MAAS History
Archives

Entries by drStrangeP0rk (171)

Wednesday
Aug182010

Adobe Pre-notification of Reader 9.3.3 Patch

DateWednesday, August 18, 2010 at 10:39AM

Adobe has already released an update of Flash player, they are expected to release the Reader Update on 8/19/2010. These vulnerabilities were the ones discussed and presented at Black Hat. Users and administrators should save the date.

AuthordrStrangeP0rk | CommentPost a Comment |
in , , , , ,
Friday
Aug132010

APPLE-SA-2010-08-12-1 QuickTime 7.6.7

DateFriday, August 13, 2010 at 07:32AM
Apple has released an update for QuickTime to address a vulnerability in the Windows version. There was a buffer overflow in the error logging which can result in arbitrary coded execution.
AuthordrStrangeP0rk | CommentPost a Comment |
in , ,
Wednesday
Aug112010

Microsoft Office 2008 for Mac 12.2.6 Update

DateWednesday, August 11, 2010 at 10:13PM
Microsoft has released an update for Office 2008 for Mac programs. the update addresses vulnerabilities that allowed an attacker to overwrite the contents of memory with malicious code leading to arbitrary code execution or privilege escalation. Users should update their versions of Office immediately.
AuthordrStrangeP0rk | CommentPost a Comment | Reference1 Reference |
in , , ,
Wednesday
Aug112010

APPLE-SA-2010-08-11-2 iOS 3.2.2 Update for iPad

DateWednesday, August 11, 2010 at 09:46PM

Apple has released updates to address CVE-2010-1797 (FreeType) and CVE-2010-2973 (IOSurface) vulnerabilities. These vulnerabilities were being used by the jailbreakme_com site which users could visit to jailbreak their phone. The iPad is vulnerable to these exploits as well. Reports of the vulnerability being exploited in the wild surface but were unsubstantiated. 

A PDF file could be used to exploit a stack buffer overflow in FreeType handling of CCF opcodes resulting in arbitrary code execution. The issue has been solved by establishing better bounds checking. In addition an integer overflow existed in the IOSurface which allowed elevated privileges to be gained. The combination of the above vulnerabilities resulted in a jail broken iPad or could be leveraged by malicious attackers using spear phish, drive by downloads or mass malware assault. Users should update their iPad using iTunes immediately. 

AuthordrStrangeP0rk | CommentPost a Comment | Reference1 Reference |
in , , , ,
Wednesday
Aug112010

APPLE-SA-2010-08-11-1 iOS 4.0.2 Update for iPhone and iPod touch  

DateWednesday, August 11, 2010 at 09:32PM

Apple has released updates to address CVE-2010-1797 (FreeType) and CVE-2010-2973 (IOSurface) vulnerabilities. These vulnerabilities were being used by the jailbreakme_com site which users could visit to jailbreak their phone. Reports of the vulnerability being exploited in the wild surface but were unsubstantiated. 

A PDF file could be used to exploit a stack buffer overflow in FreeType handling of CCF opcodes resulting in arbitrary code execution. The issue has been solved by establishing better bounds checking. In addition an integer overflow existed in the IOSurface which allowed elevated privileges to be gained. The combination of the above vulnerabilities resulted in a jail broken iPhone or could be leveraged by malicious attackers using spear phish, drive by downloads or mass malware assault. Users should update their IPhone and IPod Touch using iTunes immediately. 

AuthordrStrangeP0rk | CommentPost a Comment | Reference1 Reference |
in , , , , ,
Page 1 ... 6 7 8 9 10 ... 35 Next 5 Entries ยป