240 replies to this topic

[AplusWebMaster]

FYI...

Apple TV v5.1 released
- https://secunia.com/advisories/50728/
Release Date: 2012-09-25
Criticality level: Highly critical
Impact: Exposure of sensitive information, DoS, System access
Where: From remote
CVE Reference(s): CVE-2011-1167, CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-3026, CVE-2011-3048, CVE-2011-3328, CVE-2011-3919, CVE-2012-0682, CVE-2012-0683, CVE-2012-1173, CVE-2012-3589, CVE-2012-3590, CVE-2012-3591, CVE-2012-3592, CVE-2012-3678, CVE-2012-3679, CVE-2012-3722, CVE-2012-3725, CVE-2012-3726
... vulnerabilities are reported in versions prior to 5.1.
Solution: Update to Apple TV Software version 5.1.
Original Advisory: APPLE-SA-2012-09-24-1:
http://support.apple.com/kb/HT5504
Apple TV 2nd generation and later

- https://support.apple.com/kb/HT4448
Apple TV (2nd and 3rd generation) software updates
Sep 24, 2012

How to update: https://support.apple.com/kb/HT1600

APPLE-SA-2012-09-24-1 Apple TV 5.1
- http://lists.apple.c...p/msg00006.html
24 Sep 2012

Edited by AplusWebMaster, 25 September 2012 - 11:19 AM.

[AplusWebMaster]

FYI...

RE: iOS 6 release / Apple maps...

- http://news.yahoo.co...-135819039.html
Sep 28, 2012 - "Apple CEO Tim Cook says the company is "extremely sorry" for the frustration that its maps application has caused and it's doing everything it can to make it better. Cook said in a letter posted online Friday that Apple "fell short" in its commitment to make the best possible products for its customers. He recommends that people try alternatives by downloading competing map apps from the App Store while Apple works on its own maps products.... 'had released an update to its iPhone and iPad operating system last week that replaced Google Maps with Apple's own maps application. But users complained that the new maps have fewer details, lack public transit directions and misplace landmarks, among other problems."
* https://www.apple.co...m-cook-on-maps/
Sep 28, 2012

[AplusWebMaster]

FYI...

Apple OS X Svr v2.1.1 released
- https://secunia.com/advisories/50859/
Release Date: 2012-10-04
Criticality level: Moderately critical
Impact: Security Bypass, Exposure of sensitive information, System access
Where: From remote
Software: Apple OS X Server 2.x
CVE Reference(s): CVE-2012-3488, CVE-2012-3489, CVE-2012-3525
... vulnerabilities are reported in versions prior to 2.1.1.
Solution: Update to version 2.1.1.
Original Advisory: APPLE-SA-2012-09-19-4:
http://prod.lists.ap...t/msg00000.html
APPLE-SA-2012-09-19-4 OS X Server v2.1.1

- https://support.apple.com/kb/HT5533
Oct 03, 2012

- http://web.nvd.nist....d=CVE-2012-3525 - 5.8
- http://web.nvd.nist....d=CVE-2012-3488 - 5.8
- http://web.nvd.nist....d=CVE-2012-3489 - 5.o

Edited by AplusWebMaster, 04 October 2012 - 05:38 PM.

[AplusWebMaster]

FYI...

Apple Java for OS X 2012-006 / Mac OS X 10.6 Update 11
- https://support.apple.com/kb/HT5549
Oct 17, 2012 - "Multiple vulnerabilities exist in Java 1.6.0_35... addressed by updating to Java version 1.6.0_37..."
- http://lists.apple.c...t/msg00001.html

- https://support.apple.com/kb/DL1572
"Java for OS X 2012-006 delivers improved security, reliability, and compatibility by updating Java SE 6 to 1.6.0_37. This update uninstalls the Apple-provided Java applet plug-in from all web browsers. To use applets on a web page, click on the region labeled "Missing plug-in" to go download the latest version of the Java applet plug-in from Oracle. Please quit any web browsers and Java applications before installing this update..."

- https://secunia.com/advisories/50942/
Release Date: 2012-10-17
Criticality level: Highly critical
Impact: Manipulation of data, Exposure of sensitive information, DoS, System access
Where: From remote
... more information: https://secunia.com/SA50949/
Solution: Apply updates.
Original Advisory: http://support.apple.com/kb/HT5549

- https://support.apple.com/kb/HT5493

- http://support.apple.com/kb/HT1222
___

> http://regmedia.co.u...java_update.jpg

- http://h-online.com/-1732089
18 Oct 2012

Edited by AplusWebMaster, 21 October 2012 - 05:35 AM.

[AplusWebMaster]

FYI...

iOS 6.0.1 Software Update
- https://support.apple.com/kb/DL1606
Nov 1, 2012
"This update contains improvements and bug fixes, including:
• Fixes a bug that prevents iPhone 5 from installing software updates wirelessly over the air
• Fixes a bug where horizontal lines may be displayed across the keyboard
• Fixes an issue that could cause camera flash to not go off
• Improves reliability of iPhone 5 and iPod touch (5th generation) when connected to encrypted WPA2 Wi-Fi networks
• Resolves an issue that prevents iPhone from using the cellular network in some instances
• Consolidated the Use Cellular Data switch for iTunes Match
• Fixes a Passcode Lock bug which sometimes allowed access to Passbook pass details from lock screen
• Fixes a bug affecting Exchange meetings
For information on the security content of this update, please visit this website:
http://support.apple.com/kb/HT1222
This update is available via iTunes and wirelessly."

- https://secunia.com/advisories/51162/
Release Date: 2012-11-02
Criticality level: Highly critical
Impact: Security Bypass, Exposure of system information, System access
Where: From remote
CVE Reference(s): CVE-2012-3748, CVE-2012-3749, CVE-2012-3750, CVE-2012-5112
For more information: https://secunia.com/SA51157/
Solution: Apply iOS 6.0.1 Software Update.
Original Advisory: APPLE-SA-2012-11-01-1:
http://support.apple.com/kb/HT5567
> http://lists.apple.c...v/msg00000.html
___

Safari 6.0.2 released
- https://support.apple.com/kb/HT5568
Nov 1, 2012
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.2
... WebKit -
1) Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A time of check to time of use issue existed in the handling of JavaScript arrays. This issue was addressed through additional validation of JavaScript arrays.
CVE-2012-3748 : Joost Pol and Daan Keuper of Certified Secure working with HP TippingPoint's Zero Day Initiative
2) Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A use after free issue existed in the handling of SVG images. This issue was addressed through improved memory handling.
CVE-2012-5112 : Pinkie Pie working with Google's Pwnium 2 contest...

- https://secunia.com/advisories/51157/
Release Date: 2012-11-02
Criticality level: Highly critical
Impact: System access
Where: From remote
CVE Reference(s): CVE-2012-3748, CVE-2012-5112
For more information: https://secunia.com/SA50954/
The vulnerabilities are reported in versions prior to 6.0.2 running on OS X Lion and OS X Mountain Lion.
Solution: Update to version 6.0.2.
Original Advisory: APPLE-SA-2012-11-01-2:
http://support.apple.com/kb/HT5568
> http://lists.apple.c...v/msg00001.html

Edited by AplusWebMaster, 02 November 2012 - 06:58 AM.

[AplusWebMaster]

FYI...

QuickTime v7.7.3 released
- https://secunia.com/advisories/51226/
Release Date: 2012-11-08
Criticality level: Highly critical
Impact: System access
Where: From remote
CVE Reference(s): CVE-2011-1374, CVE-2012-3751, CVE-2012-3752, CVE-2012-3753, CVE-2012-3754, CVE-2012-3755, CVE-2012-3756, CVE-2012-3757, CVE-2012-3758
... vulnerabilities are reported in versions prior to 7.7.3.
Solution: Update to version 7.7.3.
Original Advisory: http://support.apple.com/kb/HT5581

> http://lists.apple.c...v/msg00002.html
... QuickTime 7.7.3 may be obtained from the QuickTime Downloads site:
http://www.apple.com...ktime/download/
-or-
Use Apple Software Update.
___

- http://h-online.com/-1746273
8 Nov 2012

Edited by AplusWebMaster, 08 November 2012 - 07:39 AM.

[AplusWebMaster]

FYI...

iTunes 11.0.1 released
- https://support.apple.com/kb/DL1614
Dec 13, 2012 - "This update to the new iTunes addresses an issue where new purchases in iCloud may not appear in your library if iTunes Match is turned on, makes iTunes more responsive when searching a large library, fixes a problem where the AirPlay button may not appear as expected, and adds the ability to display duplicate items within your library. This update also includes other important stability and performance improvements."

Available on Apple Software Update.

[AplusWebMaster]

FYI...

iOS 6.0.2 Software Update
- http://support.apple.com/kb/DL1621
Dec 18, 2012 - Fixes a bug that could impact Wi-Fi...
System Requirements: iPhone 5, iPad mini

- http://www.todaysiph...eased-by-apple/
"... everyone and their dogs are trying to download the delta update and Apple’s servers are having a hard time..."

- http://bgr.com/2012/...2258170-258170/
Dec 18, 2012 - "... these Wi-Fi issues were supposed to be fixed with the release of iOS 6.0.1 but notes that users have still reported problems connecting to known Wi-Fi hotspots even after installing the patch..."

Edited by AplusWebMaster, 18 December 2012 - 04:33 PM.

[AplusWebMaster]

FYI...

Apple iOS 6.1 Software Update
- https://support.apple.com/kb/HT5642
28 Jan 2013
- http://www.securityt....com/id/1028051
CVE Reference: CVE-2012-2619, CVE-2012-2824, CVE-2012-2857, CVE-2012-2889, CVE-2013-0948, CVE-2013-0949, CVE-2013-0950, CVE-2013-0951, CVE-2013-0952, CVE-2013-0953, CVE-2013-0954, CVE-2013-0955, CVE-2013-0956, CVE-2013-0958, CVE-2013-0959, CVE-2013-0962, CVE-2013-0964, CVE-2013-0968, CVE-2013-0974
Jan 29 2013
Impact: Denial of service via network, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via local system, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 6.1
___

- http://h-online.com/-1793259
29 Jan 2013
___

Apple TV 5.2
- https://support.apple.com/kb/HT5643
28 Jan 2013
- http://www.securityt....com/id/1028050
CVE Reference: CVE-2012-2619, CVE-2013-0964
Jan 29 2013
Impact: Denial of service via network, Disclosure of system information
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 2nd generation and later; firmware prior to 5.2

Edited by AplusWebMaster, 29 January 2013 - 09:27 AM.

[AplusWebMaster]

FYI...

Apple OS X Server v2.2.1 released
Mac OS X v10.6 Update 12
- https://support.apple.com/kb/HT5644

- http://prod.lists.ap...b/msg00001.html
4 Feb 2013

Available for: OS X Mountain Lion v10.8 or later
CVE-IDs:
- https://web.nvd.nist...d=CVE-2013-0156 - 7.5 (HIGH)
- https://web.nvd.nist...d=CVE-2013-0333 - 7.5 (HIGH)

- https://support.apple.com/kb/HT1338

- http://www.apple.com...port/downloads/
___

- https://secunia.com/advisories/52095/
Release Date: 2013-02-05
Criticality level: Highly critical
Impact: System access
Where: From remote
CVE Reference(s): CVE-2013-0156, CVE-2013-0333
... vulnerabilities are reported in versions prior to 2.2.1.
Solution: Update to version 2.2.1.

[AplusWebMaster]

FYI...

Expect a v2 of iOS 6.1 ...

iOS 6.1 Leads to Battery Life Drain, Overheating for iPhone Users
- http://thenextweb.co...ing-to-ios-6-1/
8 Feb 2013

- http://arstechnica.c...ontacts-photos/
Feb 14, 2013 - "An -old- vulnerability in the iPhone's lock screen and Emergency Call feature appears to have resurfaced for a third time in iOS 6.1. With the right sequence of button clicking, it's possible to get to an iPhone user's voicemails, contacts, and photos—even if the iPhone is locked and password protected..."
- https://secunia.com/advisories/52173/

Access restriction in iOS 6 partially useless
- http://h-online.com/-1805842
19 Feb 2013

Rapid growth in transaction logs, CPU use, and memory consumption in Exchange Server 2010 when a user syncs a mailbox by using an iOS 6.1-based device
- http://support.micro....com/kb/2814847
Last Review: February 12, 2013 - Revision: 5.0
Status: Apple and Microsoft are investigating this issue. We will post more information in this article when the information becomes available...
Workaround: To work around this issue, do not process Calendar items such as meeting requests on iOS 6.1 devices. Also, immediately restart the iOS 6.1 device...

Edited by AplusWebMaster, 19 February 2013 - 06:02 AM.

[AplusWebMaster]

FYI...

iTunes 11.0.2 released
- https://support.apple.com/kb/DL1614
Feb 19, 2013

APPLE-SA-2013-02-19-1 Java for OS X 2013-001 and Mac OS X v10.6 Update 13
- http://prod.lists.ap...b/msg00002.html
2013-02-19
- http://support.apple.com/kb/HT5666

Edited by AplusWebMaster, 20 February 2013 - 10:45 AM.

[AplusWebMaster]

FYI...

iOS 6.1.2 Software Update
- https://support.apple.com/kb/DL1639
Feb 19, 2013 - "Fixes an Exchange calendar bug that could result in increased network activity and reduced battery life...
System Requirements: iPhone 3GS and later, iPad 2 and later, iPod touch 4th generation and later, iPhone 5 ..."

- http://support.micro....com/kb/2814847
Last Review: February 19, 2013 Revision: 15.0 - "... Resolution: Apple has posted the following article to address the issue:
- https://support.apple.com/kb/TS4532
Feb 19, 2013 - ... Resolution: To resolve this issue, update to iOS 6.1.2..."

Edited by AplusWebMaster, 20 February 2013 - 06:15 AM.

[AplusWebMaster]

FYI...

Amazon fixes its book deleting iTunes Kindle app update
- http://www.theinquir...ndle-app-update
Feb 28 2013 - "... Amazon has revisited the webpage and the update. Version 3.6.2* of the Kindle app for iOS includes both a fix for the registration issue and "Various Bug Fixes and Security Fixes"..."
* https://itunes.apple...d302584613?mt=8
Updated: Feb 27, 2013
Version: 3.6.2
Size: 21.4 MB
What's New in Version 3.6.2
• Fix for Registration Issue
• Various Bug Fixes and Security Fixes...

[AplusWebMaster]

FYI...

Apple blocks older insecure versions of Flash...
- https://isc.sans.edu...l?storyid=15316
Last Updated: 2013-03-02 18:23:36 - "Apple has recently stepped up its response to security issues involving 3rd party plug-ins. They have aggressively used its anti-malware tool sets to enforce minimum versions of Adobe Flash*, Oracle Java, and similar popular plug-ins..."
* https://support.apple.com/kb/ht5655
Mar 1, 2013 - "... When attempting to view Flash content in Safari, you may see this alert: "Blocked Plug-in"
Selecting it will display this alert:
'Adobe Flash Player' is out of date.
- Click 'Download Flash…' to have Safari open the Adobe Flash Player installer website.
- Download the latest Adobe Flash Player installer--click the "Download now" button.
- Open the downloaded disk image.
- Open the installer and follow the onscreen instructions...'"

- https://support.apple.com/kb/HT5660
Mar 1, 2013

Edited by AplusWebMaster, 02 March 2013 - 07:07 PM.