Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2011-11-14 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Apple update summary

Published: 2011-11-14
Last Updated: 2011-11-14 19:25:09 UTC
by Stephen Hall (Version: 1)
1 comment(s)

Those folks over at Apple Inc have been churning out the patches recently, so to keep them all together, here is a little summary:

Apple ID : APPLE-SA-2011-11-14-1 iTunes 10.5.1 

Impact:  A man-in-the-middle attacker may offer software that appears to originate from Apple

CVE : CVE-2008-3434

 

Apple ID: APPLE-SA-2011-11-10-2 Time Capsule and AirPort Base Station (802.11n) Firmware 7.6

Impact:  An attacker in a privileged network position may be able to cause arbitrary command execution via malicious DHCP responses

CVE: CVE-2011-0997

 

Apple ID: APPLE-SA-2011-11-10-1 iOS 5.0.1 Software Update

Impact:  Visiting a maliciously crafted website may lead to the disclosure of sensitive information

CVE: CVE-2011-3246

Impact:  Viewing a document containing a maliciously crafted font may lead to arbitrary code execution

CVE : CVE-2011-3439

Impact:  An attacker with a privileged network position may intercept user credentials or other sensitive information

CVE : Non-provided

Impact:  An application may execute unsigned code

CVE: CVE-2011-3442

Impact:  Visiting a maliciously crafted website may lead to the
disclosure of sensitive information

CVE: CVE-2011-3441

Impact:  A person with physical access to a locked iPad 2 may be able to access some of the user's data

CVE: CVE-2011-3440

None of these would appear to address the Core Security announced Sandbox vulnerability (CVE-2011-1516) referenced here.

Also note Swa's earlier diary on recent updates to the Java distribution.

Steve

ISC Handler

 

 

 

Keywords: apple
1 comment(s)
Diary Archives