MAAS History
Archives

Entries by drStrangeP0rk (171)

Wednesday
Sep082010

APPLE-SA-2010-09-07-1 Safari 5.0.2 and Safari 4.1.2  

Apple has released Safari 5.0.2 and Safari 4.1.2 to address vulnerabilities in WebKit. Users should apply these updates since they are both critical. There was an input validation issue related to floating point data types which could be exploited, this has been addressed by performing improved validation. 

The other major issue is related to run-in styling which a malicious site could tag advantage of a use after free event. Object pointers has been improved in WebKit handling of run-in styling. Both of these updates require a restart of the server and client versions of MacOSX. 

Friday
Sep032010

Google Updates Chrome

Google has released an update to Chrome on the stable channel for Mac OSX. The update addresses various speed and stability concerns in addition to the following security issues.

  • [34414] Low Pop-up blocker bypass with blank frame target. Credit to Google Chrome Security Team (Inferno) and “ironfist99”.
  • [37201] Medium URL bar visual spoofing with homographic sequences. Credit to Chris Weber of Casaba Security.
  • [41654] Medium Apply more restrictions on setting clipboard content. Credit to Brook Novak.
  • [45659] High Stale pointer with SVG filters. Credit to Tavis Ormandy of the Google Security Team.
  • [45876] Medium Possible installed extension enumeration. Credit to Lostmon.
  • [46750] [51846] Low Browser NULL crash with WebSockets. Credit to Google Chrome Security Team (SkyLined), Google Chrome Security Team (Justin Schuh) and Keith Campbell.
  • [$1000] [50386] High Use-after-free in Notifications presenter. Credit to Sergey Glazunov.
  • [50839] High Notification permissions memory corruption. Credit to Michal Zalewski of the Google Security Team and Google Chrome Security Team (SkyLined).
  • [$1337] [51630] [51739] High Integer errors in WebSockets. Credit to Keith Campbell and Google Chrome Security Team (Cris Neckar).
  • [$500] [51653] High Memory corruption with counter nodes. Credit to kuzzcc.
  • [51727] Low Avoid storing excessive autocomplete entries. Credit to Google Chrome Security Team (Inferno).
  • [52443] High Stale pointer in focus handling. Credit to VUPEN Vulnerability Research Team (VUPEN-SR-2010-249).
  • [$1000] [52682] High Sandbox parameter deserialization error. Credit to Ashutosh Mehra and Vineet Batra of the Adobe Reader Sandbox Team.
  • [$500] [53001] Medium Cross-origin image theft. Credit to Isaac Dawson.

Thursday
Sep022010

APPLE-SA-2010-09-01-1 iTunes 10  

Apple has released iTunes 10 SA-2010-09-01-1 which includes various updates including Ping introduced September 1, 2010. In addition the XSS vulnerabilities which also affected iTunes within WebKit has been patched. Users should install the iTunes update via Software Updater. No restart is required for this update. 

Tuesday
Aug242010

APPLE-SA-2010-08-24-1 Security Update 2010-005  

Apple hase released Apple-SA-2010-08-24-1 to address a host of security issues in Mac OSX client and Mac OSX server. Highlight include addressing the stack buffer overflow in Apple Type Services (ATS), CFNetwork which allowed anonymous TLS/SSL connections, ClamAV update to 0.96.1 (Vulnerabilities in older versions), CoreGraphics heap buffer overflow and libsecurity not properly comparing host names with three componets. 

Administrators and Users should apply this patch immediately to their systems. For more details visit the reference link below. This update requires a reboot. 

Monday
Aug232010

Google Chrome 5.0.375.127 Released

Google Chrome 5.0.375.127 has been released that includes patches for various flaws. Users should Chrome>About Chrome and select the Check For Updates button. 

Below is the list of various CVE addressed:

  • [$1337] [45400] Critical Memory corruption with file dialog. Credit to Sergey Glazunov. 
  • [$500] [49596] High Memory corruption with SVGs. Credit to wushi of team509.
  • [$500] [49628] High Bad cast with text editing. Credit to wushi of team509.
  • [$1000] [49964] High Possible address bar spoofing with history bug. Credit to Mike Taylor.
  • [$2000] [50515] [51835] High Memory corruption in MIME type handling. Credit to Sergey Glazunov.
  • [$1337] [50553] Critical Crash on shutdown due to notifications bug. Credit to Sergey Glazunov.
  • [51146] Medium Stop omnibox autosuggest if the user might be about to type a password. Credit to Robert Hansen.
  • [$1000] [51654] High Memory corruption with Ruby support. Credit to kuzzcc.
  • [$1000] [51670] High Memory corruption with Geolocation support. Credit to kuzzcc.