240 replies to this topic

[AplusWebMaster]

FYI...

QuickTime v7.6.9 released
- http://support.apple.com/kb/DL837
Version: 7.6.9
Post Date: December 07, 2010
Download ID: DL837
File Size: 32.86 MB
Windows XP (SP2 or later), Windows Vista, Windows 7

- http://support.apple.com/kb/HT4447
CVEs: CVE-2010-3787, CVE-2010-3788, CVE-2010-3789, CVE-2010-3790, CVE-2010-3791, CVE-2010-3792, CVE-2010-3793, CVE-2010-3794, CVE-2010-3795, CVE-2010-3800, CVE-2010-3801, CVE-2010-3802, CVE-2010-1508, CVE-2010-0530, CVE-2010-4009

- http://support.apple...loads#quicktime
... or update via Apple Software Update.

- http://www.securityt....com/id?1024829
Dec 7 2010
- http://www.securityt....com/id?1024830
Dec 7 2010

- http://secunia.com/advisories/39259/
Last Update: 2010-12-08
Criticality level: Highly critical
Impact: Exposure of sensitive information, System access, Manipulation of data
Where: From remote...
Solution: Update to version 7.6.9.

Edited by AplusWebMaster, 15 April 2011 - 05:10 AM.

[AplusWebMaster]

FYI...

Apple AirPort Base Station and Time Capsule (802.11n) Firmware 7.5.2
- http://support.apple.com/kb/HT4298
December 16, 2010

- http://support.apple.com/kb/DL954

- http://support.apple.com/kb/DL955

- http://support.apple.com/kb/HT1222

- http://secunia.com/advisories/42665/
Release Date: 2010-12-17
Impact: Security Bypass, DoS
Where: From local network
Operating System: Apple Airport Express, Apple Airport Extreme, Apple Time Capsule
CVE Reference(s): CVE-2008-4309, CVE-2009-1574, CVE-2009-2189, CVE-2010-0039, CVE-2010-1804
Solution: Update to firmware version 7.5.2 ...

[AplusWebMaster]

FYI...

Mac OS X v10.6.6 released
- http://support.apple.com/kb/DL1349
Jan. 6, 2011
- http://support.apple.com/kb/DL1344
- http://support.apple.com/kb/DL1343

- http://support.apple.com/kb/HT4498

- http://support.apple.com/kb/HT1222

- http://support.apple.com/downloads/

- http://lists.apple.c...n/msg00000.html

- http://www.securityt....com/id?1024938
Jan 6 2011

___

- https://pgp.custhelp...l...qaw==/sno/0
UPDATED 1/06/2010 - "IMPORTANT: PGP strongly recommends that Mac WDE customers do NOT upgrade to Mac OS X 10.6.6
PGP Development has identified a potential issue with the Apple Mac OS X 10.6.6 upgrade released earlier today, January 6, 2011, and PGP Whole Disk Encryption for Mac OS X.
Until this issue is resolved, PGP strongly recommends that customers do NOT upgrade to Mac OS X 10.6.6.
This issue has the highest internal priority at PGP, and we will update our customers with the resolution information as soon as it becomes available..."

- http://secunia.com/advisories/42841/
Release Date: 2011-01-07
Impact: System access
Where: From remote
Solution: Apply 10.6.6 updates.
Original Advisory: http://support.apple.com/kb/HT4498

Edited by AplusWebMaster, 07 January 2011 - 07:26 AM.

[AplusWebMaster]

FYI...

iTunes 10.2.1 released
- http://support.apple.com/kb/DL1103
"... Resolves an issue whereby syncing photos to an iPhone, iPad, or iPod may take longer than expected..."
- http://support.apple.com/downloads/
iTunes 10.2.1 - March 08, 2011
___

iTunes v10.2 released
- http://www.securityt....com/id/1025152
Mar 3 2011
Impact: A remote user can cause arbitrary code to be executed on the target user's system.
Solution: The vendor has issued a fix (10.2).
The vendor's advisory is available at:
- http://support.apple.com/kb/HT4554
Last Modified: March 09, 2011 ... security content of iTunes 10.2...

- http://support.apple.com/kb/HT1222

- http://support.apple.com/downloads/

- http://secunia.com/advisories/43582/
Release Date: 2011-03-03
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: Apple iTunes 10.x
Solution: Update to version 10.2.

- http://labs.idefense...play.php?id=897

Edited by AplusWebMaster, 14 March 2011 - 04:40 AM.

[AplusWebMaster]

FYI...

Java for Mac OS X 10.6 Update 4
- http://support.apple.com/kb/HT4562
March 08, 2011

Java for Mac OS X 10.5 Update 9
- http://support.apple.com/kb/HT4563
March 08, 2011
___

- http://isc.sans.edu/...l?storyid=10513
Last Updated: 2011-03-09 00:28:47 UTC

- https://www.computer...th_Java_updates
March 9, 2011 - "... 27 vulnerabilities... same flaws that Oracle patched with the 1.6.0_24 security update issued on Feb. 15, 2011..."

Edited by AplusWebMaster, 09 March 2011 - 06:29 AM.

[AplusWebMaster]

FYI...

Apple Safari multiple vulns - v5.0.4 released
- http://secunia.com/advisories/43696/
Release Date: 2011-03-10
Criticality level: Highly critical
Impact: Cross Site Scripting, Spoofing, Exposure of sensitive information, System access
Where: From remote
Solution: Update to version 5.0.4.
Original Advisory: http://support.apple.com/kb/HT4566
- http://techblog.avir...date-safari/en/
"... fixes at least 62 vulnerabilities..."
- http://www.securityt....com/id/1025183
Mar 9 2011
___

Apple iOS multiple vulns - v4.3 released
- http://secunia.com/advisories/43698/
Release Date: 2011-03-10
Criticality level: Highly critical
Impact: Cross Site Scripting, Spoofing, Exposure of sensitive information, DoS,
System access
Where: From remote
Operating System: Apple iOS for iPad 4.x, Apple iPhone OS (iOS) 4.x, Apple iPhone OS (iOS) for iPod touch 4.x
... The vulnerabilities are reported in versions prior to 4.3.
Solution: Update to version 4.3.
Original Advisory: http://support.apple.com/kb/HT4564
- http://www.securityt....com/id/1025182
Mar 9 2011
___

Apple TV v4.2
- http://secunia.com/advisories/43697/
Release Date: 2011-03-10
Criticality level: Highly critical
Impact: Exposure of sensitive information, DoS, System access
Where: From remote
Solution: Update to Apple TV version 4.2.
Original Advisory: http://support.apple.com/kb/HT4565

Edited by AplusWebMaster, 10 March 2011 - 03:33 PM.

[AplusWebMaster]

FYI...

Apple - multiple security updates released
- http://isc.sans.edu/...date=2011-03-21
Last Updated: 2011-03-22 01:26:13 UTC - "Security updates... summarized list of software:

Security Update 2011-001 - (Leopard - Client)
Full Details: http://support.apple.com/kb/HT1222
Download: http://support.apple.com/kb/DL1366
Security Update 2011-001 - (Leopard - Server)
Full Details: http://support.apple.com/kb/HT1222
Download: http://support.apple.com/kb/DL1367
Server Admin Tools 10.6.7
Full Details: http://support.apple.com/kb/HT3931
Download: http://support.apple.com/kb/DL1365
Mac OS X v10.6.7 Update
Full Details: http://support.apple.com/kb/HT4472
Download: http://support.apple.com/kb/DL1363
Mac OS X v10.6.7 Update Combo
Full Details: http://support.apple.com/kb/HT4472
Download: http://support.apple.com/kb/DL1361
Mac OS X v10.6.7 Update for early 2011 MacBook Pro
Full Details: http://support.apple.com/kb/HT4472
Download: http://support.apple.com/kb/DL1368
Mac OS X Server v10.6.7 Update
Full Details: http://support.apple.com/kb/HT4473
Download: http://support.apple.com/kb/DL1362
Mac OS X Server v10.6.7 Update Combo
Full Details: http://support.apple.com/kb/HT4473
Download: http://support.apple.com/kb/DL1364

The Mac OS X v10.6.7 and Security Update 2011-001 may also be obtained from the Software Update pane in System Preferences..."

- http://www.securityt....com/id/1025232
CVE Reference: CVE-2011-0172, CVE-2011-0173, CVE-2011-0174, CVE-2011-0175, CVE-2011-0176, CVE-2011-0177, CVE-2011-0178, CVE-2011-0179, CVE-2011-0180, CVE-2011-0181, CVE-2011-0182, CVE-2011-0183, CVE-2011-0184, CVE-2011-0186, CVE-2011-0187, CVE-2011-0189, CVE-2011-0190, CVE-2011-0193, CVE-2011-0194, CVE-2011-1417
Mar 21 2011

- http://secunia.com/advisories/43814/
Release Date: 2011-03-22
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of system information, Exposure of sensitive information, Privilege escalation, DoS, System access
Where: From remote
Solution: Update to version 10.6.7 or apply Security Update 2011-001.
Original Advisory: Apple:
http://support.apple.com/kb/HT4581
iDefense: http://labs.idefense...play.php?id=898
"... used by Apple's mobile devices, including the iPod Touch, iPhone, and iPad... could allow an attacker to execute arbitrary code with the privileges of the current user..."
___

- http://www.us-cert.g...curity_updates4
March 22, 2011

- http://www.internetn...n OS X Flaw.htm
March 22, 2011

Edited by AplusWebMaster, 22 March 2011 - 08:39 AM.

[AplusWebMaster]

FYI...

Apple 2011-002 Security Update
- http://support.apple.com/kb/DL1376
April 14, 2011
- http://support.apple.com/kb/HT1222.
Security Update 2011-002, Safari 5.0.5, iOS 4.2.7 Software Update for iPhone, iOS 4.3.2 Software Update

Security Update 2011-002: http://support.apple.com/kb/HT4608
Safari 5.0.5: http://support.apple.com/kb/HT4596
iOS 4.2.7 Software Update for iPhone: http://support.apple.com/kb/HT4607
iOS 4.3.2 Software Update: http://support.apple.com/kb/HT4606
___

Apple Safari ...
- http://secunia.com/advisories/44151/
Release Date: 2011-04-15
Criticality level: Highly critical ...
CVE Reference(s):
- http://web.nvd.nist....d=CVE-2011-1290
CVSS v2 Base Score: 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2011-1344
CVSS v2 Base Score: 10.0 (HIGH)
Solution: Update to version 5.0.5.
Original Advisory: Apple:
http://support.apple.com/kb/HT4596
Apple iOS for iPhone 4 ...
- http://secunia.com/advisories/44154/
Release Date: 2011-04-15
Criticality level: Highly critical ...
Original Advisory: Apple:
http://support.apple.com/kb/HT4607
Apple iOS ...
- http://secunia.com/advisories/44207/
Release Date: 2011-04-15
Criticality level: Highly critical
Solution: Upgrade to iOS 4.3.2 (downloadable and installable via iTunes).
Original Advisory: Apple:
http://support.apple.com/kb/HT4606

- http://www.securityt....com/id/1025362
Apr 14 2011
- http://www.securityt....com/id/1025363
Apr 14 2011

- http://www.us-cert.g...ses_safari_5_05
April 15, 2011

Edited by AplusWebMaster, 15 April 2011 - 11:08 AM.

[AplusWebMaster]

FYI...

iTunes v 10.2.2 released
- http://support.apple.com/kb/DL1103
4.18.2011
> iTunes 10.2.2 provides a number of important bug fixes, including:
• Addresses an issue where iTunes may become unresponsive when syncing an iPad.
• Resolves an issue which may cause syncing photos with iPhone, iPad, or iPod touch to take longer than necessary.
• Fixes a problem where video previews on the iTunes Store may skip while playing.
• Addresses other issues that improve stability and performance.
> iTunes 10.2 came with several new features and improvements, including:
• Sync with your iPhone, iPad, or iPod touch with iOS 4.3.
• Improved Home Sharing. Browse and play from your iTunes libraries with Home > Sharing on any iPhone, iPad, or iPod touch with iOS 4.3.
For information on the security content of this update, please visit:
- http://support.apple.com/kb/HT1222

> http://support.apple.com/downloads/

Security content of iTunes 10.2.2
- http://support.apple.com/kb/HT4609
CVE-2011-1290, CVE-2011-1344
___

- http://web.nvd.nist....d=CVE-2011-1290
- http://web.nvd.nist....d=CVE-2011-1344
Last revised: 04/19/2011
CVSS v2 Base Score: 10.0 (HIGH)

- http://secunia.com/advisories/44262/
Release Date: 2011-04-20
Solution: Update to version 10.2.2.

Edited by AplusWebMaster, 20 April 2011 - 04:04 AM.

[AplusWebMaster]

FYI...

Apple iOS updates
- http://support.apple.com/kb/DL1373
May 04, 2011 - "... compatible with this software update:
• iPhone 4 (CDMA model) ... available via iTunes..."
- http://support.apple.com/kb/DL1358
May 04, 2011 - "... Products compatible with this software update:
• iPhone 4 (GSM model)
• iPhone 3GS
• iPad 2
• iPad
• iPod touch (4th generation)
• iPod touch (3rd generation)
... available via iTunes."

- https://www.computer...h_location_bugs
4:27 PM ET

- http://www.theregist...database_cache/
4 May 2011 20:18 GMT - "... company pushed out iOS 4.3.3... the update reduces the size of the cache... ensures that the cache is no longer backed up to iTunes when you connect to a PC, and deletes the cache when iOS location services are turned off..."
___

Apple Releases iOS 4.3.3
- http://www.us-cert.g...leases_ios_4_31
May 9, 2011

Edited by AplusWebMaster, 10 May 2011 - 10:52 AM.

[AplusWebMaster]

FYI...

Apple 2011-003 Security Update
- http://support.apple.com/kb/DL1387
May 31, 2011
File Size: 2.36 MB

Mac OS X Snow Leopard and malware detection
- http://support.apple.com/kb/HT4651
Products Affected: Mac OS X Server 10.6, Mac OS X 10.6, Product Security

- http://krebsonsecuri...ts-mac-malware/
May 31, 2011
___

- http://blog.trendmic...update-2011-03/
June 6, 2011 - "... the Apple solution may have probably worked better if only they had encrypted the search strings. Unfortunately, all the bad guys had to do to circumvent this latest “security update” is change the strings and locations and once again continue to affect Mac users. In fact, we tested if a Mac patched with the security update can detect a malware found in February (OSX_MUSMINIM.A), and found that it is -not- covered. Considering the weaknesses of Apple’s current strategy against malware, we recommend users to exercise extreme caution."

Edited by AplusWebMaster, 06 June 2011 - 06:09 PM.

[AplusWebMaster]

FYI...

Apple 2011-004 Security Update
- http://support.apple.com/kb/HT4723
June 23, 2011 - Affected: Mac OS X 10.6, Product Security

- http://isc.sans.edu/...l?storyid=11092
Last Updated: 2011-06-23 20:57:37 UTC

- http://secunia.com/advisories/45054/
Release Date: 2011-06-24
Criticality level: Highly critical
Impact: Security Bypass, Manipulation of data, Exposure of sensitive information, Privilege escalation, DoS, System access
Where: From remote...
Solution: Update to version 10.6.8 or apply Security Update 2011-004.
Original Advisory: Apple Security Update 2011-004:
http://support.apple.com/kb/HT4723

- http://h-online.com/-1267147
24 June 2011 - "... plugs a total of 39 security holes... "
Also - Leopard:
> http://support.apple.com/kb/DL1404 - Client
> http://support.apple.com/kb/DL1405 - Server
June 23, 2011

Edited by AplusWebMaster, 24 June 2011 - 06:18 AM.

[AplusWebMaster]

FYI...

Apple Java security updates

Java for Mac OS X 10.5 Update 10
- http://support.apple.com/kb/HT4739
June 28, 2011

Java for Mac OS X 10.6 Update 5
- http://support.apple.com/kb/HT4738
June 28, 2011

- http://support.apple.com/kb/HT1222
___

- http://secunia.com/advisories/45084/
Release Date: 2011-06-29
Criticality level: Highly critical
Impact: Manipulation of data, Exposure of sensitive information, DoS, System access
Where: From remote
CVE Reference(s): CVE-2011-0802, CVE-2011-0814, CVE-2011-0862, CVE-2011-0863,
CVE-2011-0864, CVE-2011-0865, CVE-2011-0867, CVE-2011-0868, CVE-2011-0869,
CVE-2011-0871, CVE-2011-0873
Solution: Apply updates.
Original Advisory:
http://support.apple.com/kb/HT4738
http://support.apple.com/kb/HT4739

Edited by AplusWebMaster, 29 June 2011 - 06:19 AM.

[AplusWebMaster]

FYI...

Safari v5.1 and v5.0.6 released...
- http://threatpost.co...ndboxing-072011
July 20, 2011 - "... Apple has issued a new version of its Safari browser for Mac and Windows users, pushing version 5.1 and 5.0.6 to patch a boatload of security holes, some of which are critical. 58 security vulnerabilities in total are addressed in the update, including fixes for Java, Webkit and a flaw in the browser’s CFNetwork API that could enable cross-site scripting (XSS) attacks. Additional patches for the browser’s CoreGraphics and ImageIO framework are included the update that will prevent application termination or arbitrary code execution. The full list of updates can be found at Apple's support site*..."
* http://support.apple.com/kb/HT4808
July 20, 2011

... available via the Apple Software Update application, or Apple's Safari download site at: http://www.apple.com/safari/download/
___

- http://www.securityt....com/id/1025816
CVE Reference: CVE-2010-1383, CVE-2010-1420, CVE-2010-1823, CVE-2011-0214, CVE-2011-0215, CVE-2011-0216, CVE-2011-0217, CVE-2011-0218, CVE-2011-0219, CVE-2011-0221, CVE-2011-0222, CVE-2011-0223, CVE-2011-0225, CVE-2011-0232, CVE-2011-0233, CVE-2011-0234, CVE-2011-0235, CVE-2011-0237, CVE-2011-0238, CVE-2011-0240, CVE-2011-0241, CVE-2011-0242, CVE-2011-0244, CVE-2011-0253, CVE-2011-0254, CVE-2011-0255, CVE-2011-0981, CVE-2011-0983, CVE-2011-1107, CVE-2011-1109, CVE-2011-1114, CVE-2011-1115, CVE-2011-1117, CVE-2011-1121, CVE-2011-1188, CVE-2011-1190, CVE-2011-1203, CVE-2011-1204, CVE-2011-1288, CVE-2011-1293, CVE-2011-1295, CVE-2011-1296, CVE-2011-1453, CVE-2011-1457, CVE-2011-1462, CVE-2011-1774, CVE-2011-1797
July 20 2011

- http://secunia.com/advisories/45325/
Release Date: 2011-07-21
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, Manipulation of data, Exposure of system information, Exposure of sensitive information, System access
Where: From remote...
Solution: Update to version 5.1 or 5.0.6.

Apple patches 58 Safari bugs to deflect drive-by attacks
- https://www.computer...rive_by_attacks
July 20, 2011

- http://h-online.com/-1283018
20 July 2011
- http://kb2.adobe.com...psid_90885.html
2011-07-20 - "Adobe Reader plug-in and Acrobat plug-in are not compatible with the Safari 5.1 browser... As we continue to investigate this, we will be sure to keep you updated... Adobe expects to provide a better workaround for this issue before the end of 2011..."

Edited by AplusWebMaster, 26 July 2011 - 08:09 AM.

[AplusWebMaster]

FYI...

Mac OS X v10.7 Lion
- https://discussions....os_x_v10.7_lion
July 20, 2011
> http://www.apple.com/macosx/

Tech Specs
- http://www.apple.com/macosx/specs.html

Upgrade requirements
- http://www.apple.com...osx/how-to-buy/

What's new...
- http://www.apple.com/macosx/whats-new/

New features
- http://www.apple.com...w/features.html

Incompatible software
- http://support.apple.com/kb/HT3258
___

- http://www.theinquir...-lion-goes-sale
July 20 2011

- http://isc.sans.edu/...l?storyid=11242
Last Updated: 2011-07-21

Lion Security
- http://isc.sans.edu/...l?storyid=11245
Last Updated: 2011-07-21

- http://threatpost.co...s-x-lion-072111
July 21, 2011

- http://www.theregist..._lion_security/
21 July 2011

Edited by AplusWebMaster, 21 July 2011 - 11:59 AM.