Old Alerts

WordPress v3.2 released

FYI...

WordPress v3.2 released
- http://wordpress.org/download/
July 4, 2011 - "The latest stable release of WordPress (Version 3.2) is available..."

- http://wordpress.org/news/2011/07/gershwin/
"... The focus for this release was making WordPress faster and lighter... refreshed dashboard design that tightens the typography, design, and code behind the admin... Under the hood there have been a number of improvements, not the least of which is the streamlining enabled by our previously announced plan of retiring support for PHP4, older versions of MySQL, and legacy browsers like IE6, which allows us to take advantage of more features enabled by new technologies..."

;)
 
Oracle CPU Advisory - July 2011

FYI...

Oracle CPU Advisory - July 2011
- http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html
July 19, 2011 - "This Critical Patch Update contains 78 new security fixes... Oracle Database, Oracle Fusion Middleware, Oracle Enterprise Manager Grid Control, Oracle E-Business Suite Applications, JD Edwards EnterpriseOne, JD Edwards OneWorld Tools, PeopleSoft Enterprise Portal Applications, PeopleSoft Enterprise PeopleTools, Siebel Enterprise, Oracle Industry Applications and Oracle VM patches in the Critical Patch Updates are cumulative; patches for any of these products included in a Critical Patch Update will include all fixes for that product from the previous Critical Patch Updates. For more information about cumulative and non-cumulative patches, check the patch availability documents..."

- http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html#PIN

- http://www.us-cert.gov/current/#oracle_releases_patch_update_pre
July 19, 2011 "...This update contains the following security fixes:
• 13 for Oracle Database Server
• 3 for Oracle Secure Backup
• 7 for Oracle Fusion Middleware
• 18 for Oracle Enterprise Manager
• 1 for Oracle E-Business Suite
• 1 for Oracle Supply Chain Products Suite
• 12 for Oracle PeopleSoft and JDEdwards Suite
• 23 for Oracle Sun Products Suite..."

:fear:
 
Google Picasa vuln - update available

FYI...

Google Picasa vuln - update available
- http://secunia.com/advisories/45293/
Release Date: 2011-07-20
Criticality level: Highly critical
Impact: System access
Where: From remote
Software: Google Picasa 3.x
... vulnerability is reported in version 3.6 Build 105.61 for Windows and prior.
Solution: Update to version 3.6 Build 105.67 or later...
- http://picasa.google.com/

- http://h-online.com/-1283347
21 July 2011

:fear:
 
Last edited:
Safari v5.1 and v5.0.6 released...

FYI...

Safari v5.1 and v5.0.6 released...
- http://threatpost.com/en_us/blogs/apples-safari-update-fixes-58-bugs-adds-sandboxing-072011
July 20, 2011 - "... Apple has issued a new version of its Safari browser for Mac and Windows users, pushing version 5.1 and 5.0.6 to patch a boatload of security holes, some of which are critical. 58 security vulnerabilities in total are addressed in the update, including fixes for Java, Webkit and a flaw in the browser’s CFNetwork API that could enable cross-site scripting (XSS) attacks. Additional patches for the browser’s CoreGraphics and ImageIO framework are included the update that will prevent application termination or arbitrary code execution. The full list of updates can be found at Apple's support site*..."
* http://support.apple.com/kb/HT4808
July 20, 2011

... available via the Apple Software Update application, or Apple's Safari download site at: http://www.apple.com/safari/download/
___

- http://www.securitytracker.com/id/1025816
CVE Reference: CVE-2010-1383, CVE-2010-1420, CVE-2010-1823, CVE-2011-0214, CVE-2011-0215, CVE-2011-0216, CVE-2011-0217, CVE-2011-0218, CVE-2011-0219, CVE-2011-0221, CVE-2011-0222, CVE-2011-0223, CVE-2011-0225, CVE-2011-0232, CVE-2011-0233, CVE-2011-0234, CVE-2011-0235, CVE-2011-0237, CVE-2011-0238, CVE-2011-0240, CVE-2011-0241, CVE-2011-0242, CVE-2011-0244, CVE-2011-0253, CVE-2011-0254, CVE-2011-0255, CVE-2011-0981, CVE-2011-0983, CVE-2011-1107, CVE-2011-1109, CVE-2011-1114, CVE-2011-1115, CVE-2011-1117, CVE-2011-1121, CVE-2011-1188, CVE-2011-1190, CVE-2011-1203, CVE-2011-1204, CVE-2011-1288, CVE-2011-1293, CVE-2011-1295, CVE-2011-1296, CVE-2011-1453, CVE-2011-1457, CVE-2011-1462, CVE-2011-1774, CVE-2011-1797
July 20 2011

- http://secunia.com/advisories/45325/
Release Date: 2011-07-21
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, Manipulation of data, Exposure of system information, Exposure of sensitive information, System access
Where: From remote...
Solution: Update to version 5.1 or 5.0.6.

Apple patches 58 Safari bugs to deflect drive-by attacks
- https://www.computerworld.com/s/art...es_58_Safari_bugs_to_deflect_drive_by_attacks
July 20, 2011

- http://h-online.com/-1283018
20 July 2011
- http://kb2.adobe.com/cps/908/cpsid_90885.html
2011-07-20 - "Adobe Reader plug-in and Acrobat plug-in are not compatible with the Safari 5.1 browser... As we continue to investigate this, we will be sure to keep you updated... Adobe expects to provide a better workaround for this issue before the end of 2011..."

:fear:
 
Last edited:
Foxit Reader v5.0.2.0718 released

FYI...

Foxit Reader v5.0.2.0718 released
- http://www.foxitsoftware.com/downloads/#reader
07/21/11

- http://www.foxitsoftware.com/products/reader/security_bulletins.php#certain

- http://www.foxitsoftware.com/products/reader/security_bulletins.php#execution

Fixed in Foxit Reader 5.0.2.0718
- http://www.foxitsoftware.com/products/reader/bugfix.php#
• Fixed a security issue of arbitrary code execution when opening certain PDF files.
• Fixed an unexpected termination issue of Foxit Reader when opening certain PDF files in a web browser.
• Fixed an issue where the page content cannot be displayed when opening certain PDF files in a web browser.
• Fixed an issue where the desktop icons would be rearranged automatically when creating the desktop icon of Foxit Reader 5.0 during installation on Windows XP.
• Fixed an issue where the file name would be a messy code or its extension would be missed when emailing certain PDF files from a web browser.
• Recovered the Print Scale function which was available in pre 5.0 versions...
___

Foxit Reader ActiveX Control Buffer Overflow and Insecure Library Loading vuln
- http://secunia.com/advisories/44947/
Last Update: 2011-07-22
Criticality level: Highly critical
Impact: System access
Where: From remote...
... vulnerabilities are confirmed in version 5.0.1.0523. Other versions may also be affected.
Solution: Update to version 5.0.2.0718.

- http://www.securitytracker.com/id/1025819
Jul 21 2011
- http://www.securitytracker.com/id/1025820
Jul 22 2011
________

Direct download
- http://www.foxitsoftware.com/downloads/#reader

- http://forums.foxitsoftware.com/sho...online-update-v5.0.2.0718-still-not-available
FoxIt Reader online update v5.0.2.0718 still not available ?
___

... alternative PDF reader:
Sumatra PDF reader for Windows
- http://blog.kowalczyk.info/software/sumatrapdf/free-pdf-reader.html
Sumatra PDF is a free PDF, XPS, DjVu, CBZ and CBR reader for Windows...
- http://blog.kowalczyk.info/software/sumatrapdf/download-free-pdf-viewer.html
>>> Download Installer: SumatraPDF-1.7-install.exe
Supported OS: Windows 7, Vista, XP.

Version history
- http://blog.kowalczyk.info/software/sumatrapdf/news.html
Current version: 1.7 (2011-07-18)
Changes in this release:
• favorites
• improved support for right-to-left languages e.g. Arabic
• logical page numbers are displayed and used, if a document provides them...
• allow to restrict SumatraPDF's features with more granularity...
• -named-dest also matches strings in table of contents
• improved support for EPS files (requires Ghostscript)
• more robust installer
• many minor improvements and bugfixes

:fear::sad:
 
Last edited:
QuickTime v7.7 released

FYI...

QuickTime v7.7 released
- http://support.apple.com/kb/HT4826
August 03, 2011 - "Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later..."

> http://www.apple.com/quicktime/download/
... or update via Apple Software Update.

- http://support.apple.com/kb/DL837
QuickTime 7.7 for Windows

- http://www.securitytracker.com/id/1025884
Aug 3 2011
Version(s): prior to 7.7...
CVE Reference:
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0245
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0246
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0247
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0248
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0249
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0250
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0251
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0252
Published: 08/04/2011
CVSS Severity: 9.3 (HIGH)

- http://secunia.com/advisories/45516/
Release Date: 2011-08-04
Criticality level: Highly critical
Impact: System access
Where: From remote...
Solution: Update to version 7.7.

:fear:
 
Last edited:
FYI...

Thunderbird v6.0 released
- https://www.mozilla.org/en-US/thunderbird/all.html
August 16, 2011

Release Notes
- https://www.mozilla.org/en-US/thunderbird/6.0/releasenotes/

- https://addons.mozilla.org/en-US/thunderbird/?browse=featured
___

MFSA 2011-31 - Security issues addressed in Thunderbird 6
- http://www.mozilla.org/security/announce/2011/mfsa2011-31.html
CVE References: CVE-2011-0084, CVE-2011-2985, CVE-2011-2986, CVE-2011-2987, CVE-2011-2988, CVE-2011-2989, CVE-2011-2991, CVE-2011-2992
MFSA 2011-32 - Security issues addressed in Thunderbird 3.1.12
- http://www.mozilla.org/security/announce/2011/mfsa2011-32.html
CVE References: CVE-2011-0084, CVE-2011-2378, CVE-2011-2980, CVE-2011-2981, CVE-2011-2982, CVE-2011-2983, CVE-2011-2984
___

Thunderbird v3.1.12 released
- https://www.mozilla.org/en-US/thunderbird/all-older.html
August 16, 2011

:fear:
 
Last edited:
Thunderbird v6.0.2, v3.1.14 ...

FYI...

Thunderbird v6.0.2 ...
- https://www.mozilla.org/en-US/thunderbird/all.html
September 6, 2011

- https://www.mozilla.org/en-US/thunderbird/6.0.2/releasenotes/

MFSA 2011-35 - Security issues addressed in Thunderbird 6
- https://www.mozilla.org/security/announce/2011/mfsa2011-35.html
Fixed in: Thunderbird 6.0.2

Thunderbird v3.1.14
- https://www.mozilla.org/en-US/thunderbird/all-older.html
September 6, 2011

MFSA 2011-35 - Security issues addressed...
- https://www.mozilla.org/security/announce/2011/mfsa2011-35.html
Fixed in: Thunderbird 3.1.14

:fear::fear:
 
Apple Security Update 2011-005

FYI...

Apple Security Update 2011-005
- https://support.apple.com/kb/HT4920
September 09, 2011
• Certificate Trust Policy
Products Affected: Mac OS X Server 10.6, Mac OS X 10.6, Lion Server, OS X Lion, Product Security

- https://support.apple.com/downloads/

List of available trusted root certificates
- https://support.apple.com/kb/HT4415
___

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0228
Last revised: 08/30/2011
CVSS v2 Base Score: 7.5 (HIGH)
"... Apple iOS before 4.2.10 and 4.3.x before 4.3.5..."

- https://support.apple.com/downloads/#Apple iOS

:fear::fear:
 
Last edited:
Apache v2.2.21 released

FYI...

Apache v2.2.21 released
- http://h-online.com/-1343066
14 September 2011 - "The Apache Foundation has announced* that the newly released version 2.2.21 of its free web server is essentially a bug fix and security release... The new version corrects and complements the first fix, which was released only two weeks ago... Users are advised to update their Apache installations as soon as possible. However, those who use Apache 2.0 will still need to wait: corrections for this version are scheduled to be incorporated in the release of version 2.0.65 in the near future. Those who use version 1.3 are not affected by the byte range bug..."

* http://www.apache.org/dist/httpd/Announcement2.2.html

Download
- http://httpd.apache.org/download.cgi

- https://httpd.apache.org/security/vulnerabilities_22.html
___

- https://secunia.com/advisories/46013/
Release Date: 2011-09-14
Criticality level: Moderately critical
Impact: DoS
Where: From remote
... vulnerability is reported in versions 2.2.12, 2.2.13, 2.2.14, 2.2.15, 2.2.16, 2.2.17, 2.2.18, 2.2.19, and 2.2.20.
Solution: Update to version 2.2.21.
Original Advisory: http://httpd.apache.org/security/vulnerabilities_22.html#2.2.21

- http://news.netcraft.com/archives/2011/08/05/august-2011-web-server-survey-3.html
August 2011 - 65.18% Apache

:fear::fear:
 
Thunderbird v7.0.1, v3.1.15 released

FYI...

Thunderbird v7.0.1 released
- https://www.mozilla.org/en-US/thunderbird/7.0.1/releasenotes/
September 30, 2011

Security issues
- https://www.mozilla.org/security/known-vulnerabilities/thunderbird.html#thunderbird7

Download
- https://www.mozilla.org/en-US/thunderbird/all.html

- http://www.securitytracker.com/id/1026122
CVE Reference: CVE-2011-2372, CVE-2011-2995, CVE-2011-2996, CVE-2011-2997, CVE-2011-3000, CVE-2011-3001, CVE-2011-3005, CVE-2011-3232
Sep 29 2011
"... prior to 7.0..."
___

Thunderbird v3.1.15
- https://www.mozilla.org/en-US/thunderbird/all-older.html

Release notes
- https://www.mozilla.org/en-US/thunderbird/3.1.15/releasenotes/
September 27, 2011

:fear:
 
Last edited:
iTunes v10.5 released

FYI...

iTunes v10.5 released
* https://support.apple.com/kb/HT4981
October 11, 2011

- https://isc.sans.edu/diary.html?storyid=11782
2011-10-11 18:52:46 UTC - "Apple release iTunes 10.5 for Windows and Mac OS X. For those following Apple this comes as no big surprise as there are functionality changes expected due to the imminent release of a new iPhone model. What is however a bit surprising is that they also released an impressive list of fixed vulnerabilities* in the windows version of iTunes. Even more interesting is that that list also mentions that e.g. "For Mac OS X v10.6 systems, this issue is addressed in Security Update 2011-006" or "For OS X Lion systems, this issue is addressed in OS X Lion v10.7.2". And that's a security update** and /or OS update that's not yet released at the time of writing."
** http://support.apple.com/kb/HT1222

- https://krebsonsecurity.com/2011/10/critical-security-updates-from-microsoft-apple/
October 11, 2011 - "... Apple’s update addresses more than 75 security flaws in the Windows versions of iTunes..."
___

- http://www.securitytracker.com/id/1026163
CVE Reference: CVE-2011-0259, CVE-2011-2338, CVE-2011-2339, CVE-2011-2341, CVE-2011-2352, CVE-2011-2354, CVE-2011-2356, CVE-2011-2809, CVE-2011-2811, CVE-2011-2813, CVE-2011-2814, CVE-2011-2815, CVE-2011-2816, CVE-2011-2817, CVE-2011-2820, CVE-2011-2823, CVE-2011-2827, CVE-2011-2831, CVE-2011-3219, CVE-2011-3233, CVE-2011-3234, CVE-2011-3235, CVE-2011-3236, CVE-2011-3237, CVE-2011-3238, CVE-2011-3239, CVE-2011-3241, CVE-2011-3244, CVE-2011-3252
Updated: Oct 12 2011
Version(s): prior to 10.5...

- https://secunia.com/advisories/46339/
Release Date: 2011-10-12
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, Manipulation of data, Exposure of sensitive information, System access
Where: From remote...
Solution: Update to version 10.5...

:fear:
 
Last edited:
Sony whacked - again ...

FYI...

Sony whacked - again...
* http://www.sony.net/SonyInfo/News/Press/201110/11-1012E/index.html
October 12, 2011

- http://h-online.com/-1359709
12 October 2011 - "Sony's online services have been the target of another large-scale attack. In a press release*, the Japanese electronics corporation said that attackers made multiple attempts to intrude into users' Sony online service accounts. Apparently, the attacks targeted the Playstation Network (PSN), the Sony Entertainment Network (SEN) and Sony Online Entertainment (SOE) between 7 and 10 October. Sony said that around 93,000 accounts were compromised and have temporarily been locked. 60,000 accounts at PSN/SEN, and 33,000 at SOE, are affected. Sony added that email notifications will be sent to the affected account holders, and that secure password resets will be required to reactivate the accounts. However, Sony confirmed that credit card details are not at risk, and that only a small fraction of the compromised accounts showed additional activity prior to being locked. First investigation results indicate that the attacks involved password information that was obtained from other compromised lists, said Sony. During the attacks, criminals apparently attempted to access legitimate accounts by trying out long lists of log-in IDs and passwords..."

- https://threatpost.com/en_us/blogs/sony-detects-suspicious-behavior-locks-93000-accounts-101211
October 12, 2011 - "... the username-password data-set tested against the networks must have come from some outside site, source, or company, as the vast majority of these attempts failed. Presumably, those attempts that did succeed occurred in cases where users recycled their username-password combos with some other compromised source..."

:fear::mad:
 
Last edited:
QuickTime v7.7.1 released

FYI...

QuickTime v7.7.1 released
- https://support.apple.com/kb/DL837
October 26, 2011

- https://support.apple.com/kb/HT5016

> http://www.apple.com/quicktime/download/
... or update via Apple Software Update.

- https://secunia.com/advisories/46618/
Release Date: 2011-10-27
Criticality level: Highly critical
Impact: Cross Site Scripting, Exposure of sensitive information, System access
Where: From remote
CVE Reference(s): CVE-2011-3218, CVE-2011-3219, CVE-2011-3220, CVE-2011-3221, CVE-2011-3222, CVE-2011-3223, CVE-2011-3228, CVE-2011-3247, CVE-2011-3248, CVE-2011-3249, CVE-2011-3250, CVE-2011-3251
Solution: Update to version 7.7.1.

- https://www.us-cert.gov/current/#apple_release_quicktime_7_7
October 27, 2011 - "... These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or obtain sensitive information..."

- http://h-online.com/-1367500
27 October 2011

:fear::fear:
 
Last edited:
2011-Q2 - Attack traffic...

FYI...

State of the Internet 2011-Q2 - Akamai
- http://www.akamai.com/html/about/press/releases/2011/press_102411.html
October 24, 2011 - "... Based on data gathered from the Akamai Intelligent Platform™, which serves as much as 30 percent of the world's Web traffic at any one time, the report provides insight into key global statistics such as Internet penetration, mobile traffic and data consumption, origins of attack traffic and SSL usage, and global and regional connection speeds... In the second quarter of 2011, Taiwan generated the most attack traffic observed by Akamai, bumping last quarter's newcomer to the list, Myanmar, to second place. Looking at total observed attack traffic aggregated by region, Asia Pacific/Oceania generated 47 percent of such attack traffic, Europe 30 percent, the Americas 20 percent, and Africa a mere 3 percent..."
(More detail available at the Akamai URL avove.)

Attack traffic - graphic
- http://1.bp.blogspot.com/-TknrIuWQx0k/TqaPnh6n3xI/AAAAAAAAAJc/YYmM3By-uI8/s1600/akamai+1.jpg

:sad::mad:
 
Java for Mac updated...

FYI...

Java for Mac OS X 10.7 Update 1 + Java for Mac OS X 10.6 Update 6
- https://support.apple.com/kb/HT5045
November 08, 2011 - "... Multiple vulnerabilities exist in Java 1.6.0_26, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_29...
CVE-IDs: CVE-2011-3389, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545, CVE-2011-3546,
CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3556, CVE-2011-3557, CVE-2011-3558, CVE-2011-3560, CVE-2011-3561 ..."
___

- https://secunia.com/advisories/46774/
Release Date: 2011-11-09
Criticality level: Highly critical
Impact: Hijacking, Spoofing, Manipulation of data, Exposure of sensitive information, DoS, System access
Where: From remote ...
Solution: Apply updates...
Original Advisory: http://support.apple.com/kb/HT5045

:fear::fear:
 
Last edited:
Apple iOS v5.0.1 update

FYI...

Apple iOS 5.0.1 update
- https://support.apple.com/kb/HT5052
November 10, 2011 - "... can be downloaded and installed using iTunes...
Products Affected: iPhone, iPad, iPod touch, Product Security..."

- https://support.apple.com/kb/DL1472
November 10, 2011

- http://www.theinquirer.net/inquirer/news/2124329/apple-releases-fix-iphone-battery
Nov 11 2011
___

- https://secunia.com/advisories/46747/ || https://secunia.com/advisories/46836/ - iPad 2
Release Date: 2011-11-11
Criticality level: Highly critical
Impact: Spoofing, Exposure of system information, System access
Where: From remote ...
Operating System: Apple iOS 5.x for iPhone 3GS and later, Apple iOS for iPod touch 5.x
Solution: Apply iOS 5.0.1 Software Update (downloadable and installable via iTunes)...
Original Advisory: Apple:
http://support.apple.com/kb/HT5052 ...

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3440
Last revised: 11/14/2011
CVSS v2 Base Score: 1.2 (LOW)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3246
Last revised: 10/14/2011
CVSS v2 Base Score: 5.0 (MEDIUM)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3442
Last revised: 11/14/2011
CVSS v2 Base Score: 7.2 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3439
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3441
Last revised: 11/14/2011
CVSS v2 Base Score: 9.3 (HIGH) ...
"... Apple iOS before 5.0.1"

- http://www.securitytracker.com/id/1026311
Updated: Nov 11 2011
Impact: Disclosure of system information, Execution of arbitrary code via network, User access via local system, User access via network
Version(s): 5.0 and prior...

:fear: :confused:
 
Last edited:
iTunes v10.5.1 released

FYI...

Apple iTunes v10.5.1 released
- http://www.securitytracker.com/id/1026323
CVE Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3434
Date: Nov 14 2011
Impact: Execution of arbitrary code via network, User access via network
Version(s): prior to 10.5.1...

• About the security content of iTunes 10.5.1
- https://support.apple.com/kb/HT5030
November 14, 2011
Available for: Mac OS X v10.5 or later, Windows 7, Vista, XP SP2 or later

• Security updates
- https://support.apple.com/kb/HT1222
Last Modified: November 14, 2011
___

- http://www.theregister.co.uk/2011/11/17/itunes_update_fixes_ghostnet_flaw/
17 November 2011 - "... An FBI press release on the Ghost Click takedown specifically cites iTunes* as an example of how the alleged fraud operated..."
* http://www.fbi.gov/news/stories/2011/november/malware_110911/malware_110911

- http://www.csoonline.com/article/69...ng-to-address-man-in-the-middle-vulnerability
November 15, 2011 - "... The vulnerability stems from older iTunes versions use of plain HTTP requests to query Apple's servers for new updates. Because such connections lack encryption, a network attacker could intercept the requests and respond with rogue update URLs... This particular attack scenario can only take place when iTunes is installed on a Windows system and the Apple Software Update component is not present..."

- https://www.us-cert.gov/current/index.html#apple_releases_itunes_10_51
November 15, 2011

:fear::fear:
 
Last edited:
You must log in or register to reply here.
Back
Top