Page 4 of 31 FirstFirst 1234567814 ... LastLast
Results 31 to 40 of 306

Thread: Alerts

  1. #31
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Apple TV v5.1 released

    FYI...

    Apple TV v5.1 released
    - https://secunia.com/advisories/50728/
    Release Date: 2012-09-25
    Criticality level: Highly critical
    Impact: Exposure of sensitive information, DoS, System access
    Where: From remote
    CVE Reference(s): CVE-2011-1167, CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-3026, CVE-2011-3048, CVE-2011-3328, CVE-2011-3919, CVE-2012-0682, CVE-2012-0683, CVE-2012-1173, CVE-2012-3589, CVE-2012-3590, CVE-2012-3591, CVE-2012-3592, CVE-2012-3678, CVE-2012-3679, CVE-2012-3722, CVE-2012-3725, CVE-2012-3726
    ... vulnerabilities are reported in versions prior to 5.1.
    Solution: Update to Apple TV Software version 5.1.
    Original Advisory: APPLE-SA-2012-09-24-1:
    http://support.apple.com/kb/HT5504
    Apple TV 2nd generation and later

    - https://support.apple.com/kb/HT4448
    Apple TV (2nd and 3rd generation) software updates
    Sep 24, 2012

    How to update: https://support.apple.com/kb/HT1600

    APPLE-SA-2012-09-24-1 Apple TV 5.1
    - http://lists.apple.com/archives/secu.../msg00006.html
    24 Sep 2012

    Last edited by AplusWebMaster; 2012-09-25 at 20:18.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #32
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation phpMyAdmin 3.x - potential compromise

    FYI...

    phpMyAdmin 3.x - potential compromise
    - https://secunia.com/advisories/50703/
    Release Date: 2012-09-25
    Criticality level: Extremely critical
    Impact: System access
    Where: From remote
    ... distribution of a compromised phpMyAdmin source code package containing a backdoor, which can be exploited to e.g. execute arbitrary PHP code.
    Solution: Download and reinstall phpMyAdmin.
    Software: phpMyAdmin 3.x
    Original Advisory:
    http://www.phpmyadmin.net/home_page/...ASA-2012-5.php
    Date: 2012-09-25
    Summary: One server from the SourceForge.net mirror system was distributing a phpMyAdmin kit containing a backdoor...
    Severity: We consider this vulnerability to be critical.
    Affected Versions: We currently know only about phpMyAdmin-3.5.2.2-all-languages.zip being affected, check if your download contains a file named server_sync.php.
    Solution: Check your phpMyAdmin distribution and download it again from a trusted mirror if your copy contains a file named server_sync.php...

    > http://www.phpmyadmin.net/home_page/downloads.php
    phpMyAdmin 3.5.2.2 - Released 12 Aug 2012
    ___

    - https://threatpost.com/en_us/blogs/s...myadmin-092512
    Sep 25, 2012

    - http://h-online.com/-1717644
    26 Sep 2012

    Last edited by AplusWebMaster; 2012-09-26 at 16:31.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #33
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Post RE: Apple iOS 6 release / Apple maps ...

    FYI...

    RE: iOS 6 release / Apple maps...

    - http://news.yahoo.com/tim-cook-apple...135819039.html
    Sep 28, 2012 - "Apple CEO Tim Cook says the company is "extremely sorry" for the frustration that its maps application has caused and it's doing everything it can to make it better. Cook said in a letter posted online Friday that Apple "fell short" in its commitment to make the best possible products for its customers. He recommends that people try alternatives by downloading competing map apps from the App Store while Apple works on its own maps products.... 'had released an update to its iPhone and iPad operating system last week that replaced Google Maps with Apple's own maps application. But users complained that the new maps have fewer details, lack public transit directions and misplace landmarks, among other problems."
    * https://www.apple.com/letter-from-tim-cook-on-maps/
    Sep 28, 2012

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #34
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Thunderbird v16.0.1 released

    FYI...

    Thunderbird v16.0.1 released
    - https://www.mozilla.org/en-US/thunde...1/releasenotes
    October 11, 2012 ... See Known Issues

    Download
    - https://www.mozilla.org/thunderbird/all.html

    Security Advisories
    - https://www.mozilla.org/security/kno...nderbird16.0.1
    Fixed in Thunderbird 16.0.1
    MFSA 2012-89 defaultValue security checks not applied
    MFSA 2012-88 Miscellaneous memory safety hazards (rv:16.0.1)

    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2012-4190 - 10.0 (HIGH)
    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2012-4191 - 10.0 (HIGH)
    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2012-4192 - 4.3
    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2012-4193 - 9.3 (HIGH)
    ___

    Bugs fixed
    - https://www.mozilla.org/en-US/thunde...s/buglist.html
    ___

    - http://www.securitytracker.com/id/1027652
    CVE Reference: CVE-2012-4190, CVE-2012-4191
    Oct 12 2012
    Impact: A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.
    Solution: The vendor has issued a fix (16.0.1).

    - https://secunia.com/advisories/50932/
    Last Update: 2012-10-12
    Criticality level: Highly critical
    Impact: Security Bypass, System access
    Where: From remote
    CVE Reference(s): CVE-2012-4190, CVE-2012-4191, CVE-2012-4192, CVE-2012-4193
    ... vulnerabilities are reported in Firefox and Thunderbird versions -prior- to 16.0.1 and SeaMonkey versions -prior- to 2.13.1.
    Solution: Update Firefox and Thunderbird to versions 16.0.1 and SeaMonkey to version 2.13.1.

    Last edited by AplusWebMaster; 2012-10-15 at 15:48.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #35
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Oracle Critical Patch Updates - October 2012

    FYI...

    Oracle Critical Patch Update Advisory - October 2012
    - http://www.oracle.com/technetwork/to...2-1515893.html
    Oct 16, 2012 - "... Critical Patch Update patches are usually cumulative but each advisory describes only the security fixes added since the previous Critical Patch Update advisory... Oracle strongly recommends that customers apply CPU fixes as soon as possible. This Critical Patch Update contains 109 new security fixes..."

    Patch Availability Table
    - http://www.oracle.com/technetwork/to...15893.html#PIN

    Risk Matrices
    - http://www.oracle.com/technetwork/to...e-1515934.html
    ___

    - http://atlas.arbor.net/briefs/index#968980828
    Severity: High Severity
    October 17, 2012
    In addition to patching Java, Oracle releases patches for other products as well.
    Analysis: While the Java security issues get the most press due it's widespread exploitation, the Oracle database and other products are often used to protect sensitive information and should also be protected. Some of these other products don't have the same attack footprint as Java however if an attacker is already inside the network then other Oracle software is easier to reach and exploit.
    Source: http://h-online.com/-1731176

    Oct 17 2012
    Sun SPARC Server Bug in Integrated Lights Out Manager Lets Local Users Access Data
    http://www.securitytracker.com/id/1027677
    Sun GlassFish Enterprise Server CORBA Bug Lets Remote Users Cause Partial DoS Conditions
    http://www.securitytracker.com/id/1027676
    Oracle Industry Applications Bugs Let Remote Users Partially Access and Modify Data and Deny Service
    http://www.securitytracker.com/id/1027675
    Oracle Siebel CRM Bugs Let Remote Users Access Data on the Target System
    http://www.securitytracker.com/id/1027674
    Oracle Financial Services Software Bugs Lets Remote Authenticated Users Access and Modify Data and Deny Service
    http://www.securitytracker.com/id/1027673
    Oracle Java Runtime Environment (JRE) Bugs Let Remote Users Gain Full Control of the Target System
    http://www.securitytracker.com/id/1027672
    Oracle PeopleSoft Products Bugs Lets Remote Authenticated Users Partially Access Data, Modify Data, and Deny Service
    http://www.securitytracker.com/id/1027671
    Oracle Supply Chain Products Suite Bugs Let Remote Users Access and Modify Data
    http://www.securitytracker.com/id/1027670
    Oracle Fusion Middleware Bugs Let Remote Users Access and Modify Data and Local and Remote Users Deny Service
    http://www.securitytracker.com/id/1027669
    Oracle E-Business Suite Bugs Let Remote Users Partially Access and Modify Data and Partially Deny Service
    http://www.securitytracker.com/id/1027668
    Solaris Lets Local Users Gain Root Privileges and Remote Users Deny Service
    http://www.securitytracker.com/id/1027667
    Oracle Virtualization Bugs Let Remote Users Partially Modify Data and Local Users Partially Deny Service
    http://www.securitytracker.com/id/1027666
    MySQL Multiple Bugs Let Remote Authenticated Users Access and Modify Data and Deny Service and Local Users Access Data
    http://www.securitytracker.com/id/1027665
    Oracle Database Bugs Let Remote Authenticated Users Partially Modify Data and Cause Partial Denial of Service Conditions
    http://www.securitytracker.com/id/1027664

    .
    Last edited by AplusWebMaster; 2012-10-18 at 07:19.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #36
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation iOS 6.0.1, Safari 6.0.2 released

    FYI...

    iOS 6.0.1 Software Update
    - https://support.apple.com/kb/DL1606
    Nov 1, 2012
    "This update contains improvements and bug fixes, including:
    • Fixes a bug that prevents iPhone 5 from installing software updates wirelessly over the air
    • Fixes a bug where horizontal lines may be displayed across the keyboard
    • Fixes an issue that could cause camera flash to not go off
    • Improves reliability of iPhone 5 and iPod touch (5th generation) when connected to encrypted WPA2 Wi-Fi networks
    • Resolves an issue that prevents iPhone from using the cellular network in some instances
    • Consolidated the Use Cellular Data switch for iTunes Match
    • Fixes a Passcode Lock bug which sometimes allowed access to Passbook pass details from lock screen
    • Fixes a bug affecting Exchange meetings
    For information on the security content of this update, please visit this website:
    http://support.apple.com/kb/HT1222
    This update is available via iTunes and wirelessly."

    - https://secunia.com/advisories/51162/
    Release Date: 2012-11-02
    Criticality level: Highly critical
    Impact: Security Bypass, Exposure of system information, System access
    Where: From remote
    CVE Reference(s): CVE-2012-3748, CVE-2012-3749, CVE-2012-3750, CVE-2012-5112
    For more information: https://secunia.com/SA51157/
    Solution: Apply iOS 6.0.1 Software Update.
    Original Advisory: APPLE-SA-2012-11-01-1:
    http://support.apple.com/kb/HT5567
    > http://lists.apple.com/archives/secu.../msg00000.html
    ___

    Safari 6.0.2 released
    - https://support.apple.com/kb/HT5568
    Nov 1, 2012
    Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.2
    ... WebKit -
    1) Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
    Description: A time of check to time of use issue existed in the handling of JavaScript arrays. This issue was addressed through additional validation of JavaScript arrays.
    CVE-2012-3748 : Joost Pol and Daan Keuper of Certified Secure working with HP TippingPoint's Zero Day Initiative
    2) Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
    Description: A use after free issue existed in the handling of SVG images. This issue was addressed through improved memory handling.
    CVE-2012-5112 : Pinkie Pie working with Google's Pwnium 2 contest...

    - https://secunia.com/advisories/51157/
    Release Date: 2012-11-02
    Criticality level: Highly critical
    Impact: System access
    Where: From remote
    CVE Reference(s): CVE-2012-3748, CVE-2012-5112
    For more information: https://secunia.com/SA50954/
    The vulnerabilities are reported in versions prior to 6.0.2 running on OS X Lion and OS X Mountain Lion.
    Solution: Update to version 6.0.2.
    Original Advisory: APPLE-SA-2012-11-01-2:
    http://support.apple.com/kb/HT5568
    > http://lists.apple.com/archives/secu.../msg00001.html

    Last edited by AplusWebMaster; 2012-11-02 at 14:59.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #37
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Unhappy Adobe PDF Reader 0-day in-the-wild ...

    FYI...

    Adobe PDF Reader 0-day in-the-wild ...
    - https://krebsonsecurity.com/2012/11/...-adobe-reader/
    Nov 7th, 2012 - "Software vendor Adobe says it is investigating claims that instructions for exploiting a previously unknown critical security hole in the latest versions of its widely-used PDF Reader software are being sold in the cybercriminal underground. The finding comes from malware analysts at Moscow-based forensics firm Group-IB, who say they’ve discovered that a new exploit capable of compromising the security of computers running Adobe X and XI (Adobe Reader 10 and 11) is being sold in the underground for up to $50,000. This is significant because — beginning with Reader X– Adobe introduced a “sandbox” feature aimed at blocking the exploitation of previously unidentified security holes in its software, and so far that protection has held its ground. But according to Andrey Komarov, Group-IB’s head of international projects, this vulnerability allows attackers to sidestep Reader’s sandbox protection...
    > https://www.youtube.com/watch?featur...F8VDBkK0M#t=0s
    ... Adobe spokeswoman Wiebke Lips said the company was not contacted by Group-IB, and is unable to verify their claims, given the limited amount of information currently available... Group-IB says the vulnerability is included in a new, custom version of the Blackhole Exploit Kit, a malicious software framework sold in the underground that is designed to be stitched into hacked Web sites and deploy malware via exploits such as this one... consumers should realize that there are several PDF reader option apart from Adobe’s, including Foxit, PDF-Xchange Viewer, Nitro PDF and Sumatra PDF*."
    * http://blog.kowalczyk.info/software/...df-viewer.html
    ___

    - http://h-online.com/-1746442
    8 Nov 2012

    Last edited by AplusWebMaster; 2012-11-08 at 17:54.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #38
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation QuickTime v7.7.3 released

    FYI...

    QuickTime v7.7.3 released
    - https://secunia.com/advisories/51226/
    Release Date: 2012-11-08
    Criticality level: Highly critical
    Impact: System access
    Where: From remote
    CVE Reference(s): CVE-2011-1374, CVE-2012-3751, CVE-2012-3752, CVE-2012-3753, CVE-2012-3754, CVE-2012-3755, CVE-2012-3756, CVE-2012-3757, CVE-2012-3758
    ... vulnerabilities are reported in versions prior to 7.7.3.
    Solution: Update to version 7.7.3.
    Original Advisory: http://support.apple.com/kb/HT5581

    > http://lists.apple.com/archives/secu.../msg00002.html
    ... QuickTime 7.7.3 may be obtained from the QuickTime Downloads site:
    http://www.apple.com/quicktime/download/
    -or-
    Use Apple Software Update.
    ___

    - http://h-online.com/-1746273
    8 Nov 2012

    Last edited by AplusWebMaster; 2012-11-08 at 15:40.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #39
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation IrfanView v4.35 released

    FYI...

    IrfanView v4.35 released
    TIFF Image Decompression Buffer Overflow Vulnerability
    - https://secunia.com/advisories/49856/
    Release Date: 2012-11-09
    Criticality level: Highly critical
    Impact: System access
    Where: From remote
    CVE Reference: https://web.nvd.nist.gov/view/vuln/d...=CVE-2009-5022 - 6.8
    This is related to vulnerability #4 in: https://secunia.com/SA43593/
    ... vulnerability is confirmed in version 4.33. Other versions may also be affected.
    Solution: Update to version 4.35.
    Original Advisory: http://www.irfanview.com/main_history.htm
    Version 4.35 - 2012-11-07

    - http://www.irfanview.com/main_download_engl.htm

    - http://www.irfanview.com/plugins.htm
    The current PlugIns version is: 4.35

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #40
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Unhappy Skype - pwd reset vuln ...

    FYI...

    Skype - pwd reset vuln...
    - http://heartbeat.skype.com/2012/11/security_issue.html
    Nov 14, 2012 - "Early this morning we were notified of user concerns surrounding the security of the password reset feature on our website. This issue affected some users where multiple Skype accounts were registered to the same email address. We suspended the password reset feature temporarily this morning as a precaution and have made updates to the password reset process today so that it is now working properly. We are reaching out to a small number of users who may have been impacted to assist as necessary. Skype is committed to providing a safe and secure communications experience to our users and we apologize for the inconvenience."
    ___

    - http://h-online.com/-1749720
    14 Nov 2012

    - http://www.theregister.co.uk/2012/11...es_hijack_bug/
    14 Nov 2012

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •