Next Page >>
Apple Inc
n.runs AG
http://www.nruns.com/ security(at)nruns.com
n.runs-SA-2008.005 01-Aug-2008
________________________________________________________________________
Vendor: Apple Inc., http://www.apple.com
Affected Products: CoreServices Framework’s CarbonCore Framework
(Used by: i.e. Safari, Mail)
Affected Platforms:
Mac OS X v10.4.11
Mac OS X Server v10.4.11
Summary
=======
Name: Elevation of Privilege Vulnerability in iTunes for Windows
Release Date: March 31th, 2010
Discoverer: Jason Geffner
Vendor: Apple Inc.
Systems Affected: iTunes 9.0.0, iTunes 9.0.1, iTunes 9.0.2, iTunes 9.0.3
(version previous to iTunes 9.0.0 not tested)
Risk: High
Apple Security Advisory ID: APPLE-SA-2010-03-30-2 [1]
Apple Knowledge Base Article: HT4105 [2]
Title: Multiple vulnerabilities in iCal
Advisory ID: CORE-2008-0126
Advisory URL: http://www.coresecurity.com/?action=item&id=2219
Date published: 2008-05-21
Date of last update: 2008-05-21
Vendors contacted: Apple Inc.
Release mode: Coordinated release
*Vulnerability Information*
Title: Multiple vulnerabilities in iCal
Advisory ID: CORE-2008-0126
Advisory URL: http://www.coresecurity.com/?action=item&id=2219
Date published: 2008-05-21
Date of last update: 2008-05-21
Vendors contacted: Apple Inc.
Release mode: Coordinated release
*Vulnerability Information*
Dec 07, 2010
I. BACKGROUND
QuickTime is Apple's media player product used to render video and other
media. The PICT file format was developed by Apple Inc. in 1984. PICT
files can contain both object-oriented images and bitmaps. For more
information visit http://www.apple.com/quicktime/
II. DESCRIPTION
http://labs.idefense.com/intelligence/vulnerabilities/
May 12, 2009
I. BACKGROUND
Mac OS X is a computer operating systems available from Apple Inc. OS X
is the tenth major version of Apple's operating system for Macintosh
computers and is Unix-based.
For more information, see the vendor's site found at the following link.
including the Safari browser on both Windows and Mac OS X.
II. DESCRIPTION
Remote exploitation of a heap memory corruption vulnerability in Apple
Inc.'s CoreGraphics library could allow an attacker to execute
arbitrary code with the privileges of the current user. </br></br>
This vulnerability occurs during the processing of an embedded
International Color Consortium (ICC) profile within a JPEG image. A
small block of heap memory may be allocated for processing certain
Original URL:
http://securityreason.com/achievement_securityalert/81
- --- 0.Description ---
Mac OS is the trademarked name for a series of graphical user interface-based operating systems developed by Apple Inc. (formerly Apple Computer, Inc.) for their Macintosh line of computer systems. The Macintosh user experience is credited with popularizing the graphical user interface. The original form of what Apple would later name the "Mac OS" was the integral and unnamed system software first introduced in 1984 with the original Macintosh, usually referred to simply as the System software.
- --- 1. MacOS X 10.5/10.6 libc/strtod(3) buffer overflow ---
The main problem exist in dtoa implementation. MacOS X has the same dtoa as OpenBSD, NetBSD etc. This problem affects not only libc/gdtoa. Affected is also strtod(3) function.
For more information, please see SREASONRES:20090625.
- Apple Safari versions prior to 4.0
I. Background
~~~~~~~~~~~~~
Wikipedia quote: "Apple Inc. (NASDAQ: AAPL) is an American multinational
corporation which designs and manufactures consumer electronics and
software products. The company's best-known hardware products include
Macintosh computers, the iPod and the iPhone."
II. Description
Jul 20, 2011
I. BACKGROUND
WebKit is an open source web browser engine. It is currently used by
Apple Inc.'s Safari browser, as well as by Google's Chrome browser. For
more information, see the vendor's site at the following link.
http://webkit.org/
II. DESCRIPTION
http://www.apple.com/iphone/softwareupdate/
II. DESCRIPTION
Remote exploitation of a memory corruption vulnerability in Apple Inc.'s
OfficeImport framework could allow an attacker to execute arbitrary code
with the privileges of the current user.
The vulnerability occurs when parsing an Excel file with a certain
maliciously constructed record. This record is used to describe a
Sep 09, 2008
I. BACKGROUND
Quicktime is Apple's media player product, and is used to render video
and other media. The PICT file format was developed by Apple Inc. in
1984. PICT files can contain both object oriented images and bitmaps.
For more information visit the vendor's web site at the following URL.
http://www.apple.com/quicktime/
Disabling JavaScript is an effective workaround for this vulnerability.
VI. VENDOR RESPONSE
Apple Inc. has released patches which addresses this issue. For more
information, consult their advisory at the following URL:
http://support.apple.com/kb/HT4808
VII. CVE INFORMATION
Release: Public
[ SUMMARY ]
According to Wikipedia, Safari is a web browser developed by Apple Inc.
and included in Mac OS X.
It was first released as a public beta on January 7, 2003, as the default
browser in Mac OS X v10.3. A beta version for Microsoft Windows was
released for the first time on June 11, 2007 with support for Windows XP
and Windows Vista
Platforms affected - Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X
v10.5.7, Mac OS X Server v10.5.7, Windows XP and Vista
III. BACKGROUND
-------------------------
Safari is a web browser developed by Apple Inc. It is the default browser in
Mac OS X v10.3 and higher. Safari for the Microsoft Windows platform first
released on 11 June 2007 and currently supports both Windows XP and Windows
Vista. The current stable release of the browser is 4.0.3 for Mac OS X and
Windows. (Source - Wikipedia).
- Quicktime (all)
I. Background
~~~~~~~~~~~~~
Wikipedia quote: "Apple Inc. (NASDAQ: AAPL) is an American multinational
corporation which designs and manufactures consumer electronics and
software products. The company's best-known hardware products include
Macintosh computers, the iPod and the iPhone."
II. Description
exploited remotely. However, local users will still be able to obtain
the privileges of the CUPS service user.
VI. VENDOR RESPONSE
Apple Inc. has addressed this vulnerability within Security Update
2008-002. For more information, visit the following URL.
http://docs.info.apple.com/article.html?artnum=307562
VII. CVE INFORMATION
http://www.apple.com/safari/
II. DESCRIPTION
Remote exploitation of a memory corruption vulnerability in Apple Inc.'s
Safari browser could allow an attacker to execute arbitrary code with
the privileges of the current user.
Safari is Apple's Web browser and is based on the open source WebKit
browser engine.
Jul 20, 2011
I. BACKGROUND
WebKit is an open source web browser engine. It is currently used by
Apple Inc.'s Safari browser, as well as by Google's Chrome browser. For
more information, see the vendor's site at the following link.
http://webkit.org/
II. DESCRIPTION
n.runs AG
http://www.nruns.com/ security(at)nruns.com
n.runs-SA-2009.005 23-Jun-2009
_______________________________________________________________________
Vendor: Apple Inc., http://www.apple.com
Affected Products: Safari Browser 3.2.3 all platforms
Vulnerability: Information disclosure to Denial of Service
Risk: MEDIUM
_______________________________________________________________________
n.runs AG
http://www.nruns.com/ security(at)nruns.com
n.runs-SA-2009.006 23-Jun-2009
_______________________________________________________________________
Vendor: Apple Inc., http://www.apple.com
Affected Products: Safari Browser 3.2.3 all platforms
Vulnerability: Null pointer dereference lead to DoS
Risk: MEDIUM
_______________________________________________________________________
======================================================================
3) Vendor's Description of Software
"CUPS is the standards-based, open source printing system developed by
Apple Inc. for Mac OS® X and other UNIX®-like operating systems."
Product Link:
http://www.cups.org/
======================================================================
Jun 08, 2009
I. BACKGROUND
WebKit is an open source web browser engine. It is currently used by the
Apple Inc.'s Safari browser, as well as by Google's Chrome browser. For
more information, see the vendor's site at the following link.
http://webkit.org/
II. DESCRIPTION
Jul 20, 2011
I. BACKGROUND
WebKit is an open source web browser engine. It is currently used by
Apple Inc.'s Safari browser, as well as by Google's Chrome browser. For
more information, see the vendor's site at the following link.
http://webkit.org/
II. DESCRIPTION
Mail.app mail client is vulnerable to a DoS by sending a crafted email.
VENDOR
Apple Inc.
Vendor contacted: 25 July 2011
Vendor reply: 20 September 2011.
Vendor's actions: Details confidential.
======================================================================
3) Vendor's Description of Software
"CUPS provides a portable printing layer for UNIX®-based operating
systems. It was developed by Easy Software Products and is now owned
and maintained by Apple Inc. to promote a standard printing solution.
It is the standard printing system in Mac OS X and most Linux
distributions".
Product Link:
http://www.cups.org/
n.runs AG
http://www.nruns.com/ security(at)nruns.com
n.runs-SA-2009.001 15-May-2009
________________________________________________________________________
Vendor: Apple Inc., http://www.apple.com
Affected Products: Mac OS X 10.5.6
Vulnerability: Heap-based buffer overflow in CFNetwork component
(remote)
Risk: HIGH
________________________________________________________________________
http://www.apple.com/iphone/softwareupdate/
II. DESCRIPTION
Remote exploitation of a memory corruption vulnerability in Apple Inc.'s
OfficeImport framework could allow an attacker to execute arbitrary code
with the privileges of the current user.
The vulnerability occurs when parsing an Excel file with a maliciously
constructed Excel record. Specific values within this record can
Windows XP Professional
iPhone Configuration Web Utility 1.0 for Windows
Vendor Contact
--------------
Vendor Name: Apple Inc.
Vendor Website: www.apple.com
Mar 11, 2010
I. BACKGROUND
WebKit is an open source web browser engine. It is currently used by
Apple Inc.'s Safari browser, as well as by Google's Chrome browser. For
more information, see the vendor's site at the following link.
http://webkit.org/
II. DESCRIPTION
Next Page>>
|
