Apple update summary
Those folks over at Apple Inc have been churning out the patches recently, so to keep them all together, here is a little summary:
Apple ID : APPLE-SA-2011-11-14-1 iTunes 10.5.1
Impact: A man-in-the-middle attacker may offer software that appears to originate from Apple
CVE : CVE-2008-3434
Apple ID: APPLE-SA-2011-11-10-2 Time Capsule and AirPort Base Station (802.11n) Firmware 7.6
Impact: An attacker in a privileged network position may be able to cause arbitrary command execution via malicious DHCP responses
CVE: CVE-2011-0997
Apple ID: APPLE-SA-2011-11-10-1 iOS 5.0.1 Software Update
Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information
CVE: CVE-2011-3246
Impact: Viewing a document containing a maliciously crafted font may lead to arbitrary code execution
CVE : CVE-2011-3439
Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information
CVE : Non-provided
Impact: An application may execute unsigned code
CVE: CVE-2011-3442
Impact: Visiting a maliciously crafted website may lead to the
disclosure of sensitive information
CVE: CVE-2011-3441
Impact: A person with physical access to a locked iPad 2 may be able to access some of the user's data
CVE: CVE-2011-3440
None of these would appear to address the Core Security announced Sandbox vulnerability (CVE-2011-1516) referenced here.
Also note Swa's earlier diary on recent updates to the Java distribution.
Steve
ISC Handler
Comments