today as well.
See:
- http://support.apple.com/kb/HT1222
- http://support.apple.com/downloads/

OS X Security Update
- http://secunia.com/advisories/33937/
Release Date: 2009-02-13
Critical: Highly critical
Impact: Unknown, Security Bypass, Exposure of sensitive information, Privilege escalation, DoS, System access
Where: From remote
Solution Status: Vendor Patch ...
Original Advisory: http://support.apple.com/kb/HT3438 ...

OS X update for Java
- http://secunia.com/advisories/33935/
Release Date: 2009-02-13
Critical: Highly critical
Impact: Security Bypass, Exposure of sensitive information, System access
Where: From remote
Solution Status: Vendor Patch...
Original Advisory: Apple:
http://support.apple.com/kb/HT3436
http://support.apple.com/kb/HT3437 ...

.

Edited by AplusWebMaster, 13 February 2009 - 12:26 PM.

[AplusWebMaster]

FYI...

Apple Airport Extreme / Time Capsule multiple vulns - updates available
- http://secunia.com/advisories/34105/2/
Release Date: 2009-03-06
Critical: Moderately critical
Impact: Spoofing, Exposure of sensitive information, DoS
Where: From remote
Solution Status: Vendor Patch
OS: Apple Airport Extreme, Apple Time Capsule ...
Solution: Update to firmware version 7.4.1...
Original Advisory: HT3467:
http://support.apple.com/kb/HT3467 ...

- http://support.apple.com/downloads/

Apple security updates (index)
- http://support.apple.com/kb/HT1222

Edited by AplusWebMaster, 13 March 2009 - 10:36 AM.

[AplusWebMaster]

FYI...

Apple OS X 10.5.7 update / Security update 2009-002
- http://support.apple.com/kb/HT3397
May 12, 2009

About the security content of Security Update 2009-002 / Mac OS X v10.5.7
- http://support.apple.com/kb/HT3549
May 12, 2009

- http://www.f-secure....s/00001681.html
"... fixes 67 security issues in OS X..."

- http://lists.apple.c...y/msg00002.html
May 12, 2009

• Safari 4 beta: http://support.apple.com/kb/HT3551
o libxml: CVE-2008-3529
o Safari: CVE-2009-0162
o WebKit: CVE-2009-0945

• Safari 3.2.3: http://support.apple.com/kb/HT3550
o libxml: CVE-2008-3529
o Safari: CVE-2009-0162
o WebKit: CVE-2009-0945

- http://support.apple.com/downloads/
___

Mac OS X - Security Update 2009-002
- http://secunia.com/advisories/35074/2/
Release Date: 2009-05-13
Critical: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of sensitive information, Privilege escalation, DoS, System access

Safari
- http://secunia.com/advisories/35056/2/
Release Date: 2009-05-13
Critical: Highly critical

ISC notes on Mac updates...
- http://isc.sans.org/...ml?storyid=6382
Last Updated: 2009-05-12 23:07:09 UTC

Edited by AplusWebMaster, 15 May 2009 - 04:37 AM.

[AplusWebMaster]

FYI...

QuickTime v7.6.2 released
- http://support.apple.com/kb/HT3591
June 01, 2009 - "This document describes the security content of QuickTime 7.6.2, which can be downloaded and installed via Software Update preferences, or from Apple Downloads*..."
* http://support.apple.com/downloads/

> http://support.apple.com/kb/HT1222

- http://secunia.com/advisories/35091/2/
Last Update: 2009-06-02 <<<
Critical: Highly critical
Solution: Update to version 7.6.2...
> http://support.apple...6_2_for_Windows

CVE reference:
http://web.nvd.nist....d=CVE-2009-0010
http://web.nvd.nist....d=CVE-2009-0185
http://web.nvd.nist....d=CVE-2009-0188
http://web.nvd.nist....d=CVE-2009-0951
http://web.nvd.nist....d=CVE-2009-0952
http://web.nvd.nist....d=CVE-2009-0953
http://web.nvd.nist....d=CVE-2009-0954
http://web.nvd.nist....d=CVE-2009-0955
http://web.nvd.nist....d=CVE-2009-0956
http://web.nvd.nist....d=CVE-2009-0957

Also: iTunes 8.2 released
- http://support.apple.com/kb/HT3592
June 01, 2009
> http://secunia.com/advisories/35314/2/
Release Date: 2009-06-02
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: iTunes 8.x ...
Solution: Update to version 8.2...
- http://cve.mitre.org...e=CVE-2009-0950

Edited by AplusWebMaster, 02 June 2009 - 06:53 AM.
Added Secunia advisory update and CVE links...

[AplusWebMaster]

FYI...

Safari jumbo patch - 50+ fixes...
- http://blogs.zdnet.c...ecurity/?p=3541
June 8, 2009 - "... The latest fixes, available in the new Safari 4.0, corrects a wide range of code execution and denial-of-service vulnerabilities and even comes with a fix for the vexing “clickjacking” issues plaguing modern Web browsers... The latest Safari refresh also fixes five documented several code execution issues in CoreGraphics (all could lead to complete computer takeover attacks); an ImageIO issue that could be exploited via maliciously crafted PNG images; 5 flaws in libxml; and a variety of WebKit vulnerabilities that affect Safari on both Mac and Windows systems..."
- http://support.apple...nloads/Safari_4

> http://support.apple.com/kb/HT3613

- http://secunia.com/advisories/35379/2/
Release Date: 2009-06-09
Critical: Highly critical
Impact: Exposure of sensitive information, System access
Where: From remote
Solution Status: Unpatched
Software: Safari 3.x, Safari for Windows 3.x ...
Solution: Upgrade to Safari version 4, which fixes the vulnerabilities...

Edited by AplusWebMaster, 09 June 2009 - 07:13 AM.

[AplusWebMaster]

FYI...

Mac OS X Java updates...
- http://support.apple.com/kb/HT1222
Java for Mac OS X 10.4 Release 9
15 June 2009
Java for Mac OS X 10.5 Update 4
15 June 2009

- http://support.apple.com/downloads/

Security content of Java for Mac OS X 10.4 Release 9
- http://support.apple.com/kb/HT3633

Security content of Java for Mac OS X 10.5 Update 4
- http://support.apple.com/kb/HT3632

- http://voices.washin...rss=securityfix
June 16, 2009 - "... This Java update appears to address most of the outstanding Java vulnerabilities. From looking at the common vulnerabilities and exposures (CVE) numbers attached to each of the flaws fixed by Apple's Java rollup, it looks like this update brings Mac OS X systems to the equivalent of Java 6 Update 13..."

Edited by AplusWebMaster, 16 June 2009 - 10:19 AM.

[AplusWebMaster]

FYI...

Apple iPhone / iPod touch multiple vulns - update available
- http://secunia.com/advisories/35449/2/
Release Date: 2009-06-18
Critical: Highly critical
Impact: Security Bypass, Cross Site Scripting, Exposure of sensitive information, DoS, System access
Where: From remote
Solution Status: Vendor Patch
OS: Apple iPhone, Apple iPod touch
Original Advisory: Apple: http://support.apple.com/kb/HT3639 ...

iPhone OS 3.0 Software Update
> http://www.apple.com...softwareupdate/

[AplusWebMaster]

FYI...

Safari 4.0.2 released
- http://support.apple.com/kb/HT3666
July 08, 2009

- http://support.apple.com/downloads/
July 08, 2009 - 40MB ( Leopard) 26 MB (Tiger) 47MB (Windows)
"This update is recommended for all Safari users and improves the stability of the Nitro JavaScript engine and includes the latest compatibility and security fixes."

- http://secunia.com/advisories/35758/2/
Release Date: 2009-07-09
Critical: Highly critical
Impact: Cross Site Scripting, System access
Solution: Update to version 4.0.2.

[AplusWebMaster]

FYI...

Apple Mac OS X v10.5.8 / Security Update 2009-003
- http://support.apple.com/kb/HT3757
Last Modified: August 05, 2009

- http://support.apple.com/downloads/

- http://lists.apple.c...g/msg00001.html

- http://www.us-cert.g...eases_mac_os_x1
August 6, 2009
- http://www.us-cert.g.../TA09-218A.html

- http://secunia.com/advisories/36096/2/
Release Date: 2009-08-06
Critical: Highly critical
Impact: Security Bypass, Spoofing, DoS, System access
Where: From remote
Solution Status: Vendor Patch
OS: Apple Macintosh OS X ...
Solution: Update to Mac OS X v10.5.8 or apply Security Update 2009-003...

[AplusWebMaster]

FYI...

Apple Safari v4.0.3 released
- http://support.apple.com/downloads/
August 11, 2009 - "This update is recommended for all Safari users and includes improvements to stability, compatibility and security..."

- http://secunia.com/advisories/36269/2/
Release Date: 2009-08-12
Critical: Highly critical
Impact: Spoofing, Manipulation of data, Exposure of sensitive information, System access
Where: From remote
Solution Status: Vendor Patch
Software: Apple Safari 4.x
Solution: Update to version 4.0.3...
Original Advisory: Apple:
http://support.apple.com/kb/HT3733

[AplusWebMaster]

FYI...

Apple Mac OSX Security Update 2009-004
- http://support.apple.com/kb/HT3776
August 12, 2009
Security Update 2009-004
• BIND - CVE-ID:
http://web.nvd.nist....d=CVE-2009-0696

- http://lists.apple.c...g/msg00003.html
12 Aug 2009

> http://support.apple.com/downloads/

- http://secunia.com/advisories/36299/2/
Release Date: 2009-08-13
Critical: Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch
OS: Apple Macintosh OS X ...
Solution: Apply Security Update 2009-004...

- http://blog.trendmic...an-in-the-wild/
Aug. 11, 2009 - "... be wary of prompts to download software updates that do not come from Apple’s legitimate website."

Edited by AplusWebMaster, 13 August 2009 - 06:23 AM.

[AplusWebMaster]

FYI...

Java for Mac OS X 10.5 Update 5
- http://support.apple.com/kb/HT3851
September 03, 2009

> http://support.apple.com/downloads/
161.35MB

- http://voices.washin...ackdates_f.html
September 3, 2009 - "... The Java update brings Mac's version of Java to 10.5 Update 5, and fixes at least 16 security flaws in the program. Users can grab the patch through Software Update or directly from Apple Software Downloads. Mac users who have upgraded to Snow Leopard should be aware that the current version of the installation disc comes with an outdated version of Flash - version 10.0.23.1. Snow Leopard users can upgrade to the latest version - 10.0.32.18 - by visiting the Flash Player Download Center*."
* http://get.adobe.com/flashplayer/

- http://blogs.adobe.c...and_snow_l.html
September 2, 2009

- http://secunia.com/advisories/36598/2/
Release Date: 2009-09-04
Critical: Highly critical
Impact: Unknown, Security Bypass, Spoofing, Exposure of sensitive information, DoS, System access
Where: From remote
Solution Status: Vendor Patch
OS: Apple Macintosh OS X...
Solution: Apply Java for Mac OS X 10.5 Update 5...

.

Edited by AplusWebMaster, 04 September 2009 - 02:33 PM.

[AplusWebMaster]

FYI...

QuickTime v7.6.4 released
- http://support.apple.com/kb/HT3661
September 09, 2009

- http://secunia.com/advisories/36627/2/
Last Update: 2009-09-11
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: Apple QuickTime 7.x
Solution: Update to version 7.6.4...

CVE reference:
http://web.nvd.nist....d=CVE-2009-2202
http://web.nvd.nist....d=CVE-2009-2203
http://web.nvd.nist....d=CVE-2009-2798
http://web.nvd.nist....d=CVE-2009-2799

- http://www.apple.com...ktime/download/

Edited by AplusWebMaster, 11 September 2009 - 01:32 PM.

[AplusWebMaster]

FYI...

Apple Mac OSX Security Update 2009-005
- http://support.apple.com/kb/HT3865
September 10, 2009
- http://support.apple.com/kb/HT3864
Mac OS X v10.6.1 Update
Last Modified: September 11, 2009

- http://support.apple.com/downloads/

- http://secunia.com/advisories/36701/2/
Release Date: 2009-09-11
Critical: Highly critical
Impact: Security Bypass, Cross Site Scripting, Exposure of sensitive information, Privilege escalation, DoS, System access
Where: From remote
Solution Status: Vendor Patch
OS: Apple Macintosh OS X ...
Solution: Update to Mac OS X v10.6.1 or apply Security Update 2009-005...

> http://www.theregist...curity_updates/
11 September 2009 - "... more than 47 security bugs in its iPhone, QuickTime media player and Mac operating system..."
> http://voices.washin...one_quickt.html
September 10, 2009

Edited by AplusWebMaster, 11 September 2009 - 08:07 AM.

[AplusWebMaster]

FYI...

iTunes playlist vuln - update available
- http://www.securityf....com/brief/1015
2009-09-23 - "... a single flaw in the way that iTunes 9, the latest version of its popular multimedia management software, handles playlists on both the Mac OS X and Windows operating systems. The vulnerability could allow an attacker to create a specially-crafted playlist that compromises a victim's computer with malicious software... Cybercriminals have increasingly focused on attacking third-party applications..."

- http://secunia.com/advisories/36744/2/
Release Date: 2009-09-23
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: iTunes 9.x...
Solution: Update to version 9.0.1...
Original Advisory:
http://support.apple.com/kb/HT3884
September 22, 2009

> http://www.apple.com/itunes/download/
iTunes 9.0.1 for Windows XP or Vista
-or-
...use Apple Software Update

- http://cve.mitre.org...e=CVE-2009-2817

- http://www.us-cert.g...ases_itunes_9_0
September 23, 2009

Edited by AplusWebMaster, 23 September 2009 - 11:59 AM.