MAAS History
Archives

Entries by drStrangeP0rk (171)

Thursday
Apr292010

iTunes 9.1.1 Released

DateThursday, April 29, 2010 at 09:31AM

Apple has released an update to iTunes that includes support for the iPad. In addition various stability and usability issues related to VoiceOver and Genius have been included. One big issue that has been address is when converting songs to 128 kbps AAC while syncing you iPhone, iPod or iPad. 

Users can install this update via Software Update or downloading from this link.

Currently PC users have been targets of various phishing emails related to the iPad. Due to recent activity in known criminal malware news groups MacOS users should expect that cyber criminals may target them using a similar approach related to the iPad. There goal is to install malware, lock out users or install ransom ware. Apple does not email out software updates ever. Users can visit Apple's download page or use Software Update to obtain updates. Users should also check the hashes related to the down loads if downloading and installing manually. 

AuthordrStrangeP0rk | CommentPost a Comment | Reference2 References |
in , ,
Wednesday
Apr142010

Apple Updates Server Admin Tool 10.6.3

DateWednesday, April 14, 2010 at 09:05PM

Apple has released server admin tools with various updates including the following:

Server Admin

  • Eliminates delays in Server Admin on an IPv6 network.
  • The "Edit Over Quota Error Message" button is now always enabled for the Mail service.
  • You can now stop the NetBoot service without stopping the DHCP service first.
  • NetBoot/NetInstall filtering by client MAC address now works.
  • Adds NetBoot/NetInstall model filter for iMac (27-inch, Late 2009) computers.


System Image Utility

  • Fixes an issue that could generate the message "Catalog file is too fragmented for restore" when creating a NetRestore image from a volume.
  • When using the Add Packages and Post-Install Scripts task, you can now specify the order of the added packages and scripts.
  • You can now create a NetRestore image that includes a package such as iTunes, which would previously prevent the new disk image from being unmounted during creation.
  • The Customize Package Selection workflow now works when the primary language is not English.
  • Adds model filter for iMac (27-inch, Late 2009) computers.
  • Improves the ability to add Software Update and other installation packages to a NetInstall workflow. (* see note below)
  • You can now Enable Automated Installation for a NetRestore image. (* see note below)
  • Fixes an issue that could cause systems created from a NetInstall image to show an alert that "the client computer already exists" when binding to an Open Directory server. For details, see this article. (* see note below)
  • Fixes an issue with setting a custom system name using the Apply System Configuration Settings task. (* see note below)
  • When you Enable Automated Installation for a NetInstall image, clients can now successfully choose which volume to install on, if the "Volume: Selected by user" option is set. (* see note below)

* Note: In order to take advantage of these improvements, you must create an image from a 10.6.3 or later source volume.


Workgroup Manager

  • Fixes an issue that could cause a user's primary shortname to be changed when adding or editing additional shortnames.


Server Admin Tools 10.6.3 also includes these improvements, first delivered in Server Admin Tools 10.6.2:

Server Admin

  • Improves stability of Server Admin application.
  • Includes Netboot/Netinstall model filters for Macs introduced in October, 2009.
  • DHCP service status is now reported correctly when viewing the Netboot service overview.
  • Fixes an issue that could cause a cache file to grow out of bounds when Server Admin checks for server software updates from behind an authenticated web proxy.

Server Assistant

  • Now enforces LOM password length requirements during setup (at least eight characters, no more than twenty).

Server Preferences

  • Improves general usability and reliability of Server Preferences, including the creation and deletion of users and groups.
  • Guest access for File Sharing is now correctly granted when enabled in Server Preferences.

System Image Utility

  • Includes Netboot/Netinstall model filters for Macs introduced in October, 2009.

Workgroup Manager

  • Fixes a user interface issue in Mac OS X Server v10.6.1 that prevented the creation of users with a period "." in the short name on a Snow Leopard Server.
  • Fixes a user interface issue in Mac OS X Server v10.6.1 that could cause incorrect options to appear when creating users on a Snow Leopard Server.

Xgrid Admin

  • Allows one to connect to Mac OS X Server v10.5 Leopard Xgrid controllers.
AuthordrStrangeP0rk | CommentPost a Comment | Reference1 Reference |
in , ,
Wednesday
Apr142010

APPLE-SA-2010-04-14-1 Security Update 2010-003  

DateWednesday, April 14, 2010 at 06:25PM

Apple has released a security update for Mac OSX 10.6.x client/server and an update for Mac OSX 10.5.x  client/server to address the unchecked issue in Apple Type Services (ATS) discovered by Charlie Miller. Due to uncheck indexing within ATS maliciously crafted embedded fonts will result in application failure and arbitrary code execution. ATS is a legacy framework, currently CoreText is used for Unicode. ATS is prone to various memory-corruption issues as well and is used across various applications so users need to perform this update, Apple recommends developers use Core Text and Core Graphics. It is safe to say that based on the information provided that someone with malicious intent can produce this exploit.

http://developer.apple.com/mac/library/documentation/Carbon/Conceptual/Carbon64BitGuide/OtherAPIChanges/OtherAPIChanges.html

http://support.apple.com/downloads/

AuthordrStrangeP0rk | CommentPost a Comment | Reference2 References |
in , , ,
Tuesday
Apr132010

Adobe Releases Critical Security Update

DateTuesday, April 13, 2010 at 07:33PM

Adobe has released a new Adobe Reader Updater.app to handle updates of Reader and Acrobat. The updater still needs to be configured to check, download and install updates when they become available. It is Adobe's determination that users want these kinds of controls but I do not agree with their decision not make automatic updates a default instead opting for users choice. 

In addition to the new updater which uses SSL properly we hope (we have not tested this yet) Reader and Acrobat have been updated to address various CVE's including the following:

  • This update resolves a cross-site scripting vulnerability that could lead to code execution (CVE-2010-0190).
  • This update resolves a prefix protocol handler vulnerability that could lead to code execution (CVE-2010-0191).
  • This update resolves a denial of service vulnerability; arbitrary code execution has not been demonstrated, but may be possible (CVE-2010-0192).
  • This update resolves a denial of service vulnerability; arbitrary code execution has not been demonstrated, but may be possible (CVE-2010-0193).
  • This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-0194).
  • This update resolves a font handling vulnerability that could lead to code execution (CVE-2010-0195).
  • This update resolves a denial of service vulnerability; arbitrary code execution has not been demonstrated, but may be possible (CVE-2010-0196).
  • This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-0197).
  • This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2010-0198).
  • This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2010-0199).
  • This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-0201).
  • This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2010-0202).
  • This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2010-0203).
  • This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-0204).
  • This update resolves a heap-based overflow vulnerability that could lead to code execution (CVE-2010-1241).

 

AuthordrStrangeP0rk | CommentPost a Comment | Reference2 References |
in , , ,
Wednesday
Apr072010

Adobe Warns of PDF "/Launch" Attack

DateWednesday, April 7, 2010 at 01:51PM

In Adobe Reader and Acrobat under Prefernces>Trust Manager there is an option to allow the opening of other content using external applications. Even with warnings user tend to click first and ask questions later. From my perspective these warnings are useless and malware creators know that you play the odds which are in their favor, namely that a user will not heed the warnings. 

Adobe is warning users to disable the option to trust and open non-PDF file attachments. This is one of the many setting recommended in pervious post. Users also may consider setting up a sand-boxed Preview.app for opening PDF files from the web. I have tested this with several configurations and it does appear to limit the effectiveness of exploits in PDF files but is not full proof.

AuthordrStrangeP0rk | CommentPost a Comment | Reference2 References |
in , , , , , ,
Page 1 ... 12 13 14 15 16 ... 35 Next 5 Entries ยป