Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Apple update summary - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Apple update summary

Those folks over at Apple Inc have been churning out the patches recently, so to keep them all together, here is a little summary:

Apple ID : APPLE-SA-2011-11-14-1 iTunes 10.5.1 

Impact:  A man-in-the-middle attacker may offer software that appears to originate from Apple

CVE : CVE-2008-3434

 

Apple ID: APPLE-SA-2011-11-10-2 Time Capsule and AirPort Base Station (802.11n) Firmware 7.6

Impact:  An attacker in a privileged network position may be able to cause arbitrary command execution via malicious DHCP responses

CVE: CVE-2011-0997

 

Apple ID: APPLE-SA-2011-11-10-1 iOS 5.0.1 Software Update

Impact:  Visiting a maliciously crafted website may lead to the disclosure of sensitive information

CVE: CVE-2011-3246

Impact:  Viewing a document containing a maliciously crafted font may lead to arbitrary code execution

CVE : CVE-2011-3439

Impact:  An attacker with a privileged network position may intercept user credentials or other sensitive information

CVE : Non-provided

Impact:  An application may execute unsigned code

CVE: CVE-2011-3442

Impact:  Visiting a maliciously crafted website may lead to the
disclosure of sensitive information

CVE: CVE-2011-3441

Impact:  A person with physical access to a locked iPad 2 may be able to access some of the user's data

CVE: CVE-2011-3440

None of these would appear to address the Core Security announced Sandbox vulnerability (CVE-2011-1516) referenced here.

Also note Swa's earlier diary on recent updates to the Java distribution.

Steve

ISC Handler

 

 

 

Stephen

89 Posts
ISC Handler
One more to add for the day...
> iTunes v10.5.1 released
- http://www.securitytracker.com/id/1026323
Nov 14 2011
- https://support.apple.com/kb/HT5030
.
Anonymous

Sign Up for Free or Log In to start participating in the conversation!