Alerts

Last edited:
Safari v6, Apple Xcode v4.4 released

FYI...

Safari v6 released
- http://support.apple.com/kb/HT5400
July 25, 2012
> http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html
APPLE-SA-2012-07-25-1 Safari 6.0

- https://secunia.com/advisories/50058/
Release Date: 2012-07-26
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of sensitive information, System access
Where: From remote...
Solution: Upgrade to Safari version 6.0 via Apple Software Update.

- http://www.securitytracker.com/id/1027307
CVE Reference: CVE-2011-3016, CVE-2011-3021, CVE-2011-3027, CVE-2011-3913, CVE-2012-0678, CVE-2012-0679, CVE-2012-0680, CVE-2012-0682, CVE-2012-0683, CVE-2012-1520, CVE-2012-2815, CVE-2012-3589, CVE-2012-3590, CVE-2012-3591, CVE-2012-3592, CVE-2012-3593, CVE-2012-3594, CVE-2012-3595, CVE-2012-3596, CVE-2012-3597, CVE-2012-3599, CVE-2012-3600, CVE-2012-3603, CVE-2012-3604, CVE-2012-3605, CVE-2012-3608, CVE-2012-3609, CVE-2012-3610, CVE-2012-3611, CVE-2012-3615, CVE-2012-3618, CVE-2012-3620, CVE-2012-3625, CVE-2012-3626, CVE-2012-3627, CVE-2012-3628, CVE-2012-3629, CVE-2012-3630, CVE-2012-3631, CVE-2012-3633, CVE-2012-3634, CVE-2012-3635, CVE-2012-3636, CVE-2012-3637, CVE-2012-3638, CVE-2012-3639, CVE-2012-3640, CVE-2012-3641, CVE-2012-3642, CVE-2012-3644, CVE-2012-3645, CVE-2012-3646, CVE-2012-3650, CVE-2012-3653, CVE-2012-3655, CVE-2012-3656, CVE-2012-3661, CVE-2012-3663, CVE-2012-3664, CVE-2012-3665, CVE-2012-3666, CVE-2012-3667, CVE-2012-3668, CVE-2012-3669, CVE-2012-3670, CVE-2012-3674, CVE-2012-3678, CVE-2012-3679, CVE-2012-3680, CVE-2012-3681, CVE-2012-3682, CVE-2012-3683, CVE-2012-3686, CVE-2012-3689, CVE-2012-3690, CVE-2012-3691, CVE-2012-3693, CVE-2012-3694, CVE-2012-3695, CVE-2012-3696, CVE-2012-3697
Jul 26 2012
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Version(s): prior to 6.0 ...
___

Apple Xcode v4.4 released
- https://secunia.com/advisories/50068/
Release Date: 2012-07-26
Impact: Hijacking, Security Bypass, Exposure of sensitive information
Where: From remote
CVE Reference(s): CVE-2011-3389, CVE-2012-3698
... weakness and the vulnerability are reported in versions prior to 4.4.
Solution: Update to version 4.4 via the Apple Developer site or via the App Store.
Original Advisory: APPLE-SA-2012-07-25-2:
http://support.apple.com/kb/HT5416

- http://www.securitytracker.com/id/1027302
CVE Reference: CVE-2012-3698
Jul 26 2012
Impact: Disclosure of authentication information, Disclosure of user information
Version(s): prior to 4.4

- http://www.securitytracker.com/id/1027303
CVE Reference: CVE-2011-3389
Jul 26 2012
Impact: Disclosure of user information
Version(s): prior to 4.4

:fear::fear:
 
OpenOffice v3.4.1 released

FYI...

OpenOffice v3.4.1 released
- https://blogs.apache.org/OOo/entry/announcing_apache_openoffice_3_41
Aug 23, 2012 - "... OpenOffice 3.4.1 can be downloaded now from http://www.openoffice.org/download/ or by going to the 'Help/Check for Updates' dialog within OpenOffice 3.4 or 3.3..."

Release notes
- http://www.openoffice.org/development/releases/3.4.1.html
"... there were 69 verified issues that have been resolved..."
(More detail at the URL above.)

- http://h-online.com/-1674083
23 August 2012
___

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2665 - 7.5 (HIGH)
Last revised: 09/07/2012

- http://www.openoffice.org/security/cves/CVE-2012-2665.html
Versions Affected:
Apache OpenOffice 3.4.0, all languages, all platforms.
Earlier versions of OpenOffice.org may be also affected.
... upgrade to Apache OpenOffice 3.4.1...

- https://secunia.com/advisories/50438/
Release Date: 2012-08-28
Criticality level: Highly critical
Solution: Update to version 3.4.1.

:fear:
 
Last edited:
Thunderbird v15.0 released

FYI...

Thunderbird v15.0 released
- https://www.mozilla.org/en-US/thunderbird/15.0/releasenotes
August 28, 2012 ... See Known Issues

Security Advisories
- https://www.mozilla.org/security/known-vulnerabilities/thunderbird.html#thunderbird15
Fixed in Thunderbird 15 ...

Bugs fixed
- https://www.mozilla.org/en-US/thunderbird/15.0/releasenotes/buglist.html

Download
- https://www.mozilla.org/thunderbird/all.html
___

- http://www.securitytracker.com/id/1027452
CVE Reference: CVE-2012-1956, CVE-2012-1970, CVE-2012-1971, CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-1976, CVE-2012-3956, CVE-2012-3957, CVE-2012-3958, CVE-2012-3959, CVE-2012-3960, CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964, CVE-2012-3966, CVE-2012-3967, CVE-2012-3968, CVE-2012-3969, CVE-2012-3970, CVE-2012-3971, CVE-2012-3972, CVE-2012-3974, CVE-2012-3975, CVE-2012-3978, CVE-2012-3980
Aug 29 2012
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Version(s): prior to ESR 10.0.7; prior to 15.0

- https://secunia.com/advisories/50308/
Release Date: 2012-08-29
Criticality level: Highly critical
Impact: Cross Site Scripting, Spoofing, Exposure of sensitive information, System access
Where: From remote...
For more information: https://secunia.com/SA50088/
Solution: Upgrade to version 15...
___

- http://h-online.com/-1677823
29 August 2012

:fear:
 
Apple/Java v1.6.0_35

FYI...

Apple/Java v1.6.0_35
- https://support.apple.com/kb/HT5473
Sep 05, 2012
Java for OS X 2012-005 and Java for Mac OS X 10.6 Update 10
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 or later, OS X Lion Server v10.7 or later, OS X Mountain Lion v10.8 or later
Description: An opportunity for security-in-depth hardening is addressed by updating to Java version 1.6.0_35. Further information is available via the Java website at
http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html
CVE-ID: CVE-2012-0547

- https://support.apple.com/kb/HT1338

APPLE-SA-2012-09-05-1 Java for OS X 2012-005 and Java for Mac OS X 10.6 Update 10
- http://lists.apple.com/archives/security-announce/2012/Sep/msg00000.html
Sep 05, 2012
___

- https://secunia.com/advisories/50545/
Release Date: 2012-09-06
Criticality level: Highly critical
Impact: System access
Where: From remote
CVE Reference(s): CVE-2012-0547, CVE-2012-4681
... For more information see: https://secunia.com/SA50133/
Original Advisory: APPLE-SA-2012-09-05-1:
http://lists.apple.com/archives/security-announce/2012/Sep/msg00000.html

:fear:
 
Last edited:
WordPress v3.4.2 released

FYI...

WordPress v3.4.2 released
- http://wordpress.org/download/
September 6, 2012 - "The latest stable release of WordPress (Version 3.4.2) is available..."

WordPress 3.4.2 Maintenance and Security Release
- https://wordpress.org/news/2012/09/wordpress-3-4-2/
September 6, 2012 - "WordPress 3.4.2, now available for download, is a maintenance and security release for all previous versions... we’ve identified and fixed a number of nagging bugs, including:
• Fix some issues with older browsers in the administration area.
• Fix an issue where a theme may not preview correctly, or its screenshot may not be displayed.
• Improve plugin compatibility with the visual editor.
• Address pagination problems with some category permalink structures.
• Avoid errors with both oEmbed providers and trackbacks.
• Prevent improperly sized header images from being uploaded.
Version 3.4.2 also fixes a few security issues and contains some security hardening...

- https://secunia.com/advisories/50515/
Release Date: 2012-09-07
Impact: Unknown, Security Bypass
Where: From remote
... security issue and vulnerability are reported in versions prior to 3.4.2.
Solution: Update to version 3.4.2.
Original Advisory: http://wordpress.org/news/2012/09/wordpress-3-4-2/

- http://h-online.com/-1702501
7 Sep 2012
___

"WordPress Plugin" search results ...
- https://secunia.com/advisories/search/?search=WordPress+Plugin
Found: 432 Secunia Security Advisories ...
Oct 15, 2012

:fear::fear:
 
Last edited:
iTunes v10.7 released

FYI...

Apple iTunes v10.7 released
- https://secunia.com/advisories/50618/
Release Date: 2012-09-13
Criticality level: Highly critical
Impact: System access
Where: From remote
... vulnerabilities are reported in versions prior to 10.7.
Solution: Update to version 10.7.
Original Advisory: APPLE-SA-2012-09-12-1:
http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html

- http://www.securitytracker.com/id/1027525
CVE Reference: CVE-2012-2817, CVE-2012-2818, CVE-2012-2829, CVE-2012-2831, CVE-2012-3601, CVE-2012-3602, CVE-2012-3606, CVE-2012-3607, CVE-2012-3612, CVE-2012-3613, CVE-2012-3614, CVE-2012-3616, CVE-2012-3617, CVE-2012-3621, CVE-2012-3622, CVE-2012-3623, CVE-2012-3624, CVE-2012-3632, CVE-2012-3643, CVE-2012-3647, CVE-2012-3648, CVE-2012-3649, CVE-2012-3651, CVE-2012-3652, CVE-2012-3654, CVE-2012-3657, CVE-2012-3658, CVE-2012-3659, CVE-2012-3660, CVE-2012-3671, CVE-2012-3672, CVE-2012-3673, CVE-2012-3675, CVE-2012-3676, CVE-2012-3677, CVE-2012-3684, CVE-2012-3685, CVE-2012-3687, CVE-2012-3688, CVE-2012-3692, CVE-2012-3699, CVE-2012-3700, CVE-2012-3701, CVE-2012-3702, CVE-2012-3703, CVE-2012-3704, CVE-2012-3705, CVE-2012-3706, CVE-2012-3707, CVE-2012-3708, CVE-2012-3709, CVE-2012-3710, CVE-2012-3711, CVE-2012-3712
Sep 13 2012
Impact: Execution of arbitrary code via network, User access via network
Version(s): prior to 10.7

- https://support.apple.com/kb/HT5485
Sep 12, 2012
___

163 security holes in iTunes
- http://h-online.com/-1706849
13 Sep 2012

:fear:
 
Last edited:
iOS 6 released

FYI...

iOS 6 released
APPLE-SA-2012-09-19-1 iOS 6
- http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
19 Sep 2012
"iOS 6 is now available...
Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later..."

- https://support.apple.com/kb/HT5503
"... can be downloaded and installed using iTunes*..."
* https://support.apple.com/kb/ht1414

- https://secunia.com/advisories/50586/
Release Date: 2012-09-20
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of system information, Exposure of sensitive information, Privilege escalation, System access
Where: From remote ...
Solution: Upgrade to iOS 6 via Software Update.

- http://www.securitytracker.com/id/1027552
CVE Reference: CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-4599, CVE-2012-3724, CVE-2012-3725, CVE-2012-3726, CVE-2012-3727, CVE-2012-3728, CVE-2012-3729, CVE-2012-3730, CVE-2012-3731, CVE-2012-3732, CVE-2012-3733, CVE-2012-3734, CVE-2012-3735, CVE-2012-3736, CVE-2012-3737, CVE-2012-3738, CVE-2012-3739, CVE-2012-3740, CVE-2012-3741, CVE-2012-3742, CVE-2012-3743, CVE-2012-3744, CVE-2012-3745, CVE-2012-3746, CVE-2012-3747
Sep 20 2012
Impact: Disclosure of system information, Execution of arbitrary code via local system, Execution of arbitrary code via network, Root access via local system, User access via local system, User access via network...
Solution: The vendor has issued a fix (6.0).
___

- http://h-online.com/-1713012
20 Sep 2012

- https://isc.sans.edu/diary.html?storyid=14128
"iOS6 released: a few CVEs addresses, breaks mapping."

:fear:
 
Last edited:
Safari v6.0.1 / Mac OS X Security Update 2012-004

FYI...

Apple security updates
- https://support.apple.com/kb/HT1222
3x - 19 Sept 2012
___

Safari v6.0.1 for Mac OS X
- https://secunia.com/advisories/50577/
Release Date: 2012-09-20
Criticality level: Highly critical
Impact: Security Bypass, Exposure of sensitive information, System access
Where: From remote...
Solution: Update to version 6.0.1...
Original Advisory: Apple:
http://support.apple.com/kb/HT5502

> http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html
APPLE-SA-2012-09-19-3 Safari 6.0.1
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 and v10.8.1

- http://www.securitytracker.com/id/1027550
CVE Reference: CVE-2012-3713, CVE-2012-3714, CVE-2012-3715, CVE-2012-3598
Date: Sep 20 2012
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Version(s): prior to 6.0.1
___

Mac OS X multiple vulns - Security Update 2012-004
- https://secunia.com/advisories/50628/
Release Date: 2012-09-20
Criticality level: Highly critical
Impact: Security Bypass, Exposure of sensitive information, Privilege escalation, DoS, System access
Where: From remote...
Solution: Update to version 10.8.2 or 10.7.5 or apply Security Update 2012-004.

- http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
APPLE-SA-2012-09-19-2 OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004

- http://www.securitytracker.com/id/1027551
CVE Reference: CVE-2012-0650, CVE-2012-3716, CVE-2012-3718, CVE-2012-3719, CVE-2012-3720, CVE-2012-3721, CVE-2012-3722, CVE-2012-3723
Sep 20 2012
Impact: Denial of service via network, Disclosure of authentication information, Execution of arbitrary code via local system, Execution of arbitrary code via network, User access via local system, User access via network
... vendor's advisory is available at:
http://support.apple.com/kb/HT5501

:fear::fear:
 
Last edited:
Apple TV v5.1 released

FYI...

Apple TV v5.1 released
- https://secunia.com/advisories/50728/
Release Date: 2012-09-25
Criticality level: Highly critical
Impact: Exposure of sensitive information, DoS, System access
Where: From remote
CVE Reference(s): CVE-2011-1167, CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-3026, CVE-2011-3048, CVE-2011-3328, CVE-2011-3919, CVE-2012-0682, CVE-2012-0683, CVE-2012-1173, CVE-2012-3589, CVE-2012-3590, CVE-2012-3591, CVE-2012-3592, CVE-2012-3678, CVE-2012-3679, CVE-2012-3722, CVE-2012-3725, CVE-2012-3726
... vulnerabilities are reported in versions prior to 5.1.
Solution: Update to Apple TV Software version 5.1.
Original Advisory: APPLE-SA-2012-09-24-1:
http://support.apple.com/kb/HT5504
Apple TV 2nd generation and later

- https://support.apple.com/kb/HT4448
Apple TV (2nd and 3rd generation) software updates
Sep 24, 2012

How to update: https://support.apple.com/kb/HT1600

APPLE-SA-2012-09-24-1 Apple TV 5.1
- http://lists.apple.com/archives/security-announce/2012/Sep/msg00006.html
24 Sep 2012

:fear:
 
Last edited:
phpMyAdmin 3.x - potential compromise

FYI...

phpMyAdmin 3.x - potential compromise
- https://secunia.com/advisories/50703/
Release Date: 2012-09-25
Criticality level: Extremely critical
Impact: System access
Where: From remote
... distribution of a compromised phpMyAdmin source code package containing a backdoor, which can be exploited to e.g. execute arbitrary PHP code.
Solution: Download and reinstall phpMyAdmin.
Software: phpMyAdmin 3.x
Original Advisory:
http://www.phpmyadmin.net/home_page/security/PMASA-2012-5.php
Date: 2012-09-25
Summary: One server from the SourceForge.net mirror system was distributing a phpMyAdmin kit containing a backdoor...
Severity: We consider this vulnerability to be critical.
Affected Versions: We currently know only about phpMyAdmin-3.5.2.2-all-languages.zip being affected, check if your download contains a file named server_sync.php.
Solution: Check your phpMyAdmin distribution and download it again from a trusted mirror if your copy contains a file named server_sync.php...

> http://www.phpmyadmin.net/home_page/downloads.php
phpMyAdmin 3.5.2.2 - Released 12 Aug 2012
___

- https://threatpost.com/en_us/blogs/...es-backdoor-code-found-copy-phpmyadmin-092512
Sep 25, 2012

- http://h-online.com/-1717644
26 Sep 2012

:fear: :fear: :fear:
 
Last edited:
RE: Apple iOS 6 release / Apple maps ...

FYI...

RE: iOS 6 release / Apple maps...

- http://news.yahoo.com/tim-cook-apple-maps-extremely-sorry-working-fix-135819039.html
Sep 28, 2012 - "Apple CEO Tim Cook says the company is "extremely sorry" for the frustration that its maps application has caused and it's doing everything it can to make it better. Cook said in a letter posted online Friday that Apple "fell short" in its commitment to make the best possible products for its customers. He recommends that people try alternatives by downloading competing map apps from the App Store while Apple works on its own maps products.... 'had released an update to its iPhone and iPad operating system last week that replaced Google Maps with Apple's own maps application. But users complained that the new maps have fewer details, lack public transit directions and misplace landmarks, among other problems."
* https://www.apple.com/letter-from-tim-cook-on-maps/
Sep 28, 2012

:fear: :sad:
 
Thunderbird v16.0.1 released

FYI...

Thunderbird v16.0.1 released
- https://www.mozilla.org/en-US/thunderbird/16.0.1/releasenotes
October 11, 2012 ... See Known Issues

Download
- https://www.mozilla.org/thunderbird/all.html

Security Advisories
- https://www.mozilla.org/security/known-vulnerabilities/thunderbird.html#thunderbird16.0.1
Fixed in Thunderbird 16.0.1
MFSA 2012-89 defaultValue security checks not applied
MFSA 2012-88 Miscellaneous memory safety hazards (rv:16.0.1)

- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4190 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4191 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4192 - 4.3
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4193 - 9.3 (HIGH)
___

Bugs fixed
- https://www.mozilla.org/en-US/thunderbird/16.0/releasenotes/buglist.html
___

- http://www.securitytracker.com/id/1027652
CVE Reference: CVE-2012-4190, CVE-2012-4191
Oct 12 2012
Impact: A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (16.0.1).

- https://secunia.com/advisories/50932/
Last Update: 2012-10-12
Criticality level: Highly critical
Impact: Security Bypass, System access
Where: From remote
CVE Reference(s): CVE-2012-4190, CVE-2012-4191, CVE-2012-4192, CVE-2012-4193
... vulnerabilities are reported in Firefox and Thunderbird versions -prior- to 16.0.1 and SeaMonkey versions -prior- to 2.13.1.
Solution: Update Firefox and Thunderbird to versions 16.0.1 and SeaMonkey to version 2.13.1.

:fear:
 
Last edited:
Oracle Critical Patch Updates - October 2012

FYI...

Oracle Critical Patch Update Advisory - October 2012
- http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
Oct 16, 2012 - "... Critical Patch Update patches are usually cumulative but each advisory describes only the security fixes added since the previous Critical Patch Update advisory... Oracle strongly recommends that customers apply CPU fixes as soon as possible. This Critical Patch Update contains 109 new security fixes..."

Patch Availability Table
- http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html#PIN

Risk Matrices
- http://www.oracle.com/technetwork/topics/security/cpuoct2012verbose-1515934.html
___

- http://atlas.arbor.net/briefs/index#968980828
Severity: High Severity
October 17, 2012
In addition to patching Java, Oracle releases patches for other products as well.
Analysis: While the Java security issues get the most press due it's widespread exploitation, the Oracle database and other products are often used to protect sensitive information and should also be protected. Some of these other products don't have the same attack footprint as Java however if an attacker is already inside the network then other Oracle software is easier to reach and exploit.
Source: http://h-online.com/-1731176

Oct 17 2012
Sun SPARC Server Bug in Integrated Lights Out Manager Lets Local Users Access Data
http://www.securitytracker.com/id/1027677
Sun GlassFish Enterprise Server CORBA Bug Lets Remote Users Cause Partial DoS Conditions
http://www.securitytracker.com/id/1027676
Oracle Industry Applications Bugs Let Remote Users Partially Access and Modify Data and Deny Service
http://www.securitytracker.com/id/1027675
Oracle Siebel CRM Bugs Let Remote Users Access Data on the Target System
http://www.securitytracker.com/id/1027674
Oracle Financial Services Software Bugs Lets Remote Authenticated Users Access and Modify Data and Deny Service
http://www.securitytracker.com/id/1027673
Oracle Java Runtime Environment (JRE) Bugs Let Remote Users Gain Full Control of the Target System
http://www.securitytracker.com/id/1027672
Oracle PeopleSoft Products Bugs Lets Remote Authenticated Users Partially Access Data, Modify Data, and Deny Service
http://www.securitytracker.com/id/1027671
Oracle Supply Chain Products Suite Bugs Let Remote Users Access and Modify Data
http://www.securitytracker.com/id/1027670
Oracle Fusion Middleware Bugs Let Remote Users Access and Modify Data and Local and Remote Users Deny Service
http://www.securitytracker.com/id/1027669
Oracle E-Business Suite Bugs Let Remote Users Partially Access and Modify Data and Partially Deny Service
http://www.securitytracker.com/id/1027668
Solaris Lets Local Users Gain Root Privileges and Remote Users Deny Service
http://www.securitytracker.com/id/1027667
Oracle Virtualization Bugs Let Remote Users Partially Modify Data and Local Users Partially Deny Service
http://www.securitytracker.com/id/1027666
MySQL Multiple Bugs Let Remote Authenticated Users Access and Modify Data and Deny Service and Local Users Access Data
http://www.securitytracker.com/id/1027665
Oracle Database Bugs Let Remote Authenticated Users Partially Modify Data and Cause Partial Denial of Service Conditions
http://www.securitytracker.com/id/1027664

.
 
Last edited:
iOS 6.0.1, Safari 6.0.2 released

FYI...

iOS 6.0.1 Software Update
- https://support.apple.com/kb/DL1606
Nov 1, 2012
"This update contains improvements and bug fixes, including:
• Fixes a bug that prevents iPhone 5 from installing software updates wirelessly over the air
• Fixes a bug where horizontal lines may be displayed across the keyboard
• Fixes an issue that could cause camera flash to not go off
• Improves reliability of iPhone 5 and iPod touch (5th generation) when connected to encrypted WPA2 Wi-Fi networks
• Resolves an issue that prevents iPhone from using the cellular network in some instances
• Consolidated the Use Cellular Data switch for iTunes Match
• Fixes a Passcode Lock bug which sometimes allowed access to Passbook pass details from lock screen
• Fixes a bug affecting Exchange meetings
For information on the security content of this update, please visit this website:
http://support.apple.com/kb/HT1222
This update is available via iTunes and wirelessly."

- https://secunia.com/advisories/51162/
Release Date: 2012-11-02
Criticality level: Highly critical
Impact: Security Bypass, Exposure of system information, System access
Where: From remote
CVE Reference(s): CVE-2012-3748, CVE-2012-3749, CVE-2012-3750, CVE-2012-5112
For more information: https://secunia.com/SA51157/
Solution: Apply iOS 6.0.1 Software Update.
Original Advisory: APPLE-SA-2012-11-01-1:
http://support.apple.com/kb/HT5567
> http://lists.apple.com/archives/security-announce/2012/Nov/msg00000.html
___

Safari 6.0.2 released
- https://support.apple.com/kb/HT5568
Nov 1, 2012
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.2
... WebKit -
1) Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A time of check to time of use issue existed in the handling of JavaScript arrays. This issue was addressed through additional validation of JavaScript arrays.
CVE-2012-3748 : Joost Pol and Daan Keuper of Certified Secure working with HP TippingPoint's Zero Day Initiative
2) Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A use after free issue existed in the handling of SVG images. This issue was addressed through improved memory handling.
CVE-2012-5112 : Pinkie Pie working with Google's Pwnium 2 contest...

- https://secunia.com/advisories/51157/
Release Date: 2012-11-02
Criticality level: Highly critical
Impact: System access
Where: From remote
CVE Reference(s): CVE-2012-3748, CVE-2012-5112
For more information: https://secunia.com/SA50954/
The vulnerabilities are reported in versions prior to 6.0.2 running on OS X Lion and OS X Mountain Lion.
Solution: Update to version 6.0.2.
Original Advisory: APPLE-SA-2012-11-01-2:
http://support.apple.com/kb/HT5568
> http://lists.apple.com/archives/security-announce/2012/Nov/msg00001.html

:fear::fear:
 
Last edited:
Adobe PDF Reader 0-day in-the-wild ...

FYI...

Adobe PDF Reader 0-day in-the-wild ...
- https://krebsonsecurity.com/2012/11/experts-warn-of-zero-day-exploit-for-adobe-reader/
Nov 7th, 2012 - "Software vendor Adobe says it is investigating claims that instructions for exploiting a previously unknown critical security hole in the latest versions of its widely-used PDF Reader software are being sold in the cybercriminal underground. The finding comes from malware analysts at Moscow-based forensics firm Group-IB, who say they’ve discovered that a new exploit capable of compromising the security of computers running Adobe X and XI (Adobe Reader 10 and 11) is being sold in the underground for up to $50,000. This is significant because — beginning with Reader X– Adobe introduced a “sandbox” feature aimed at blocking the exploitation of previously unidentified security holes in its software, and so far that protection has held its ground. But according to Andrey Komarov, Group-IB’s head of international projects, this vulnerability allows attackers to sidestep Reader’s sandbox protection...
> https://www.youtube.com/watch?feature=player_embedded&v=uGF8VDBkK0M#t=0s
... Adobe spokeswoman Wiebke Lips said the company was not contacted by Group-IB, and is unable to verify their claims, given the limited amount of information currently available... Group-IB says the vulnerability is included in a new, custom version of the Blackhole Exploit Kit, a malicious software framework sold in the underground that is designed to be stitched into hacked Web sites and deploy malware via exploits such as this one... consumers should realize that there are several PDF reader option apart from Adobe’s, including Foxit, PDF-Xchange Viewer, Nitro PDF and Sumatra PDF*."
* http://blog.kowalczyk.info/software/sumatrapdf/download-free-pdf-viewer.html
___

- http://h-online.com/-1746442
8 Nov 2012

:fear::fear:
 
Last edited:
QuickTime v7.7.3 released

FYI...

QuickTime v7.7.3 released
- https://secunia.com/advisories/51226/
Release Date: 2012-11-08
Criticality level: Highly critical
Impact: System access
Where: From remote
CVE Reference(s): CVE-2011-1374, CVE-2012-3751, CVE-2012-3752, CVE-2012-3753, CVE-2012-3754, CVE-2012-3755, CVE-2012-3756, CVE-2012-3757, CVE-2012-3758
... vulnerabilities are reported in versions prior to 7.7.3.
Solution: Update to version 7.7.3.
Original Advisory: http://support.apple.com/kb/HT5581

> http://lists.apple.com/archives/security-announce/2012/Nov/msg00002.html
... QuickTime 7.7.3 may be obtained from the QuickTime Downloads site:
http://www.apple.com/quicktime/download/
-or-
Use Apple Software Update.
___

- http://h-online.com/-1746273
8 Nov 2012

:fear:
 
Last edited:
IrfanView v4.35 released

FYI...

IrfanView v4.35 released
TIFF Image Decompression Buffer Overflow Vulnerability
- https://secunia.com/advisories/49856/
Release Date: 2012-11-09
Criticality level: Highly critical
Impact: System access
Where: From remote
CVE Reference: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-5022 - 6.8
This is related to vulnerability #4 in: https://secunia.com/SA43593/
... vulnerability is confirmed in version 4.33. Other versions may also be affected.
Solution: Update to version 4.35.
Original Advisory: http://www.irfanview.com/main_history.htm
Version 4.35 - 2012-11-07

- http://www.irfanview.com/main_download_engl.htm

- http://www.irfanview.com/plugins.htm
The current PlugIns version is: 4.35

:fear:
 
Skype - pwd reset vuln ...

FYI...

Skype - pwd reset vuln...
- http://heartbeat.skype.com/2012/11/security_issue.html
Nov 14, 2012 - "Early this morning we were notified of user concerns surrounding the security of the password reset feature on our website. This issue affected some users where multiple Skype accounts were registered to the same email address. We suspended the password reset feature temporarily this morning as a precaution and have made updates to the password reset process today so that it is now working properly. We are reaching out to a small number of users who may have been impacted to assist as necessary. Skype is committed to providing a safe and secure communications experience to our users and we apologize for the inconvenience."
___

- http://h-online.com/-1749720
14 Nov 2012

- http://www.theregister.co.uk/2012/11/14/skype_fixes_hijack_bug/
14 Nov 2012

:fear:
 
You must log in or register to reply here.
Back
Top