MAAS History
Archives

Entries by Sean OConnell Public (50)

Wednesday
Mar092011

APPLE-SA-2011-03-08-1 Java for Mac OS X 10.6 Update 4

DateWednesday, March 9, 2011 at 12:15AM

Apple has released an update to Java for Mac OSX10.6 to address vulnerabilities which allowed an applet to execute code outside of the SandBox. Apple's Java update is always behind the latest release from Oracle. Users should apply the update to MacOSX Client and MacOSX Server. 

AuthorSean OConnell Public | CommentPost a Comment | Reference1 Reference |
tagged in , ,
Wednesday
Mar092011

APPLE-SA-2011-03-08-2 Java for Mac OS X 10.5 Update 9  

DateWednesday, March 9, 2011 at 12:13AM

Apple has released an update to Java for Mac OSX10.5 to address vulnerabilities which allowed an applet to execute code outside of the SandBox. Apple's Java update is always behind the latest release from Oracle. Users should apply the update to MacOSX Client and MacOSX Server. 

AuthorSean OConnell Public | CommentPost a Comment | Reference1 Reference |
tagged in , ,
Wednesday
Mar022011

Apple Releases iTunes 10.2

DateWednesday, March 2, 2011 at 06:46PM

Apple has released iTunes 10.2 which addresses several security issues in the Vista version and stability issues in the Mac OSX version which include the following:

 

  • Sync with your iPhone, iPad, or iPod touch with iOS 4.3. 
  • Improved Home Sharing. Browse and play from your iTunes libraries with Home Sharing on any iPhone, iPad, or iPod touch with iOS 4.3.

 

 The update can be applied via Software Update. 

AuthorSean OConnell Public | CommentPost a Comment | Reference1 Reference |
tagged in , ,
Tuesday
Mar012011

Google Chrome Update 9.0.597 Released

DateTuesday, March 1, 2011 at 04:45PM

Google has released to the stable channel an update for Chrome to address various stability and security issues.

  • [$1000] [54262] High URL bar spoof. Credit to Jordi Chancel.
  • [$500] [63732] High Crash with javascript dialogs. Credit to Sergey Radchenko.
  • [$1000] [68263] High Stylesheet node stale pointer. Credit to Sergey Glazunov.
  • [$1000] [68741] High Stale pointer with key frame rule. Credit to Sergey Glazunov.
  • [$500] [70078] High Crash with forms controls. Credit to Stefan van Zanden.
  • [$1000] [70244] High Crash in SVG rendering. Credit to Sławomir Błażek.
  • [64-bit Linux only] [70376] Medium Out-of-bounds read in pickle deserialization. Credit to Evgeniy Stepanov of the Chromium development community.
  • [$1000] [71114] High Stale node in table handling. Credit to Martin Barbella.
  • [$1000] [71115] High Stale pointer in table rendering. Credit to Martin Barbella.
  • [$1000] [71296] High Stale pointer in SVG animations. Credit to miaubiz.
  • [$1000] [71386] High Stale nodes in XHTML. Credit to wushi of team509.
  • [$1000] [71388] High Crash in textarea handling. Credit to wushi of team509.
  • [$1000] [71595] High Stale pointer in device orientation. Credit to Sergey Glazunov.
  • [71717] Medium Out-of-bounds read in WebGL. Credit to miaubiz.
  • [$1000] [71855] High Integer overflow in textarea handling. Credit to miaubiz.
  • [71960] Medium Out-of-bounds read in WebGL. Credit to Google Chrome Security Team (Inferno).
  • [72214] High Accidental exposure of internal extension functions. Credit to Tavis Ormandy of the Google Security Team.
  • [$1000] [72437] High Use-after-free with blocked plug-ins. Credit to Chamal de Silva.
  • [$1000] [73235] High Stale pointer in layout. Credit to Martin Barbella.
AuthorSean OConnell Public | CommentPost a Comment | Reference2 References |
tagged in , , ,
Thursday
Feb102011

Researchers ByPass Keychain on iOS device

DateThursday, February 10, 2011 at 09:04AM

Researchers from Fraunhofer SIT have demonstrated how to bypass the KeyChain on an iOS device. This is a local attack, not remote, but has implications for users who's devices are lost or stolen.

 

  • They Jailbreak the phone with tools already available to gain access to the system.
  • Copy the KeyChain access script to the file system.
  • Execute the Script which returns the passwords it has been able to find.

 

Not all passwords are broken but key ones for online account and corporate network access information can be broken in under six minutes.

For a video on how they did it click here.

If you lose your iPhone or plan to retire it keep this in mind.

 

  1. Do a Hard Factory Reset.
  2. Clear out all data.
  3. Use Mobile Me Find My iPhone in the event that it is lost and erase it fist. (iTunes should have a backup.)

 

If you are an organization you should have a phone/PDA retirement policy.

AuthorSean OConnell Public | CommentPost a Comment | Reference1 Reference |
tagged in , , ,
Page 1 ... 6 7 8 9 10 Next 5 Entries »