Old Alerts

Sumatra PDF Reader v1.9 released

FYI...

Sumatra PDF Reader v1.9 released
- http://blog.kowalczyk.info/software/sumatrapdf/news.html
Version history 1.9 (2011-11-23)
Changes in this release:
support for CHM documents
support touch gestures, available on Windows 7 or later. Contributed by Robert Prouse
open linked audio and video files in an external media player
improved support for PDF transparency groups...

Download
- http://blog.kowalczyk.info/software/sumatrapdf/download-free-pdf-viewer.html

:spider:
 
Cisco Linksys router WRT54G WRT54GX UPnP vuln

FYI...

Cisco Linksys router WRT54G WRT54GX UPnP vuln ...
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4499
Last revised: 11/22/2011
CVSS v2 Base Score: 7.5 (HIGH)
"... Cisco Linksys WRT54G* with firmware before 4.30.5, WRT54GS v1 through v3 with firmware before 4.71.1, and WRT54GS v4 with firmware before 1.06.1.."

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4500
Last revised: 11/22/2011
CVSS v2 Base Score: 7.5 (HIGH)
"... Cisco Linksys WRT54GX* with firmware 2.00.05, when UPnP is enabled..."

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4501
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4502
"... Edimax BR-6104K with firmware before 3.25, Edimax 6114Wg, Canyon-Tech CN-WF512 with firmware 1.83, Canyon-Tech CN-WF514 with firmware 2.08, Sitecom WL-153 with firmware before 1.39, and Sweex LB000021 with firmware 3.15..."

- http://www.kb.cert.org/vuls/id/357851
Last Updated: 2011-10-07 - "... Workarounds: Disable UPnP* on the device..."

* http://192.168.1.1/Manage.htm
... Administration - UPnP: > Disable...

- http://www.upnp-hacks.org/devices.html#linksys
___

- http://h-online.com/-1329727
24 August 2011

:fear::fear:
 
Last edited:
HP LaserJet network ptrs vuln ...

FYI...

- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449
Last Updated: 2011-12-23 Version: 2 (rev.2)
23 December 2011 Code signing firmware available
___

HP LaserJet printers - firmware access vuln
- http://www.securitytracker.com/id/1026357
CVE Reference: CVE-2011-4161
Updated: Dec 1 2011
Impact: Execution of arbitrary code via network, Root access via network
Vendor Confirmed: Yes
Description: A vulnerability was reported in some HP LaserJet Printers. A remote user can update the firmware with arbitrary code. A remote user can send a specially crafted print job or specially crafted data to TCP port 9100 on the target printer to trigger an unspecified flaw and cause the printer to upgrade its firmware with arbitrary code. Some printers do not check digital signatures on firmware upgrades...
The original advisory is available at:
http://redtape.msnbc.msn.com/_news/...en-to-devastating-hack-attack-researchers-say
Impact: A remote user can upgrade the printer's firmware with arbitrary code.
Solution: ... The vendor recommends disabling the 'Printer Firmware Update' feature as described at:
http://h71028.www7.hp.com/enterprise/downloads/HP-Imaging10.pdf
The vendor's advisory is available at:
http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03102449
Last Updated: 2011-12-23

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4161
Last revised: 12/02/2011
CVSS v2 Base Score: 10.0 (HIGH)

- https://secunia.com/advisories/47063/
Release Date: 2011-12-28
Criticality level: Moderately critical
Impact: Security Bypass ...

- https://isc.sans.edu/diary.html?storyid=12112
Last Updated: 2011-11-29 16:22:00 UTC

- http://h-online.com/-1387374
30 November 2011
___

- http://www.hp.com/hpinfo/newsroom/press/2011/111129b.html
Nov. 29, 2011 - "... Today there has been sensational and inaccurate reporting regarding a potential security vulnerability with some HP LaserJet printers. No customer has reported unauthorized access. Speculation regarding potential for devices to catch fire due to a firmware change is false. HP LaserJet printers have a hardware element called a “thermal breaker” that is designed to prevent the fuser from overheating or causing a fire. It cannot be overcome by a firmware change or this proposed vulnerability. While HP has identified a potential security vulnerability with some HP LaserJet printers, no customer has reported unauthorized access. The specific vulnerability exists for some HP LaserJet devices if placed on a public internet without a firewall. In a private network, some printers may be vulnerable if a malicious effort is made to modify the firmware of the device by a trusted party on the network. In some Linux or Mac environments, it may be possible for a specially formatted corrupt print job to trigger a firmware upgrade.
HP is building a firmware upgrade to mitigate this issue and will be communicating this proactively to customers and partners who may be impacted. In the meantime, HP reiterates its recommendation to follow best practices for securing devices by placing printers behind a firewall and, where possible, disabling remote firmware upload on exposed printers..."

:fear: :sad:
 
Last edited:
Yahoo Messenger v11.5.0.152-us / 0-Day exploit - 2011.12.02 ...

FYI...

Yahoo Messenger v11.5.0.152 / 0-Day exploit - 2011.12.02...
- http://www.malwarecity.com/blog/new...exploit-hijacks-users-status-update-1229.html
2 December 2011 - "... A newly discovered exploit in version 11.x of the Messenger client (including the freshly-released 11.5.0.152-us*) allows a remote attacker to arbitrarily change the status message of virtually any Yahoo Messenger user that runs the vulnerable version...
You are -not- vulnerable if... You have Yahoo Messenger set to 'ignore anyone who is not in your Yahoo! Contacts' (which is off by default)..."

* Yahoo Messenger v11.5.0.152-us:
> http://www.majorgeeks.com/Yahoo_Messenger_d4235.html
Date: 2011-11-30 / Size: 18 MB / License: Freeware

- https://secure.wikimedia.org/wikipedia/en/wiki/Yahoo!_Messenger_release_history#Windows
v11.5.0.152 - November 29, 2011
Tabbed IMs / Improved Spam Management / New Social Games / Easy Access to Recent Contacts
Smart Archiving / Snap and Share / Quick Access to All Emoticons...

:fear:
 
-780- attempted exploitations...

FYI...

- http://forums.spybot.info/showpost.php?p=418114&postcount=57
Dec. 16, 2011
___

- http://www.symantec.com/security_response/threatconlearn.jsp
Updated: Dec 21 - "... For the period of December 8, 2011 through December 20, 2011, Symantec intelligence products have detected a total of -780- attempted exploits of CVE-2011-2462*. Exercise extreme caution when opening PDF files from untrusted sources. Any email attachments received from unfamiliar senders or unexpectedly from known senders should be treated suspiciously. Email attachments are a common vector for targeted attacks using vulnerabilities of this kind..."
___

- https://www.adobe.com/support/security/advisories/apsa11-04.html
Last updated: December 15, 2011 - "... We are in the process of finalizing a fix for the issue and expect to make available an update for Adobe Reader 9.x and Acrobat 9.x for Windows on December 16, 2011..."

* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2462
Last revised: 12/21/2011
CVSS v2 Base Score: 10.0 (HIGH)
"... as exploited in the wild in December 2011..."

:fear::mad:
 
Last edited:
Thunderbird v9.0 released

FYI...

Thunderbird v9.0 released
- https://www.mozilla.org/en-US/thunderbird/9.0/releasenotes/
December 20, 2011

Download
- https://www.mozilla.org/en-US/thunderbird/all.html

Fixed in Thunderbird 9
- https://www.mozilla.org/security/known-vulnerabilities/thunderbird.html#thunderbird9
MFSA 2011-58 Crash scaling <video> to extreme sizes
MFSA 2011-57 Crash when plugin removes itself on Mac OS X
MFSA 2011-56 Key detection without JavaScript via SVG animation
MFSA 2011-55 nsSVGValue out-of-bounds access
MFSA 2011-54 Potentially exploitable crash in the YARR regular expression library
MFSA 2011-53 Miscellaneous memory safety hazards (rv:9.0)

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3658 - 7.5 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3660 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3661 - 7.5 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3663 - 4.3
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3664 - 6.8
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3665 - 7.5 (HIGH)
Last revised: 12/21/2011
"... Thunderbird 5.0 through 8.0..."

- http://www.securitytracker.com/id/1026447
Dec 21 2011
___

Thunderbird v3.1.7 released
- https://www.mozilla.org/en-US/thunderbird/all-older.html

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3666
Last revised: 12/21/2011
CVSS v2 Base Score: 6.8 (MEDIUM)
"... Thunderbird before 3.1.7..."
___

- http://h-online.com/-1400073
22 December 2011

:fear::spider:
 
Last edited:
WordPress Connections plugin vuln - updates available

FYI...

WordPress Connections plugin vuln - updates available
- https://secunia.com/advisories/47390/
Release Date: 2011-12-29
Criticality level: Moderately critical
Impact: Unknown
Where: From remote...
Solution... see: Connections Changelog:
http://wordpress.org/extend/plugins/connections/changelog/
Latest: 0.7.2.2 - 12/25/11
0.7.1.6 - 06/15/2011 > Fixes security vulnerability
Requires: 3.2 or higher
Compatible up to: 3.3
Last Updated: 2011-12-26

:fear:
 
WordPress v3.3.1 released

FYI...

WordPress v3.3.1 released
- https://wordpress.org/download/
January 3, 2012 - "The latest stable release of WordPress (Version 3.3.1) is available..."

WordPress 3.3.1 Security and Maintenance Release
- https://wordpress.org/news/2012/01/wordpress-3-3-1/
January 3, 2012 - "This maintenance release fixes 15 issues with WordPress 3.3, as well as a fix for a cross-site scripting vulnerability that affected version 3.3..."

- https://core.trac.wordpress.org/que...lestone=3.3.1&group=resolution&order=priority
___

- http://h-online.com/-1403297
4 January 2012
___

- http://www.securitytracker.com/id/1026542
CVE Reference: CVE-2012-0287
Date: Jan 19 2012
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Version(s): 3.3
Solution: The vendor has issued a fix (3.3.1)...

:fear:
 
Last edited:
OpenSSL security advisory ...

FYI...

OpenSSL vulns/fixes ...
- https://isc.sans.edu/diary.html?storyid=12322
Last Updated: 2012-01-05 00:46:00 UTC - "... CVEs include:
DTLS Plaintext Recovery Attack (CVE-2011-4108)
Double-free in Policy Checks (CVE-2011-4109)
Uninitialized SSL 3.0 Padding (CVE-2011-4576)
Malformed RFC 3779 Data Can Cause Assertion Failures (CVE-2011-4577)
SGC Restart DoS Attack (CVE-2011-4619)
Invalid GOST parameters DoS Attack (CVE-2012-0027)
Details here: http://openssl.org/news/secadv_20120104.txt
Downloads here: http://openssl.org/source/ ..."

- http://www.openssl.org/news/secadv_20120104.txt
04 Jan 2012 - "... Affected users should upgrade to OpenSSL 1.0.0f or 0.9.8s..."

- https://secunia.com/advisories/47426/
Release Date: 2012-01-05
Criticality level: Moderately critical
Impact: Exposure of sensitive information, DoS, System access
Where: From remote
Solution: Update to version 0.9.8s or 1.0.0f.

- http://www.securitytracker.com/id/1026485
CVE Reference: CVE-2011-4108, CVE-2011-4109, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2012-0027, CVE-2012-0390
Updated: Jan 6 2012
Impact: Denial of service via network, Disclosure of user information, Execution of arbitrary code via network, User access via network
Version(s): prior to 0.9.8s; 1.x prior to 1.0.0f

:fear:
 
Last edited:
Yahoo Messenger v11.5.0.155 released

FYI...

Yahoo Messenger vuln - update available
- https://secunia.com/advisories/47041/
Release Date: 2012-01-13
Criticality level: Moderately critical
Impact: System access
Where: From remote
... may allow execution of arbitrary code, but requires a victim to allow photo sharing with an attacker.
The vulnerability is confirmed in version 11.5.0.152. Other versions may also be affected.
Solution: Update to version 11.5.0.155.

- http://www.securitytracker.com/id/1026523
CVE Reference: CVE-2012-0268
Date: Jan 13 2012
Impact: Execution of arbitrary code via network, User access via network
Version(s): prior to 11.5.0.155...

- http://majorgeeks.com/Yahoo_Messenger_d4235.html
Yahoo! Messenger 11.5.0.155
Date: 2012-01-11
Size: 18.3 MB
License: Freeware

:fear:
 
Last edited:
Hard drive shortages continue...

FYI...

- http://www.gartner.com/it/page.jsp?id=1893523
January 11, 2012 - "... Hard-disk drive (HDD) shortages triggered by the October 2011 floods in Thailand had a limited impact on fourth-quarter PC shipments and prices. However, Gartner analysts said a major impact will be felt, and this is expected to materialize in the first half of 2012, and potentially continue throughout 2012. These shortages will temporarily lower PC shipment growth during 2012..."

:fear: :sad:
 
IrfanView plugin JPEG-2000 v4.33 released

FYI...

IrfanView plugin JPEG-2000 v4.33 released
- https://secunia.com/advisories/47360/
Release Date: 2012-01-16
Criticality level: Moderately critical
Impact: System access
Where: From remote
... vulnerability is confirmed in version 4.32. Other versions may also be affected.
Solution: Update the JPEG2000 plug-in to version 4.33.

- http://www.irfanview.com/plugins.htm
... PlugIns updated after the version 4.32:
JPEG-2000 Plugin (4.33) - fixed crash/overflow with special files
> http://www.irfanview.net/plugins/irfanview_plugin_jpeg2000.exe

:fear:
 
Symantec pcAnywhere updated

FYI...

Symantec pcAnywhere update
- https://secunia.com/advisories/47744/
Last Update: 2012-01-26
Criticality level: Moderately critical
Impact: Privilege escalation, System access
Where: From local network
CVE Reference(s):
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3478 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3479 - 4.3
... exploitation of this vulnerability may allow execution of arbitrary code.
The security issue and the vulnerability are reported in the following products:
Symantec pcAnywhere version 12.5.x, Symantec Altiris IT Management Suite version 7.0, Symantec Altiris IT Management Suite version 7.1
Solution: Apply hotfix TECH179526.
Original Advisory: Symantec:
http://www.symantec.com/security_re...=security_advisory&year=2012&suid=20120124_00
Jan 24, 2012 - SYM12-002 - Severity: High

pcAnywhere hotfix - Article: TECH179526
- http://www.symantec.com/business/support/index?page=content&id=TECH179526
Updated: 2012-01-25 - "... Symantec pcAnywhere 12.5.x users should upgrade to the latest supported version, 12.5.3, prior to applying the hotfix or reapply the hotfix once they upgrade to the 12.5.3 version."

:fear::fear:
 
Last edited:
pcAnywhere users – patch now! ...

FYI...

pcAnywhere users – patch now!
- https://isc.sans.edu/diary.html?storyid=12463
Last Updated: 2012-01-25 22:24:12 UTC - "Symantec released a patch for pcAnywhere products that fixes couple of vulnerabilities, among which the most dangerous one allows remote code execution... for last couple of weeks there have been a lot of rumors about source code of several Symantec’s products that got stolen by yet unknown hackers. Besides a post that listed file names nothing else has been released in public yet, as far as we know... if you are a pcAnywhere user – PATCH NOW.
Update:
And a short update: according to DShield data it appears that someone started scanning around for services on port 5631 (pcAnywhere). While the number of sources is still relatively low (indicating a single scanner, or a small number of them), the number of targets is pretty high. See for yourself here*."
* https://isc.sans.edu/port.html?port=5631

pcAnywhere hotfix - Article: TECH179526
- http://www.symantec.com/business/support/index?page=content&id=TECH179526
Updated: 2012-01-26
- http://clientui-kb.symantec.com/kb/...=print&impressions=&viewlocale=&id=TECH179526
Updated: 2012-01-28 - Technical Solution for pcAnywhere 12.0 12.5 12.5 SP3, pcAnywhere Solution 12.5 12.6 12.6.2
Updated: 2012-01-30 - Technical Solution for pcAnywhere 12.5 12.5 SP3, pcAnywhere Solution 12.5 12.6 12.6.2 ...
Updated: 2012-02-02 - Technical Solution for pcAnywhere 12.0 12.5 12.5 SP3, pcAnywhere Solution 12.5 12.6 12.6.2

:fear::fear:
 
Last edited:
Thunderbird v10.0.1 released ...

FYI...

- https://www.mozilla.org/security/announce/2012/mfsa2012-10.html
Feb 10, 2012 - "... Fixed in: ... Thunderbird 10.0.1..."
Impact: Critical...
___

Thunderbird v10.0 released
- https://www.mozilla.org/thunderbird/10.0/releasenotes/
Jan 31, 2012 What's New...

Download
- https://www.mozilla.org/thunderbird/all.html

Fixed in Thunderbird 10
- https://www.mozilla.org/security/known-vulnerabilities/thunderbird.html#thunderbird10
MFSA 2012-08 Crash with malformed embedded XSLT stylesheets
MFSA 2012-07 Potential Memory Corruption When Decoding Ogg Vorbis files
MFSA 2012-06 Uninitialized memory appended when encoding icon images may cause information disclosure
MFSA 2012-05 Frame scripts calling into untrusted objects bypass security checks
MFSA 2012-04 Child nodes from nsDOMAttribute still accessible after removal of nodes
MFSA 2012-03 <iframe> element exposed across domains via name attribute
MFSA 2012-01 Miscellaneous memory safety hazards (rv:10.0/ rv:1.9.2.26)
___

Thunderbird v3.1.18 released
- https://www.mozilla.org/thunderbird/all-older.html

:fear:
 
Last edited:
Backdoor in TRENDnet IP cameras

FYI...

Backdoor in TRENDnet IP cameras
- http://h-online.com/-1428896
6 Feb 2012 - "... security vulnerability in some TRENDnet IP cameras which permits inquisitive web users to access them without authentication... Random sampling by The H's associates at heise Security found that most of the cameras were indeed freely accessible, providing views of offices, living rooms and children's bedrooms... TRENDnet has already responded by providing a firmware update*..."

* http://www.trendnet.com/langen/press/view.asp?id=1958
2/7/2012 - "TRENDnet has published updated firmware for all affected cameras... video from some TRENDnet IP SecurView cameras may be accessed online in real time... New firmware for all of the listed models is available at the following link: http://www.trendnet.com/downloads
TRENDnet is working to publish all outstanding firmware within the next 48 hours... Customers with any questions related to this issue such as how to update your camera’s firmware are invited to contact TRENDnet at the following email:
ipcam@trendnet.com ..."
> http://news.bbcimg.co.uk/media/images/58339000/jpg/_58339829_cam.jpg

:sad::fear::fear:
 
Apple updates...

FYI...

Apple iOS 5.1 Software Update
- https://support.apple.com/kb/HT5192
March 07, 2012 - iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2
- https://secunia.com/advisories/48288/
Impact: Security Bypass, Cross Site Scripting, Exposure of sensitive information, System access
Where: From remote
Solution: Apply iOS 5.1 Software Update.
- http://www.securitytracker.com/id/1026774
Date: Mar 8 2012
CVE Reference: CVE-2012-0641, CVE-2012-0642, CVE-2012-0643, CVE-2011-3453, CVE-2012-0644, CVE-2012-0585, CVE-2012-0645, CVE-2012-0646, CVE-2011-3887, CVE-2012-0590, CVE-2011-3881, CVE-2012-0586, CVE-2012-0587, CVE-2012-0588, CVE-2012-0589, CVE-2011-2825, CVE-2011-2833, CVE-2011-2846, CVE-2011-2847, CVE-2011-2854, CVE-2011-2855, CVE-2011-2857, CVE-2011-2860, CVE-2011-2867, CVE-2011-2868, CVE-2011-2869, CVE-2011-2870, CVE-2011-2871, CVE-2011-2872, CVE-2011-2873, CVE-2011-2877, CVE-2011-3885, CVE-2011-3888, CVE-2011-3897, CVE-2011-3908, CVE-2011-3909, CVE-2011-3928, CVE-2012-0591, CVE-2012-0592, CVE-2012-0593, CVE-2012-0594, CVE-2012-0595, CVE-2012-0596, CVE-2012-0597, CVE-2012-0598, CVE-2012-0599, CVE-2012-0600, CVE-2012-0601, CVE-2012-0602, CVE-2012-0603, CVE-2012-0604, CVE-2012-0605, CVE-2012-0606, CVE-2012-0607, CVE-2012-0608, CVE-2012-0609, CVE-2012-0610, CVE-2012-0611, CVE-2012-0612, CVE-2012-0613, CVE-2012-0614, CVE-2012-0615, CVE-2012-0616, CVE-2012-0617, CVE-2012-0618, CVE-2012-0619, CVE-2012-0620, CVE-2012-0621, CVE-2012-0622, CVE-2012-0623, CVE-2012-0624, CVE-2012-0625, CVE-2012-0626, CVE-2012-0627, CVE-2012-0628, CVE-2012-0629, CVE-2012-0630, CVE-2012-0631, CVE-2012-0632, CVE-2012-0633, CVE-2012-0635
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via local system, User access via network...

iTunes 10.6 update
- https://support.apple.com/kb/HT5191
March 07, 2012 - Windows 7, Vista, XP SP2 or later
- https://secunia.com/advisories/48274/
Impact: System access
Where: From remote
Solution: Update to version 10.6.
- http://www.securitytracker.com/id/1026781
Date: Mar 9 2012
CVE Reference: CVE-2012-0634, CVE-2012-0636, CVE-2012-0637, CVE-2012-0638, CVE-2012-0639, CVE-2012-0648
Impact: Execution of arbitrary code via network, User access via network

- http://h-online.com/-1466786
8 March 2012

- https://www.us-cert.gov/current/#apple_releases_multiple_security_updates2
March 9, 2012

:fear::fear:
 
Last edited:
Apple Safari Plug-in vuln ...

FYI...

Apple Safari Plug-in vuln ...
- https://secunia.com/advisories/45758/
Release Date: 2012-03-07
Criticality level: Moderately critical
Impact: System access
Where: From remote
Software: Apple Safari 5.x
CVE Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3845 - 7.6 (HIGH)
Last revised: 03/08/2012
... confirmed in version 5.1.2 (7534.52.7) on Windows using the RealPlayer and Adobe Flash plug-ins. Other versions may also be affected.
Solution: No effective workaround is currently available...

- http://www.securitytracker.com/id/1026775
CVE Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3844 - 4.3
Date: Mar 9 2012
Impact: Modification of system information
Version(s): 5.0.5 (7533.21.1); possibly other versions
Impact: A remote user can spoof the address bar URL.
Solution: The vendor has issued a partial fix (5.1.2 (7534.52.7))...

- https://www.apple.com/safari/download/
(Currently: Safari 5.1.2... for Windows XP, Vista or 7)

Use Apple Software Update ...

:fear::fear:
 
Last edited:
Safari v5.1.4 released

FYI...

Safari v5.1.4 released
- http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html
Mar 12, 2012 - Safari 5.1.4 for Windows XP, Vista or 7 ...

- https://www.apple.com/safari/download/

- https://support.apple.com/kb/HT5190

- http://www.securitytracker.com/id/1026785
Date: Mar 12 2012
CVE Reference: CVE-2012-0584, CVE-2012-0640, CVE-2012-0647
Impact: Disclosure of authentication information, Modification of system information
Version(s): prior to 5.1.4...

- https://secunia.com/advisories/48377/
Release Date: 2012-03-13
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of sensitive information, System access
Where: From remote ...
Solution: Update to version 5.1.4.
Original Advisory: http://support.apple.com/kb/HT5190
___

- https://www.computerworld.com/s/art...d_number_of_Safari_5_bugs_with_monster_update
Mar 13, 2012 - "... Fixes 83 security flaws, most in WebKit engine; boosts JavaScript performance on OS X Lion... Of the 83 vulnerabilities, Apple tacitly classified 72 as critical..."

- http://h-online.com/-1470595
13 March 2012
>> http://www.h-online.com/security/ne...-security-holes-1470595.html?view=zoom;zoom=1

:fear::fear:
 
Last edited:
You must log in or register to reply here.
Back
Top