Page 30 of 31 FirstFirst ... 20262728293031 LastLast
Results 291 to 300 of 306

Thread: Alerts

  1. #291
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation WPA2 Vulnerabilities

    FYI...

    WPA2 Vulnerabilities
    > https://www.us-cert.gov/ncas/current...ulnerabilities
    16 Oct 2017 - "... vulnerabilities are in the WPA2 protocol, not within individual WPA2 implementations, which means that all WPA2 wireless networking may be affected. Mitigations include installing updates to affected products and hosts as they become available. US-CERT encourages users and administrators to review CERT/CC's VU #228519*..."
    * https://www.kb.cert.org/vuls/id/228519/
    16 Oct 2017 - See: Vendor Information

    > https://isc.sans.edu/diary/rss/22932
    Oct 16, 2017
    ___

    - https://w1.fi/security/2017-1/wpa-pa...d-messages.txt
    Oct 16, 2017
    > https://w1.fi/security/2017-1/

    - https://www.securitytracker.com/id/1039573
    CVE Reference: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088
    Oct 16 2017
    Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes
    Version(s): 2.6 and prior ...
    Impact: A remote user on the wireless network can access and modify data on the wireless network.
    Solution: The vendor has issued patches, available at:
    > https://w1.fi/security/2017-1/
    The patches will be included in future release 2.7...

    Last edited by AplusWebMaster; 2017-10-16 at 23:27.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #292
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Apple security updates - 2017.10.31

    FYI...

    > https://support.apple.com/en-us/HT201222

    iOS 11.1
    - https://support.apple.com/en-us/HT208222
    Oct 31, 2017 - "Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation..."

    - https://www.securitytracker.com/id/1039703
    CVE Reference: CVE-2017-13080, CVE-2017-13783, CVE-2017-13784, CVE-2017-13785, CVE-2017-13788, CVE-2017-13791, CVE-2017-13792, CVE-2017-13793, CVE-2017-13794, CVE-2017-13795, CVE-2017-13796, CVE-2017-13798, CVE-2017-13799, CVE-2017-13802, CVE-2017-13803, CVE-2017-13804, CVE-2017-13805, CVE-2017-13844, CVE-2017-13849, CVE-2017-7113
    Oct 31 2017
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): prior to 11.1 ...
    Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
    A remote user can modify data on the target system.
    A remote user can cause the target service to crash.
    A local user can obtain potentially sensitive information on the target system.
    An application can obtain elevated privileges on the target system.
    Solution: The vendor has issued a fix (11.1)...
    ___

    Safari 11.1
    - https://support.apple.com/en-us/HT208223
    Oct 31, 2017 - "Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13..."

    - https://www.securitytracker.com/id/1039706
    CVE Reference: CVE-2017-13789, CVE-2017-13790
    Oct 31 2017
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): prior to 11.1 ...
    Impact: A remote user can spoof a URL in the address bar.
    Solution: The vendor has issued a fix (11.1)...
    ___

    macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan
    - https://support.apple.com/en-us/HT208221
    Oct 31, 2017 - "Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6..."

    - https://www.securitytracker.com/id/1039710
    CVE Reference: CVE-2017-13782, CVE-2017-13786, CVE-2017-13800, CVE-2017-13801, CVE-2017-13807, CVE-2017-13808, CVE-2017-13809, CVE-2017-13810, CVE-2017-13811, CVE-2017-13812, CVE-2017-13813, CVE-2017-13814, CVE-2017-13815, CVE-2017-13816, CVE-2017-13817, CVE-2017-13818, CVE-2017-13819, CVE-2017-13820, CVE-2017-13821, CVE-2017-13822, CVE-2017-13823, CVE-2017-13824, CVE-2017-13825, CVE-2017-13828, CVE-2017-13830, CVE-2017-13831, CVE-2017-13832, CVE-2017-13834, CVE-2017-13836, CVE-2017-13838, CVE-2017-13840, CVE-2017-13841, CVE-2017-13842, CVE-2017-13843, CVE-2017-13846, CVE-2017-7132
    Nov 1 2017
    Fix Available: Yes Vendor Confirmed: Yes ...
    Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
    A remote user can cause denial of service conditions.
    A local user can obtain potentially sensitive information on the target system.
    A local user can obtain potentially sensitive information from system memory on the target system.
    An application can obtain elevated privileges on the target system.
    Solution: The vendor has issued a fix...
    ___

    iCloud for Windows 7.1
    - https://support.apple.com/en-us/HT208225
    Oct 31, 2017 - "Available for: Windows 7 and later..."
    ___

    iTunes 12.7.1 for Windows
    - https://support.apple.com/en-us/HT208224
    Oct 31, 2017 - "Available for: Windows 7 and later..."
    ___

    tvOS 11.1
    - https://support.apple.com/en-us/HT208219
    Oct 31, 2017 - "Available for: Apple TV 4K and Apple TV (4th generation)..."
    ___

    watchOS 4.1
    - https://support.apple.com/en-us/HT208220
    Oct 31, 2017 - "Available for: All Apple Watch models..."
    ___

    - https://www.us-cert.gov/ncas/current...curity-Updates
    Oct 31, 2017

    Last edited by AplusWebMaster; 2017-11-01 at 13:09.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #293
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation WordPress 4.8.3 released

    FYI...

    WordPress 4.8.3 Security Release
    - https://wordpress.org/news/2017/10/w...urity-release/
    Oct 31, 2017 - "WordPress 4.8.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately..."

    Download: https://wordpress.org/download/
    ___

    - https://www.us-cert.gov/ncas/current...ecurity-Update
    Oct 31, 2017

    Last edited by AplusWebMaster; 2017-11-02 at 13:50.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #294
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Thunderbird 52.5.0 released

    FYI...

    Thunderbird 52.5.0 released
    - https://www.mozilla.org/en-US/thunde.../releasenotes/
    Nov 23, 2017
    New: Better support for Charter/Spectrum IMAP: Thunderbird will now detect Charter's IMAP service and send an additional - IMAP select command to the server. Check the various preferences ending in "force_select" to see whether auto-detection has discovered this case.
    Fixed:
    - In search folders spanning multiple base folders clicking on a message sometimes marked another message as read
    - IMAP alerts have been corrected and now show the correct server name in case of connection problems
    - POP alerts have been corrected and now indicate connection problems in case the configured POP server cannot be found
    - Various security fixes:
    - https://www.mozilla.org/en-US/securi...hunderbird52.5

    > https://www.mozilla.org/en-US/securi...s/mfsa2017-26/
    Critical:
    CVE-2017-7828: Use-after-free of PressShell while restyling layout
    CVE-2017-7826: Memory safety bugs fixed in Firefox 57, Firefox ESR 52.5, and Thunderbird 52.5

    Automated Updates: https://support.mozilla.org/en-US/kb...ng-thunderbird
    Manual check: Go to >Help >About Thunderbird

    Addons: https://addons.mozilla.org/en-US/thunderbird/

    Download
    - https://www.mozilla.org/en-US/thunderbird/all/

    Last edited by AplusWebMaster; 2017-11-25 at 19:17.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #295
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Apple Security Update 2017-001 - macOS High Sierra 10.13.1

    FYI...

    Security Update 2017-001 - macOS High Sierra 10.13.1
    - https://support.apple.com/en-us/HT208315
    Nov 29, 2017 - "Available for: macOS High Sierra 10.13.1
    Not impacted: macOS Sierra 10.12.6 and earlier
    Impact: An attacker may be able to bypass administrator authentication without supplying the administrator’s password
    Description: A logic error existed in the validation of credentials. This was addressed with improved credential validation.
    CVE-2017-13872: When you install Security Update 2017-001* on your Mac, the build number of macOS will be 17B1002. Learn how to find the macOS version and build number on your Mac**.
    * https://support.apple.com/kb/HT201541
    ** https://support.apple.com/en-us/HT201260
    If you require the root user account on your Mac, you will need to re-enable the root user and change the root user's password after this update***.
    *** https://support.apple.com/en-us/HT204012
    If you experience issues with authenticating or connecting to file shares on your Mac after you install this update, you can repair file sharing[4].
    4] https://support.apple.com/kb/HT208317
    ___

    - https://www.securitytracker.com/id/1039875
    CVE Reference: CVE-2017-13872
    Updated: Nov 29 2017
    Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes
    Version(s): 10.13 ...
    Impact: A local user can obtain root privileges on the target system.
    Solution: The vendor has issued a fix...
    > https://support.apple.com/en-us/HT208315

    > https://www.computerworld.com/articl...w-updated.html
    Nov 29, 2017
    ___

    > https://www.kb.cert.org/vuls/id/113765
    29 Nov 2017

    - https://www.us-cert.gov/ncas/current...OS-High-Sierra
    Nov 29, 2017
    ___

    >> https://blog.malwarebytes.com/cyberc...the-root-user/
    Nov 29, 2017

    - https://blog.malwarebytes.com/threat...mroot-bug-fix/
    Dec 4, 2017

    Last edited by AplusWebMaster; 2017-12-06 at 17:19.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #296
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation WordPress 4.9.1 released

    FYI...

    WordPress 4.9.1 Security and Maintenance Release
    - https://wordpress.org/news/2017/11/w...nance-release/
    Nov 29, 2017 - "WordPress 4.9.1 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately. WordPress versions 4.9 and earlier are affected by four security issues which could potentially be exploited as part of a multi-vector attack..."

    Download: https://wordpress.org/download/

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #297
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation iOS 11.2 released

    FYI...

    iOS 11.2 released
    - https://www.theverge.com/2017/12/2/1...atures-release
    Dec 2, 2017 - "Apple is taking the highly unusual step of releasing a significant iOS update today, just hours after an iOS 11 bug started crashing iPhones. A bug in iOS 11.1.2 started causing iPhones to crash if third-party apps use recurring notifications for things like reminders. Apple is releasing iOS 11.2 today, which addresses the issue and includes a number of new features. Apple usually releases iOS updates on a Tuesday, so this appears to have been issued early to fix the crash bug..."

    > https://www.theverge.com/2017/12/2/1...ember-2nd-2017
    Dec 2, 2017
    ___

    > https://support.apple.com/en-us/HT201222

    iOS 11.2 (details available soon) - iPhone 5s and later, iPad Air and later, and iPod touch 6th generation

    > https://support.apple.com/en-us/HT204204

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #298
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Apple updates - 2017.12.06

    FYI...

    - https://support.apple.com/en-us/HT201222

    iOS 11.2
    - https://support.apple.com/en-us/HT208334
    Released Dec 2, 2017
    IOKit: Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
    Impact: An application may be able to execute arbitrary code with system privileges
    Description: Multiple memory corruption issues were addressed through improved state management.
    CVE-2017-13847: Ian Beer of Google Project Zero
    IOMobileFrameBuffer: Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
    Impact: An application may be able to execute arbitrary code with kernel privilege
    Description: A memory corruption issue was addressed with improved memory handling.
    CVE-2017-13879: Apple
    IOSurface: Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
    Impact: An application may be able to execute arbitrary code with kernel privileges
    Description: A memory corruption issue was addressed with improved memory handling.
    CVE-2017-13861: Ian Beer of Google Project Zero
    Kernel: Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
    Impact: An application may be able to execute arbitrary code with kernel privileges
    Description: A memory corruption issue was addressed with improved memory handling.
    CVE-2017-13862: Apple
    CVE-2017-13876: Ian Beer of Google Project Zero
    Kernel: Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
    Impact: An application may be able to read restricted memory
    Description: An out-of-bounds read was addressed with improved bounds checking.
    CVE-2017-13833: Brandon Azad
    Kernel: Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
    Impact: An application may be able to read restricted memory
    Description: A type confusion issue was addressed with improved memory handling.
    CVE-2017-13855: Jann Horn of Google Project Zero
    Kernel: Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
    Impact: A malicious application may be able to execute arbitrary code with kernel privileges
    Description: A memory corruption issue was addressed with improved memory handling.
    CVE-2017-13867: Ian Beer of Google Project Zero
    Kernel: Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
    Impact: An application may be able to read restricted memory
    Description: Multiple validation issues were addressed with improved input sanitization.
    CVE-2017-13865: Ian Beer of Google Project Zero
    CVE-2017-13868: Brandon Azad
    CVE-2017-13869: Jann Horn of Google Project Zero
    Mail: Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
    Impact: Incorrect certificate is used for encryption
    Description: A S/MIME issue existed in the handling of encrypted email. This issue was addressed through improved selection of the encryption certificate.
    CVE-2017-13874: an anonymous researcher
    Mail Drafts: Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
    Impact: An attacker with a privileged network position may be able to intercept mail
    Description: An encryption issue existed with S/MIME credetials. The issue was addressed with additional checks and user control.
    CVE-2017-13860: Michael Weishaar of INNEO Solutions GmbH
    Wi-Fi: Available for: iPhone 6s, iPhone 6s Plus, iPhone 6, iPhone 6 Plus, iPhone SE, iPhone 5s, 12.9-inch iPad Pro 1st generation, iPad Air 2, iPad Air, iPad 5th generation, iPad mini 4, iPad mini 3, iPad mini 2, and iPod touch 6th generation
    Released for iPhone 7 and later and iPad Pro 9.7-inch (early 2016) and later in iOS 11.1.
    Impact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK)
    Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management.
    CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven
    Published Date: Dec 6, 2017
    ___

    macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan
    - https://support.apple.com/en-us/HT208331
    Released Dec 6, 2017
    apache: Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6
    Impact: Processing a maliciously crafted Apache configuration directive may result in the disclosure of process memory
    Description: Multiple issues were addressed by updating to version 2.4.28.
    CVE-2017-9798
    curl: Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6
    Impact: Malicious FTP servers may be able to cause the client to read out-of-bounds memory
    Description: An out-of-bounds read issue existed in the FTP PWD response parsing. This issue was addressed with improved bounds checking.
    CVE-2017-1000254: Max Dymond
    Directory Utility: Available for: macOS High Sierra 10.13 and macOS High Sierra 10.13.1
    Not impacted: macOS Sierra 10.12.6 and earlier
    Impact: An attacker may be able to bypass administrator authentication without supplying the administrator’s password
    Description: A logic error existed in the validation of credentials. This was addressed with improved credential validation.
    CVE-2017-13872
    Intel Graphics Driver: Available for: macOS High Sierra 10.13.1
    Impact: An application may be able to execute arbitrary code with kernel privileges
    Description: A memory corruption issue was addressed with improved memory handling.
    CVE-2017-13883: an anonymous researcher
    Intel Graphics Driver: Available for: macOS High Sierra 10.13.1
    Impact: A local user may be able to cause unexpected system termination or read kernel memory
    Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation.
    CVE-2017-13878: Ian Beer of Google Project Zero
    Intel Graphics Driver: Available for: macOS High Sierra 10.13.1
    Impact: An application may be able to execute arbitrary code with system privileges
    Description: An out-of-bounds read was addressed through improved bounds checking.
    CVE-2017-13875: Ian Beer of Google Project Zero
    IOAcceleratorFamily: Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6
    Impact: An application may be able to execute arbitrary code with system privileges
    Description: A memory corruption issue was addressed with improved memory handling.
    CVE-2017-13844: found by IMF developed by HyungSeok Han (daramg.gift) of SoftSec, KAIST (softsec.kaist.ac.kr)
    IOKit: Available for: macOS High Sierra 10.13.1
    Impact: An application may be able to execute arbitrary code with system privileges
    Description: An input validation issue existed in the kernel. This issue was addressed through improved input validation.
    CVE-2017-13848: Alex Plaskett of MWR InfoSecurity
    CVE-2017-13858: an anonymous researcher
    IOKit: Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6
    Impact: An application may be able to execute arbitrary code with system privileges
    Description: Multiple memory corruption issues were addressed through improved state management.
    CVE-2017-13847: Ian Beer of Google Project Zero
    Kernel: Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6
    Impact: An application may be able to execute arbitrary code with kernel privileges
    Description: A memory corruption issue was addressed with improved memory handling.
    CVE-2017-13862: Apple
    Kernel: Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6
    Impact: An application may be able to read restricted memory
    Description: An out-of-bounds read was addressed with improved bounds checking.
    CVE-2017-13833: Brandon Azad
    Kernel: Available for: macOS High Sierra 10.13.1
    Impact: An application may be able to execute arbitrary code with kernel privileges
    Description: A memory corruption issue was addressed with improved memory handling.
    CVE-2017-13876: Ian Beer of Google Project Zero
    Kernel: Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6
    Impact: An application may be able to read restricted memory
    Description: A type confusion issue was addressed with improved memory handling.
    CVE-2017-13855: Jann Horn of Google Project Zero
    Kernel: Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6
    Impact: A malicious application may be able to execute arbitrary code with kernel privileges
    Description: A memory corruption issue was addressed with improved memory handling.
    CVE-2017-13867: Ian Beer of Google Project Zero
    Kernel: Available for: macOS High Sierra 10.13.1
    Impact: An application may be able to read restricted memory
    Description: A validation issue was addressed with improved input sanitization.
    CVE-2017-13865: Ian Beer of Google Project Zero
    Kernel: Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6
    Impact: An application may be able to read restricted memory
    Description: A validation issue was addressed with improved input sanitization.
    CVE-2017-13868: Brandon Azad
    CVE-2017-13869: Jann Horn of Google Project Zero
    Mail: Available for: macOS High Sierra 10.13.1
    Impact: A S/MIME encrypted email may be inadvertently sent unencrypted if the receiver's S/MIME certificate is not installed
    Description: An inconsistent user interface issue was addressed with improved state management.
    CVE-2017-13871: an anonymous researcher
    Mail Drafts: Available for: macOS High Sierra 10.13.1
    Impact: An attacker with a privileged network position may be able to intercept mail
    Description: An encryption issue existed with S/MIME credetials. The issue was addressed with additional checks and user control.
    CVE-2017-13860: Michael Weishaar of INNEO Solutions GmbH
    OpenSSL: Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6
    Impact: An application may be able to read restricted memory
    Description: An out-of-bounds read issue existed in X.509 IPAddressFamily parsing. This issue was addressed with improved bounds checking.
    CVE-2017-3735: found by OSS-Fuzz
    Screen Sharing Server: Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6
    Impact: A user with screen sharing access may be able to access any file readable by root
    Description: A permissions issue existed in the handling of screen sharing sessions. This issue was addressed with improved permissions handling.
    CVE-2017-13826: Trevor Jacques of Toronto
    ___

    tvOS 11.2
    - https://support.apple.com/en-us/HT208327
    Released Dec 4, 2017 - "Available for: Apple TV 4K and Apple TV (4th generation)..."
    Published Date: Dec 6, 2017
    ___

    watchOS 4.2
    - https://support.apple.com/en-us/HT208325
    Released Dec 5, 2017 - "Available for: All Apple Watch models..."
    Published Date: Dec 6, 2017
    ___

    Safari 11.0.2 - (details available soon)
    OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13
    6 Dec 2017
    ___

    iTunes 12.7.2 for Windows - (details available soon)
    Windows 7 and later
    6 Dec 2017
    ___

    - https://www.us-cert.gov/ncas/current...curity-Updates
    Dec 06, 2017

    Last edited by AplusWebMaster; 2017-12-07 at 13:25.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #299
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Apple advisories - 2017.12.12-13

    FYI...

    - https://support.apple.com/en-us/HT201222

    iCloud for Windows 7.2
    - https://support.apple.com/en-us/HT208328
    Dec 13, 2017
    APNs Server: Available for: Windows 7 and later
    Impact: An attacker in a privileged network position can track a user
    Description: A privacy issue existed in the use of client certificates. This issue was addressed through a revised protocol.
    CVE-2017-13864: FURIOUSMAC Team of United States Naval Academy
    WebKit: Available for: Windows 7 and later
    Impact: Processing maliciously crafted web content may lead to arbitrary code execution
    Description: Multiple memory corruption issues were addressed with improved memory handling.
    CVE-2017-7156: an anonymous researcher
    CVE-2017-7157: an anonymous researcher
    CVE-2017-13856: Jeonghoon Shin
    CVE-2017-13870: an anonymous researcher
    CVE-2017-13866: an anonymous researcher
    ___

    iOS 11.2.1
    - https://support.apple.com/en-us/HT208357
    Dec 13, 2017
    HomeKit: Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
    Impact: A remote attacker may be able to unexpectedly alter application state
    Description: A message handling issue was addressed with improved input validation.
    CVE-2017-13903

    >> https://discussions.apple.com/articl...8357?filter=qa
    Last: December 27, 2017

    - https://www.securitytracker.com/id/1040008
    CVE Reference: CVE-2017-13903
    Dec 13 2017
    Fix Available: Yes Vendor Confirmed: Yes
    Description: A vulnerability was reported in Apple iOS. A remote user can access and control HomeKit smart accessories.
    On systems with shared HomeKit application users, a remote user can send specially crafted data to trigger a state error in the HomeKit application and gain access to the target user's HomeKit-controlled accessories...
    Impact: A remote user can access and control HomeKit smart accessories.
    Solution: The vendor has issued a fix (11.2.1)...
    ___

    Safari 11.0.2
    - https://support.apple.com/en-us/HT208324
    WebKit: Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.2
    Impact: Processing maliciously crafted web content may lead to arbitrary code execution
    Description: Multiple memory corruption issues were addressed with improved memory handling.
    Published Date: Dec 13, 2017

    - https://www.securitytracker.com/id/1040012
    CVE Reference: CVE-2017-13856, CVE-2017-13866, CVE-2017-13870, CVE-2017-7156, CVE-2017-7157
    Dec 13 2017
    Fix Available: Yes Vendor Confirmed: Yes
    Description: Multiple vulnerabilities were reported in Apple Safari. A remote user can cause arbitrary code to be executed on the target user's system.
    A remote user can create specially crafted web content that, when loaded by the target user, will trigger a memory corruption error in the WebKit component to execute arbitrary code [CVE-2017-13856, CVE-2017-13866, CVE-2017-13870, CVE-2017-7156, CVE-2017-7157].
    Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
    Solution: The vendor has issued a fix (11.0.2)...
    ___

    tvOS 11.2.1
    - https://support.apple.com/en-us/HT208359
    Dec 13, 2017
    HomeKit: Available for: Apple TV 4K and Apple TV (4th generation)
    Impact: A remote attacker may be able to unexpectedly alter application state
    Description: A message handling issue was addressed with improved input validation.
    CVE-2017-13903

    - https://www.us-cert.gov/ncas/current...s-iOS-and-tvOS
    Dec 13, 2017
    ___

    AirPort Base Station Firmware Update 7.6.9
    - https://support.apple.com/en-us/HT208258
    Dec 12, 2017
    AirPort Base Station Firmware: Available for: AirPort Express, AirPort Extreme, and AirPort Time Capsule base stations with 802.11n
    Impact: An attacker in Wi-Fi range may force nonce reuse in WPA unicast/PTK clients (Key Reinstallation Attacks - KRACK)
    Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management.
    CVE-2017-13077: Mathy Vanhoef of the imec-DistriNet group at KU Leuven
    CVE-2017-13078: Mathy Vanhoef of the imec-DistriNet group at KU Leuven
    AirPort Base Station Firmware: Available for: AirPort Express, AirPort Extreme, and AirPort Time Capsule base stations with 802.11n
    Impact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK)
    Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management.
    CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven
    ___

    AirPort Base Station Firmware Update 7.7.9
    - https://support.apple.com/en-us/HT208354
    Dec 12, 2017
    AirPort Base Station Firmware: Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac
    Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip
    Description: A memory corruption issue was addressed with improved memory handling.
    CVE-2017-9417: Nitay Artenstein of Exodus Intelligence
    AirPort Base Station Firmware: Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac
    Impact: An attacker in Wi-Fi range may force nonce reuse in WPA unicast/PTK clients (Key Reinstallation Attacks
    Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management.
    CVE-2017-13077: Mathy Vanhoef of the imec-DistriNet group at KU Leuven
    CVE-2017-13078: Mathy Vanhoef of the imec-DistriNet group at KU Leuven
    AirPort Base Station Firmware: Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac
    Impact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK)
    Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management.
    CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven
    ___

    - https://www.us-cert.gov/ncas/current...curity-Updates
    Dec 12, 2017

    Last edited by AplusWebMaster; 2017-12-28 at 23:07.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #300
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Transport Layer Security (TLS) Vuln

    FYI...

    Transport Layer Security (TLS) Vuln
    - https://www.us-cert.gov/ncas/current...-Vulnerability
    Dec 13, 2017

    TLS implementations...
    - https://www.kb.cert.org/vuls/id/CHEU-AT5U6H
    Date Updated: 12 Dec 2017

    TLS implementations...
    - https://www.kb.cert.org/vuls/id/144389
    Last revised: 13 Dec 2017

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •