240 replies to this topic

[AplusWebMaster]

FYI...

QuickTime v7.7 released
- http://support.apple.com/kb/HT4826
August 03, 2011 - "Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later..."

> http://www.apple.com...ktime/download/
... or update via Apple Software Update.

- http://support.apple.com/kb/DL837
QuickTime 7.7 for Windows

- http://www.securityt....com/id/1025884
Aug 3 2011
Version(s): prior to 7.7...
CVE Reference:
- http://web.nvd.nist....d=CVE-2011-0245
- http://web.nvd.nist....d=CVE-2011-0246
- http://web.nvd.nist....d=CVE-2011-0247
- http://web.nvd.nist....d=CVE-2011-0248
- http://web.nvd.nist....d=CVE-2011-0249
- http://web.nvd.nist....d=CVE-2011-0250
- http://web.nvd.nist....d=CVE-2011-0251
- http://web.nvd.nist....d=CVE-2011-0252
Published: 08/04/2011
CVSS Severity: 9.3 (HIGH)

- http://secunia.com/advisories/45516/
Release Date: 2011-08-04
Criticality level: Highly critical
Impact: System access
Where: From remote...
Solution: Update to version 7.7.

Edited by AplusWebMaster, 04 August 2011 - 11:51 AM.

[AplusWebMaster]

FYI...

Apple OS X Lion v10.7.1 update
- https://support.apple.com/kb/HT4764
August 16, 2011 - "... You should back up your system before installation; you can
use Time Machine: http://support.apple.com/kb/HT1427 ..."

- http://support.apple.com/kb/DL1437

- http://support.apple.com/kb/DL1439

- http://support.apple.com/downloads/

Edited by AplusWebMaster, 17 August 2011 - 11:10 AM.

[AplusWebMaster]

FYI...

Apple Security Update 2011-005
- https://support.apple.com/kb/HT4920
September 09, 2011
• Certificate Trust Policy
Products Affected: Mac OS X Server 10.6, Mac OS X 10.6, Lion Server, OS X Lion, Product Security

- https://support.apple.com/downloads/

List of available trusted root certificates
- https://support.apple.com/kb/HT4415
___

- http://web.nvd.nist....d=CVE-2011-0228
Last revised: 08/30/2011
CVSS v2 Base Score: 7.5 (HIGH)
"... Apple iOS before 4.2.10 and 4.3.x before 4.3.5..."

- https://support.appl...oads/#Apple iOS

Edited by AplusWebMaster, 13 September 2011 - 10:34 AM.

[AplusWebMaster]

FYI...

iTunes v10.5 released
* https://support.apple.com/kb/HT4981
October 11, 2011

- https://isc.sans.edu...l?storyid=11782
2011-10-11 18:52:46 UTC - "Apple release iTunes 10.5 for Windows and Mac OS X. For those following Apple this comes as no big surprise as there are functionality changes expected due to the imminent release of a new iPhone model. What is however a bit surprising is that they also released an impressive list of fixed vulnerabilities* in the windows version of iTunes. Even more interesting is that that list also mentions that e.g. "For Mac OS X v10.6 systems, this issue is addressed in Security Update 2011-006" or "For OS X Lion systems, this issue is addressed in OS X Lion v10.7.2". And that's a security update** and /or OS update that's not yet released at the time of writing."
** http://support.apple.com/kb/HT1222

- https://krebsonsecur...icrosoft-apple/
October 11, 2011 - "... Apple’s update addresses more than 75 security flaws in the Windows versions of iTunes..."
___

- http://www.securityt....com/id/1026163
CVE Reference: CVE-2011-0259, CVE-2011-2338, CVE-2011-2339, CVE-2011-2341, CVE-2011-2352, CVE-2011-2354, CVE-2011-2356, CVE-2011-2809, CVE-2011-2811, CVE-2011-2813, CVE-2011-2814, CVE-2011-2815, CVE-2011-2816, CVE-2011-2817, CVE-2011-2820, CVE-2011-2823, CVE-2011-2827, CVE-2011-2831, CVE-2011-3219, CVE-2011-3233, CVE-2011-3234, CVE-2011-3235, CVE-2011-3236, CVE-2011-3237, CVE-2011-3238, CVE-2011-3239, CVE-2011-3241, CVE-2011-3244, CVE-2011-3252
Updated: Oct 12 2011
Version(s): prior to 10.5...

- https://secunia.com/advisories/46339/
Release Date: 2011-10-12
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, Manipulation of data, Exposure of sensitive information, System access
Where: From remote...
Solution: Update to version 10.5...

Edited by AplusWebMaster, 12 October 2011 - 08:56 AM.

[AplusWebMaster]

FYI...

iOS5 Upgrade -bricked- My iPhone
- https://discussions..../thread/3374367
Latest reply: Oct 15, 2011

iOS5 update -bricked- my iPod Touch
- http://news.cnet.com...-my-ipod-touch/
October 14, 2011

Macbook boot failed because I had Symantec's PGP software installed...
- https://isc.sans.edu...l?storyid=11797
2011-10-13
___

Apple - multiple Security Updates
- https://www.us-cert....ecurity_updates
October 12, 2011 - "Apple has released security updates for Apple iOS, Safari 5.1.1, OS X Lion v10.7.2, iWork 09, and Apple TV 4.4 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information, and bypass security restrictions...
• HT5004 - Numbers for iOS v1.5
- http://support.apple.com/kb/HT5004
• HT5003 - Pages for iOS v1.5
- http://support.apple.com/kb/HT5003
• HT5000 - Safari 5.1.1
- http://support.apple.com/kb/HT5000
• HT5002 - OS X Lion v10.7.2 and Security Update 2011-006
- http://support.apple.com/kb/HT5002
• HT5001 - Apple TV 4.4
- http://support.apple.com/kb/HT5001
• HT4999 - iOS 5 Software Update
- http://support.apple.com/kb/HT4999
___

iOS 5 update closes almost 100 security holes
- http://h-online.com/-1360528
13 October 2011

Mac OS X 10.7.2 and Safari 5.1.1
- http://h-online.com/-1360457
13 October 2011
___

- https://secunia.com/advisories/46417/ - Mac OS X
... Solution: Update to version 10.7.2 or apply Security Update 2011-006.
- https://secunia.com/advisories/46377/ - iOS
... Solution: Apply iOS 5 Software Update.
- https://secunia.com/advisories/46418/ - iOS Office
... Solution: Update to version 1.5 available via the iTunes Store.
- https://secunia.com/advisories/46419/ - Numbers for iOS
... Solution: Update to version 1.5 available via the iTunes Store.
- https://secunia.com/advisories/46412/ - Safari
... Solution: Update to version 5.1.1.
- https://secunia.com/advisories/46415/ - Apple TV
... Solution: Update to Apple TV Software version 4.4.
13 Oct, 2011

- http://www.securityt....com/id/1026178 - Safari
CVE Reference: CVE-2011-3229, CVE-2011-3230, CVE-2011-3231, CVE-2011-3242, CVE-2011-3243
Date: Oct 12 2011
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Version(s): prior to 5.1.1..

- http://www.securityt....com/id/1026180 - Apple iOS
CVE Reference: CVE-2011-3245, CVE-2011-3246, CVE-2011-3253, CVE-2011-3254, CVE-2011-3255, CVE-2011-3256, CVE-2011-3257, CVE-2011-3259, CVE-2011-3260, CVE-2011-3261, CVE-2011-3426, CVE-2011-3427, CVE-2011-3429, CVE-2011-3430, CVE-2011-3431, CVE-2011-3432, CVE-2011-3434
Date: Oct 13 2011
Impact: Denial of service via network, Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via local system, User access via network
Version(s): prior to 5.0

- http://www.securityt....com/id/1026184 - Mac OS X
CVE Reference: CVE-2011-0185, CVE-2011-0224, CVE-2011-0229, CVE-2011-0230, CVE-2011-0231, CVE-2011-0260, CVE-2011-1755, CVE-2011-3212, CVE-2011-3213, CVE-2011-3214, CVE-2011-3215, CVE-2011-3216, CVE-2011-3217, CVE-2011-3218, CVE-2011-3220, CVE-2011-3221, CVE-2011-3224, CVE-2011-3226, CVE-2011-3227, CVE-2011-3228, CVE-2011-3222, CVE-2011-3223, CVE-2011-3225, CVE-2011-3435, CVE-2011-3436, CVE-2011-3437
Date: Oct 13 2011
Impact: Denial of service via network, Execution of arbitrary code via network, User access via local system, User access via network...

//

Edited by AplusWebMaster, 16 October 2011 - 07:36 AM.

[AplusWebMaster]

FYI...

QuickTime v7.7.1 released
- https://support.apple.com/kb/DL837
October 26, 2011

- https://support.apple.com/kb/HT5016

> http://www.apple.com...ktime/download/
... or update via Apple Software Update.

- https://secunia.com/advisories/46618/
Release Date: 2011-10-27
Criticality level: Highly critical
Impact: Cross Site Scripting, Exposure of sensitive information, System access
Where: From remote
CVE Reference(s): CVE-2011-3218, CVE-2011-3219, CVE-2011-3220, CVE-2011-3221, CVE-2011-3222, CVE-2011-3223, CVE-2011-3228, CVE-2011-3247, CVE-2011-3248, CVE-2011-3249, CVE-2011-3250, CVE-2011-3251
Solution: Update to version 7.7.1.

- https://www.us-cert....e_quicktime_7_7
October 27, 2011 - "... These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or obtain sensitive information..."

- http://h-online.com/-1367500
27 October 2011

Edited by AplusWebMaster, 27 October 2011 - 06:45 PM.

[AplusWebMaster]

FYI...

Java for Mac OS X 10.7 Update 1 + Java for Mac OS X 10.6 Update 6
- https://support.apple.com/kb/HT5045
November 08, 2011 - "... Multiple vulnerabilities exist in Java 1.6.0_26, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_29...
CVE-IDs: CVE-2011-3389, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545, CVE-2011-3546,
CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3556, CVE-2011-3557, CVE-2011-3558, CVE-2011-3560, CVE-2011-3561 ..."
___

- https://secunia.com/advisories/46774/
Release Date: 2011-11-09
Criticality level: Highly critical
Impact: Hijacking, Spoofing, Manipulation of data, Exposure of sensitive information, DoS, System access
Where: From remote ...
Solution: Apply updates...
Original Advisory: http://support.apple.com/kb/HT5045
___

- http://h-online.com/-1375757
9 November 2011

Edited by AplusWebMaster, 11 November 2011 - 05:47 AM.

[AplusWebMaster]

FYI...

Apple iOS 5.0.1 update
- https://support.apple.com/kb/HT5052
November 10, 2011 - "... can be downloaded and installed using iTunes...
Products Affected: iPhone, iPad, iPod touch, Product Security..."

- https://support.apple.com/kb/DL1472
November 10, 2011

- http://www.theinquir...-iphone-battery
Nov 11 2011
___

- https://secunia.com/advisories/46747/ || https://secunia.com/advisories/46836/ - iPad 2
Release Date: 2011-11-11
Criticality level: Highly critical
Impact: Spoofing, Exposure of system information, System access
Where: From remote ...
Operating System: Apple iOS 5.x for iPhone 3GS and later, Apple iOS for iPod touch 5.x
Solution: Apply iOS 5.0.1 Software Update (downloadable and installable via iTunes)...
Original Advisory: Apple:
http://support.apple.com/kb/HT5052 ...

- http://web.nvd.nist....d=CVE-2011-3440
Last revised: 11/14/2011
CVSS v2 Base Score: 1.2 (LOW)
- http://web.nvd.nist....d=CVE-2011-3246
Last revised: 10/14/2011
CVSS v2 Base Score: 5.0 (MEDIUM)
- http://web.nvd.nist....d=CVE-2011-3442
Last revised: 11/14/2011
CVSS v2 Base Score: 7.2 (HIGH)
- http://web.nvd.nist....d=CVE-2011-3439
- http://web.nvd.nist....d=CVE-2011-3441
Last revised: 11/14/2011
CVSS v2 Base Score: 9.3 (HIGH) ...
"... Apple iOS before 5.0.1"

- http://www.securityt....com/id/1026311
Updated: Nov 11 2011
Impact: Disclosure of system information, Execution of arbitrary code via network, User access via local system, User access via network
Version(s): 5.0 and prior...

Edited by AplusWebMaster, 14 November 2011 - 07:31 PM.

[AplusWebMaster]

FYI...

Apple iTunes v10.5.1 released
- http://www.securityt....com/id/1026323
CVE Reference: http://web.nvd.nist....d=CVE-2008-3434
Date: Nov 14 2011
Impact: Execution of arbitrary code via network, User access via network
Version(s): prior to 10.5.1...

• About the security content of iTunes 10.5.1
- https://support.apple.com/kb/HT5030
November 14, 2011
Available for: Mac OS X v10.5 or later, Windows 7, Vista, XP SP2 or later

• Security updates
- https://support.apple.com/kb/HT1222
Last Modified: November 14, 2011
___

- http://www.theregist..._ghostnet_flaw/
17 November 2011 - "... An FBI press release on the Ghost Click takedown specifically cites iTunes* as an example of how the alleged fraud operated..."
* http://www.fbi.gov/n.../malware_110911

- http://www.csoonline...e-vulnerability
November 15, 2011 - "... The vulnerability stems from older iTunes versions use of plain HTTP requests to query Apple's servers for new updates. Because such connections lack encryption, a network attacker could intercept the requests and respond with rogue update URLs... This particular attack scenario can only take place when iTunes is installed on a Windows system and the Apple Software Update component is not present..."

- https://www.us-cert....es_itunes_10_51
November 15, 2011

Edited by AplusWebMaster, 18 November 2011 - 04:39 AM.

[AplusWebMaster]

FYI...

Apple Security Update 2012-001 v1.1
- http://lists.apple.c...b/msg00002.html
3 Feb 2012 - "Security Update 2012-001 v1.1 is now available for Mac OS X v10.6.8 systems to address a compatibility issue. Version 1.1 of this update removes the ImageIO security fixes released in Security Update 2012-001. OS X Lion systems are not affected by this change.
Security Update 2012-001 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site:
http://www.apple.com...port/downloads/ ..."

- http://www.securityt....com/id/1026627
Updated: Feb 4 2012
... [Note: On February 3, 2012, the vendor issued a modified fix (Security Update 2012-001 v1.1) for Mac OS X v10.6.8 that removes the ImageIO patches (CVE-2011-3328) that were causing a compatibility issue.]
___

Apple 2012-001 Security Update - OS X Lion v10.7.3
- https://support.apple.com/kb/HT5130
Feb 01, 2012

OS X Lion v10.7.3 Update
- https://support.apple.com/kb/HT5048
Feb 01, 2012 - "... recommended for all OS X Lion users and includes general operating system fixes that improve the stability, compatibility, and security..."

Server Admin Tools 10.7.3
- https://support.apple.com/kb/HT5050
Feb 01, 2012 - "... advanced administration tools for Lion Server. You can install them on the server or on another Mac and use it for remote administration..."

- https://support.apple.com/kb/HT1222
OS X Lion v10.7.3 and Security Update 2012-001
Mac OS X v10.6.8, OS X Lion v10.7 to v10.7.2

- http://lists.apple.c...b/msg00000.html
1 Feb 2012

- https://www.apple.com/support/
___

- http://h-online.com/-1426962
2 February 2012 - "... the updates close more than 50 holes..."

- http://www.securityt....com/id/1026627
Date: Feb 2 2012
CVE Reference: CVE-2011-2937, CVE-2011-3328, CVE-2011-3444, CVE-2011-3447, CVE-2011-3448, CVE-2011-3449, CVE-2011-3450, CVE-2011-3452, CVE-2011-3453, CVE-2011-3457, CVE-2011-3458, CVE-2011-3459, CVE-2011-3460, CVE-2011-3462, CVE-2011-3463
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via local system, Execution of arbitrary code via network, Modification of user information, Root access via local system, User access via network
Version(s): prior to 10.7.3

- https://secunia.com/advisories/47843/
Release Date: 2012-02-03
Criticality level: Highly critical
Impact: Cross Site Scripting, Spoofing, Exposure of sensitive information, Privilege escalation, DoS, System access
Where: From remote...
Solution: Update to OS X Lion version 10.7.3 or apply Security Update 2012-001.

Edited by AplusWebMaster, 05 February 2012 - 03:07 PM.

[AplusWebMaster]

FYI...

Apple iOS 5.1 Software Update
- https://support.apple.com/kb/HT5192
March 07, 2012 - iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2
- https://secunia.com/advisories/48288/
Impact: Security Bypass, Cross Site Scripting, Exposure of sensitive information, System access
Where: From remote
Solution: Apply iOS 5.1 Software Update.
- http://www.securityt....com/id/1026774
Date: Mar 8 2012
CVE Reference: CVE-2012-0641, CVE-2012-0642, CVE-2012-0643, CVE-2011-3453, CVE-2012-0644, CVE-2012-0585, CVE-2012-0645, CVE-2012-0646, CVE-2011-3887, CVE-2012-0590, CVE-2011-3881, CVE-2012-0586, CVE-2012-0587, CVE-2012-0588, CVE-2012-0589, CVE-2011-2825, CVE-2011-2833, CVE-2011-2846, CVE-2011-2847, CVE-2011-2854, CVE-2011-2855, CVE-2011-2857, CVE-2011-2860, CVE-2011-2867, CVE-2011-2868, CVE-2011-2869, CVE-2011-2870, CVE-2011-2871, CVE-2011-2872, CVE-2011-2873, CVE-2011-2877, CVE-2011-3885, CVE-2011-3888, CVE-2011-3897, CVE-2011-3908, CVE-2011-3909, CVE-2011-3928, CVE-2012-0591, CVE-2012-0592, CVE-2012-0593, CVE-2012-0594, CVE-2012-0595, CVE-2012-0596, CVE-2012-0597, CVE-2012-0598, CVE-2012-0599, CVE-2012-0600, CVE-2012-0601, CVE-2012-0602, CVE-2012-0603, CVE-2012-0604, CVE-2012-0605, CVE-2012-0606, CVE-2012-0607, CVE-2012-0608, CVE-2012-0609, CVE-2012-0610, CVE-2012-0611, CVE-2012-0612, CVE-2012-0613, CVE-2012-0614, CVE-2012-0615, CVE-2012-0616, CVE-2012-0617, CVE-2012-0618, CVE-2012-0619, CVE-2012-0620, CVE-2012-0621, CVE-2012-0622, CVE-2012-0623, CVE-2012-0624, CVE-2012-0625, CVE-2012-0626, CVE-2012-0627, CVE-2012-0628, CVE-2012-0629, CVE-2012-0630, CVE-2012-0631, CVE-2012-0632, CVE-2012-0633, CVE-2012-0635
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via local system, User access via network...

iTunes 10.6 update
- https://support.apple.com/kb/HT5191
March 07, 2012 - Windows 7, Vista, XP SP2 or later
- https://secunia.com/advisories/48274/
Impact: System access
Where: From remote
Solution: Update to version 10.6.
- http://www.securityt....com/id/1026781
Date: Mar 9 2012
CVE Reference: CVE-2012-0634, CVE-2012-0636, CVE-2012-0637, CVE-2012-0638, CVE-2012-0639, CVE-2012-0648
Impact: Execution of arbitrary code via network, User access via network

- http://h-online.com/-1466786
8 March 2012

- https://www.us-cert....curity_updates2
March 9, 2012

Edited by AplusWebMaster, 10 March 2012 - 08:55 AM.

[AplusWebMaster]

FYI...

Apple Safari Plug-in vuln ...
- https://secunia.com/advisories/45758/
Release Date: 2012-03-07
Criticality level: Moderately critical
Impact: System access
Where: From remote
Software: Apple Safari 5.x
CVE Reference: http://web.nvd.nist....d=CVE-2011-3845 - 7.6 (HIGH)
Last revised: 03/08/2012
... confirmed in version 5.1.2 (7534.52.7) on Windows using the RealPlayer and Adobe Flash plug-ins. Other versions may also be affected.
Solution: No effective workaround is currently available...

- http://www.securityt....com/id/1026775
CVE Reference: http://web.nvd.nist....d=CVE-2011-3844 - 4.3
Date: Mar 9 2012
Impact: Modification of system information
Version(s): 5.0.5 (7533.21.1); possibly other versions
Impact: A remote user can spoof the address bar URL.
Solution: The vendor has issued a partial fix (5.1.2 (7534.52.7))...

- https://www.apple.com/safari/download/
(Currently: Safari 5.1.2... for Windows XP, Vista or 7)

Use Apple Software Update ...

Edited by AplusWebMaster, 11 March 2012 - 03:48 PM.

[AplusWebMaster]

FYI...

Safari v5.1.4 released
- http://lists.apple.c...r/msg00003.html
Mar 12, 2012 - Safari 5.1.4 for Windows XP, Vista or 7 ...

- https://www.apple.com/safari/download/

- https://support.apple.com/kb/HT5190

- http://www.securityt....com/id/1026785
Date: Mar 12 2012
CVE Reference: CVE-2012-0584, CVE-2012-0640, CVE-2012-0647
Impact: Disclosure of authentication information, Modification of system information
Version(s): prior to 5.1.4...

- https://secunia.com/advisories/48377/
Release Date: 2012-03-13
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of sensitive information, System access
Where: From remote ...
Solution: Update to version 5.1.4.
Original Advisory: http://support.apple.com/kb/HT5190
___

- https://www.computer..._monster_update
Mar 13, 2012 - "... Fixes 83 security flaws, most in WebKit engine; boosts JavaScript performance on OS X Lion... Of the 83 vulnerabilities, Apple tacitly classified 72 as critical..."

- http://h-online.com/-1470595
13 March 2012
>> http://www.h-online....iew=zoom;zoom=1

Edited by AplusWebMaster, 13 March 2012 - 08:22 AM.

[AplusWebMaster]

FYI...

Apple - Java update for OS X Lion 2012-001 and Java for Mac OS X 10.6
- https://support.apple.com/kb/HT5228
April 03, 2012
This document describes the security content of Java for OS X Lion 2012-001 and Java for Mac OS X 10.6 Update 7, which can be downloaded and installed via Software Update* preferences, or from Apple Downloads.
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.3, Lion Server v10.7.3
Impact: Multiple vulnerabilities in Java 1.6.0_29
Description: Multiple vulnerabilities exist in Java 1.6.0_29, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_31...

* https://support.apple.com/kb/HT1338

APPLE-SA-2012-04-03-1 Java for OS X 2012-001 and Java for Mac OS X 10.6 Update 7
- http://lists.apple.c...r/msg00000.html
3 Apr 2012

- https://www.us-cert....te_for_java_for
April 4, 2012

- https://secunia.com/advisories/48648/
Release Date: 2012-04-04
Criticality level: Highly critical
Impact: Manipulation of data, Exposure of sensitive information, DoS, System access
Where: From remote...
Solution: Apply updates.
Original Advisory: http://support.apple.com/kb/HT5228
___

Urgent Fix for Zero-Day Mac Java Flaw
- http://atlas.arbor.n...ndex#-674870906
Severity: Extreme Severity
Published: Thursday, April 05, 2012 23:09
Apple has released a critical Java patch that should be deployed ASAP to help counter the Flashback malware. Apple users should be aware that they are -not- invulnerable, even though OSX attacks and malware are much much less than for Windows systems.
Analysis: Flashback has started compromising OSX systems using an out-of-date version of Java. The trojan has been seen with two basic payloads, one to modify Safari settings and the other that is a password stealer. The Flashback botnet has been monitored by security company Dr. Web and their data shows approximately 600,000 OSX systems have been infected. More infections are on their way, given the lax attention to security that many OSX users have. It is likely that this Java security flaw has also been used in targeted attacks that won't get much, if any press.
Source: https://krebsonsecur...-mac-java-flaw/

- http://h-online.com/-1500931
4 April 2012

Edited by AplusWebMaster, 07 April 2012 - 04:38 AM.

[AplusWebMaster]

FYI...

2012-003 Apple - Java for OS X Lion
- http://support.apple.com/kb/HT5242
April 12, 2012 - "... Java for OS X Lion 2012-003 delivers Java SE 6 version 1.6.0_31 and supersedes all previous versions of Java for OS X Lion. This update is recommended for all Mac users with Java installed..."

Java for Mac OS X 10.6 Update 8
- http://support.apple.com/kb/HT5243
April 12, 2012 - "... Java for Mac OS X 10.6 Update 8 delivers Java SE 6 version 1.6.0_31 and supersedes all previous versions of Java of Java for Mac OS X v10.6..."

APPLE-SA-2012-04-12-1 Java for OS X 2012-003 and Java for Mac OS X 10.6 Update 8
- http://lists.apple.c...r/msg00001.html
12 Apr 2012

> https://isc.sans.edu...l?storyid=12973
Last Updated: 2012-04-12 21:50:28 UTC

- http://h-online.com/-1520431
13 April 2012 - "... Java update -with- Flashback removal tool..."
___

Third Java update in 9 days...
- https://www.computer...e_hunter_killer
April 13, 2012

- https://www.computer.....k Decline.jpg
April 12, 2012

Edited by AplusWebMaster, 13 April 2012 - 05:51 AM.