240 replies to this topic

[AplusWebMaster]

FYI...

Apple Security Update 2009-006
- http://lists.apple.c...v/msg00000.html
9 Nov 2009

- http://support.apple.com/downloads/
Mac OS X v10.6.2 Update

- http://secunia.com/advisories/37313/2/
Release Date: 2009-11-10
Critical: Highly critical
Impact: Unknown, Security Bypass, Cross Site Scripting, Spoofing, Manipulation of data, Brute force, Exposure of sensitive information, Privilege escalation, DoS, System access
Where: From remote
Solution Status: Vendor Patch
OS: Apple Macintosh OS X ...
Original Advisory: Apple:
http://support.apple.com/kb/HT3937

- http://secunia.com/advisories/37313/3/
CVE reference: CVE-2007-5707, CVE-2007-6698, CVE-2008-0658, CVE-2009-0023, CVE-2009-1191, CVE-2009-1195, CVE-2009-1574, CVE-2009-1632, CVE-2009-1890, CVE-2009-1891, CVE-2009-1955, CVE-2009-1956, CVE-2009-2202, CVE-2009-2285, CVE-2009-2408, CVE-2009-2409, CVE-2009-2412, CVE-2009-2414, CVE-2009-2416, CVE-2009-2666, CVE-2009-2799, CVE-2009-2808, CVE-2009-2810, CVE-2009-2818, CVE-2009-2819, CVE-2009-2820, CVE-2009-2823, CVE-2009-2824, CVE-2009-2825, CVE-2009-2826, CVE-2009-2827, CVE-2009-2828, CVE-2009-2829, CVE-2009-2830, CVE-2009-2831, CVE-2009-2832, CVE-2009-2833, CVE-2009-2834, CVE-2009-2835, CVE-2009-2836, CVE-2009-2837, CVE-2009-2838, CVE-2009-2839, CVE-2009-2840, CVE-2009-3111, CVE-2009-3291, CVE-2009-3292, CVE-2009-3293

Edited by AplusWebMaster, 10 November 2009 - 08:42 AM.

[AplusWebMaster]

FYI...

Apple Safari v4.0.4 released
- http://secunia.com/advisories/37346/2/
Release Date: 2009-11-12
Critical: Highly critical
Impact: Security Bypass, Exposure of sensitive information, System access
Where: From remote
Solution Status: Vendor Patch
Software: Apple Safari 4.x
Solution: Update to version 4.0.4...
Original Advisory:
http://support.apple.com/kb/HT3949

CVE reference: CVE-2009-2414, CVE-2009-2416, CVE-2009-2804, CVE-2009-2816, CVE-2009-2841, CVE-2009-2842, CVE-2009-3384

- http://support.apple.com/downloads/

[AplusWebMaster]

FYI...

Java for Mac OS X 10.6 Update 1
- http://support.apple.com/kb/DL972
December 03, 2009 - "Java for Mac OS X 10.6 Update 1 delivers improved reliability, security, and compatibility for Java SE 6. Java for Mac OS X 10.6 Update 1 supersedes the previous Java for Mac OS X 10.6... For more details on this update, please visit this website: http://support.apple.com/kb/HT3892 "

Java for Mac OS X 10.5 Update 6
- http://support.apple.com/kb/DL971
December 03, 2009 - "Java for Mac OS X 10.5 Update 6 delivers improved reliability, security, and compatibility for J2SE 5.0 and Java SE 6. Java for Mac OS X 10.5 Update 6 supersedes all previous updates of Java for Mac OS X 10.5... For more details on this update, please visit this website: http://support.apple.com/kb/HT3891 "

- http://support.apple.com/kb/HT1222

- http://secunia.com/advisories/37581/2/
Release Date: 2009-12-04
Critical: Highly critical
Impact: Security Bypass, Exposure of sensitive information, DoS, System access
Where: From remote
Solution Status: Vendor Patch
OS: Apple Macintosh OS X ...
Solution: Apply updates...
- http://secunia.com/advisories/37581/3/
CVE reference: CVE-2009-2843, CVE-2009-3728, CVE-2009-3865, CVE-2009-3866, CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3877, CVE-2009-3884

Edited by AplusWebMaster, 04 December 2009 - 03:25 AM.

[AplusWebMaster]

FYI...

Apple Security Update 2010-001
- http://isc.sans.org/...ml?storyid=8026
Last Updated: 2010-01-19 21:57:15 UTC - "In an effort not to be left out, Apple has released Security Update 2010-001 which patches a dozen vulnerabilities in CoreAudio (code execution via crafted MP4), CUPS (remote DoS), Flash Player Plug-in (multiple including arbitrary code execution), ImageIO (code execution via crafted TIFF file), Image Raw (code execution via crafted DNG image), and OpenSSL (the renegotiation exploit). Details can be found here:
http://support.apple.com/kb/HT4004 "

- http://secunia.com/advisories/38241/2/
Release Date: 2010-01-20
Critical: Highly critical
Impact: Manipulation of data, Exposure of system information, DoS, System access
Where: From remote
Solution Status: Vendor Patch
OS: Apple Macintosh OS X ...
Solution: Apply Security Update 2010-001.
Security Update 2010-001 (Snow Leopard):
http://support.apple.com/kb/DL994
Security Update 2010-001 Server (Leopard):
http://support.apple.com/kb/DL992
Security Update 2010-001 Client (Leopard):
http://support.apple.com/kb/DL993

- http://www.theinquir...fixes-bugs-os-x
20 January 2010 - "... Security update 2010-001, the first from Apple this year, is noticeably smaller than the monster issued last November that fixed almost 60 flaws, er, different levels of perfection. For those who have a little difficulty reading Apple's security updates the phrase "may lead to arbitrary code execution" is Apple's way of saying, "This flaw is so critical that it will wipe your hard-drive, melt your face, cause the return of the Cold War and lead to mass global extinction of the human race unless the patch is installed." The problem is that Apple can't bear to use the term 'critical vulnerability' and admit it can be used by attackers to hijack a Mac because its marketing machine insists that only happens to computers made by other people..."

Edited by AplusWebMaster, 20 January 2010 - 06:23 AM.

[AplusWebMaster]

FYI...

Apple iPhone / iPod touch multiple vulns - update available
- http://secunia.com/advisories/38362/2/
Release Date: 2010-02-03
Critical: Highly critical
Impact: Security Bypass, Exposure of sensitive information, System access
Where: From remote
Solution Status: Vendor Patch
OS: Apple iPhone, Apple iPod touch
Solution: Update to iPhone OS 3.1.3 or iPhone OS for iPod touch 3.1.3 (downloadable and installable via iTunes).
Original Advisory: http://support.apple.com/kb/HT4013

- http://www.reghardwa...irmware_update/
3 February 2010

- http://blog.iphone-dev.org/

- http://isc.sans.org/...ml?storyid=8143
Last Updated: 2010-02-03 13:41:25 UTC
"... CVE-2010-0036, CVE-2009-2285, CVE-2010-0038, CVE-2009-3384 and CVE-2009-2841
These updates are available on iTunes..."

Edited by AplusWebMaster, 03 February 2010 - 12:54 PM.

[AplusWebMaster]

FYI...

Apple Safari v4.0.5 released
- http://secunia.com/advisories/38932/
Release Date: 2010-03-12
Criticality level: Highly critical
Impact: Security Bypass, Exposure of sensitive information, System access
Where: From remote
Solution Status: Vendor Patch
Solution: Update to version 4.0.5.
CVE Reference(s):
CVE-2009-2285, CVE-2010-0040, CVE-2010-0041, CVE-2010-0042, CVE-2010-0043, CVE-2010-0044, CVE-2010-0045, CVE-2010-0046, CVE-2010-0047, CVE-2010-0048, CVE-2010-0049, CVE-2010-0050, CVE-2010-0051, CVE-2010-0052, CVE-2010-0053, CVE-2010-0054
Original Advisory: Apple:
http://support.apple.com/kb/HT4070

- http://www.apple.com/safari/download/

- http://www.apple.com/support/safari/

- http://sunbeltblog.b...safari-fix.html
March 12, 2010 - "... fixes 16 vulnerabilities – six for Windows versions and ten for Mac OS X and Windows..."

Edited by AplusWebMaster, 12 March 2010 - 06:45 PM.

[AplusWebMaster]

FYI...

Apple 2010-002 Security Update/Mac OS X v10.6.3 released
- http://isc.sans.org/...ml?storyid=8521
Last Updated: 2010-03-29 17:33:32 UTC

- http://www.computerw...security_update?
March 29, 2010 - "Apple today patched -92- vulnerabilities, a third of them critical, in a record update to its Leopard and Snow Leopard operating systems. Security Update 2010-002 plugged 92 holes in the client and server editions of Mac OS X 10.5 and Mac OS X 10.6, breaking a record that has stood since March 2008..."

- http://secunia.com/advisories/39158/
Release Date: 2010-03-30
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of system information,
Exposure of sensitive information, Privilege escalation, DoS, System access
Where: From remote
Solution Status: Vendor Patch ...
Solution: Apply Security Update 2010-002 or update to version 10.6.3...
CVE Reference(s): CVE-2003-0063 CVE-2006-1329 CVE-2008-0564 CVE-2008-0888 CVE-2008-2712 CVE-2008-4101 CVE-2008-4456 CVE-2008-5302 CVE-2008-5303 CVE-2008-5515 CVE-2008-7247 CVE-2009-0033 CVE-2009-0037 CVE-2009-0316 CVE-2009-0580 CVE-2009-0688 CVE-2009-0689 CVE-2009-0781 CVE-2009-0783 CVE-2009-1904 CVE-2009-2042 CVE-2009-2417 CVE-2009-2422 CVE-2009-2446 CVE-2009-2632 CVE-2009-2693 CVE-2009-2801 CVE-2009-2901 CVE-2009-2902 CVE-2009-2906 CVE-2009-3009 CVE-2009-3095 CVE-2009-3557 CVE-2009-3558 CVE-2009-3559 CVE-2009-4017 CVE-2009-4019 CVE-2009-4030 CVE-2009-4142 CVE-2009-4143 CVE-2009-4214 CVE-2010-0041 CVE-2010-0042 CVE-2010-0043 CVE-2010-0055 CVE-2010-0056 CVE-2010-0057 CVE-2010-0058 CVE-2010-0059 CVE-2010-0060 CVE-2010-0062 CVE-2010-0063 CVE-2010-0064 CVE-2010-0065 CVE-2010-0393 CVE-2010-0497 CVE-2010-0498 CVE-2010-0500 CVE-2010-0501 CVE-2010-0502 CVE-2010-0503 CVE-2010-0504 CVE-2010-0505 CVE-2010-0506 CVE-2010-0507 CVE-2010-0508 CVE-2010-0509 CVE-2010-0510 CVE-2010-0511 CVE-2010-0512 CVE-2010-0513 CVE-2010-0514 CVE-2010-0515 CVE-2010-0516 CVE-2010-0517 CVE-2010-0518 CVE-2010-0519 CVE-2010-0520 CVE-2010-0521 CVE-2010-0522 CVE-2010-0523 CVE-2010-0524 CVE-2010-0525 CVE-2010-0526 CVE-2010-0533 CVE-2010-0534 CVE-2010-0535 CVE-2010-0537 .

More info:
- http://support.apple.com/kb/HT1222
- http://support.apple.com/kb/HT4014
- http://support.apple.com/kb/HT4015
- http://support.apple.com/kb/HT4077

Edited by AplusWebMaster, 30 March 2010 - 08:48 PM.

[AplusWebMaster]

FYI...

Apple QuickTime v7.6.6 released
- http://secunia.com/advisories/39133/
Last Update: 2010-04-05
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Solution: Update to version 7.6.6.
Original Advisory: Apple:
http://support.apple.com/kb/HT4104
CVE Reference(s): CVE-2009-2837, CVE-2010-0059, CVE-2010-0060, CVE-2010-0062, CVE-2010-0514, CVE-2010-0515, CVE-2010-0516, CVE-2010-0517, CVE-2010-0518, CVE-2010-0519, CVE-2010-0520, CVE-2010-0526, CVE-2010-0527, CVE-2010-0528, CVE-2010-0529, CVE-2010-0536.

- http://www.apple.com...ktime/download/

- http://isc.sans.org/...ml?storyid=8566
Last Updated: 2010-04-02 12:30:26 UTC

Edited by AplusWebMaster, 06 April 2010 - 08:20 AM.

[AplusWebMaster]

FYI...

Apple iTunes v9.1 released
- http://secunia.com/advisories/39135/
Release Date: 2010-03-31
Criticality level: Highly critical
Impact: Exposure of sensitive information, Privilege escalation, DoS, System access
Where: From remote
Software: Apple iTunes 9.x
Solution: Update to version 9.1
Original Advisory: http://support.apple.com/kb/HT4105

[AplusWebMaster]

FYI...

Apple AirPort - update 2010-001
- http://secunia.com/advisories/39160/
Release Date: 2010-04-01
Impact: Security Bypass
Where: From local network
Solution Status: Vendor Patch
Software: Apple AirPort Utility 5.x
Original Advisory: Apple:
http://support.apple.com/kb/HT3958

[AplusWebMaster]

FYI...

2010-003 Apple/Mac Security Update
- http://support.apple.com/kb/HT4131
April 14, 2010
Security Update 2010-003
ATS
CVE-ID: CVE-2010-1120*
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.3, Mac OS X Server v10.6.3
Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution.
Description: An unchecked index issue exists in Apple Type Services' handling of embedded fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution. This issue is addressed through improved index checking. Credit to Charlie Miller working with TippingPoint's Zero Day Initiative for reporting this issue..."

* http://web.nvd.nist....d=CVE-2010-1120
Last revised: 04/05/2010
CVSS v2 Base Score: 10.0 (HIGH)

- http://support.apple.com/downloads/

- http://isc.sans.org/...ml?storyid=8638
Last Updated: 2010-04-14 22:27:14 UTC

- http://secunia.com/advisories/39426/
Release Date: 2010-04-15
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Operating System: Apple Macintosh OS X
CVE Reference: CVE-2010-1120
Original Advisory: Apple:
http://support.apple.com/kb/HT4131

Edited by AplusWebMaster, 24 April 2010 - 05:25 AM.

[AplusWebMaster]

FYI...

Apple Mac OS X update for Java
- http://secunia.com/advisories/39819/
Release Date: 2010-05-19
Criticality level: Highly critical
Impact: Unknown, Security Bypass, Manipulation of data, Exposure of system information, Exposure of sensitive information, DoS, System access
Where: From remote
Solution Status: Vendor Patch
Operating System: Apple Macintosh OS X
Original Advisory: Apple:
http://support.apple.com/kb/HT4170
http://support.apple.com/kb/HT4171

- http://support.apple.com/downloads/

(A month behind...)
- http://www.h-online....es-1002827.html
19 May 2010 - "Apple has released Java updates for versions 10.5 and 10.6 of Mac OS X, patching a number of security holes and bringing its two latest versions of OS X up to date. The updates include Java 6 Update 20 from mid-April..."

Edited by AplusWebMaster, 20 May 2010 - 08:39 AM.

[AplusWebMaster]

FYI...

Safari v5.0 released
- http://secunia.com/advisories/40105/
Release Date: 2010-06-08
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of system information, Exposure of sensitive information, System access
Where: From remote ...
Solution: Update to version 4.1 (available only for Mac OS X v10.4 systems) or upgrade to version 5.0.
Original Advisory: Apple:
http://support.apple.com/kb/HT4196
...Note: Safari 5.0 and Safari 4.1 address the same set of security issues. Safari 5.0 is provided for Mac OS X v10.5, Mac OS X v10.6, and Microsoft Windows systems. Safari 4.1 is provided for Mac OS X v10.4 systems.

- http://support.apple.com/downloads/
June 07, 2010

- http://www.apple.com/support/safari/

- http://secunia.com/advisories/40110/
Release Date: 2010-06-08
Solution Status: Unpatched ...
... The security issue is confirmed in version 5.0 for Windows. Other versions may also be affected...

- http://www.theregist...afari_5_reader/
8 June 2010

Edited by AplusWebMaster, 08 June 2010 - 07:20 AM.

[AplusWebMaster]

FYI...

Apply Security Update 2010-004
- http://support.apple.com/kb/HT4188
June 15, 2010

- http://support.apple.com/downloads/

- http://blogs.adobe.c...e_2010-004.html
June 15, 2010 - "... While the Mac OS X v10.6.4 update does not appear to downgrade users who have already upgraded to Adobe Flash Player 10.1, Adobe recommends users verify they are using the latest, most secure version of Flash Player (10.1.53.64)... access the About Flash Player page*, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system."
* http://www.adobe.com...ts/flash/about/

- http://secunia.com/advisories/40220/
Release Date: 2010-06-16
Criticality level: Highly critical
Impact: Hijacking, Security Bypass, Cross Site Scripting, Spoofing, Manipulation of data, Exposure of sensitive information, Privilege escalation, DoS, System access
Where: From remote
Solution: Apply Security Update 2010-004 or update to version 10.6.4.
Original Advisory: http://support.apple.com/kb/HT4188

- http://securitytrack...un/1024103.html
June 16, 2010

Edited by AplusWebMaster, 17 June 2010 - 05:14 AM.

[AplusWebMaster]

FYI...

iTunes v9.2 released
- http://secunia.com/advisories/40196/
Release Date: 2010-06-17
Criticality level: Highly critical
Impact: Security Bypass, Exposure of sensitive information, System access
Where: From remote
Solution: Update to version 9.2.
Apple: http://support.apple.com/kb/HT4220
CVE Reference(s): CVE-2009-1726, CVE-2010-0544, CVE-2010-1119, CVE-2010-1387, CVE-2010-1390, CVE-2010-1392, CVE-2010-1393, CVE-2010-1395, CVE-2010-1396, CVE-2010-1397, CVE-2010-1398, CVE-2010-1399, CVE-2010-1400, CVE-2010-1401, CVE-2010-1402, CVE-2010-1403, CVE-2010-1404, CVE-2010-1405, CVE-2010-1408, CVE-2010-1409, CVE-2010-1410, CVE-2010-1411, CVE-2010-1412, CVE-2010-1414, CVE-2010-1415, CVE-2010-1416, CVE-2010-1417, CVE-2010-1418, CVE-2010-1419, CVE-2010-1421, CVE-2010-1422, CVE-2010-1749, CVE-2010-1758, CVE-2010-1759, CVE-2010-1761, CVE-2010-1763, CVE-2010-1769, CVE-2010-1770, CVE-2010-1771, CVE-2010-1774

- http://support.apple.com/downloads/
"... iTunes 9.2 provides a number of important bug fixes..."

- http://securitytrack...un/1024108.html
June 16, 2010

Edited by AplusWebMaster, 17 June 2010 - 05:13 AM.