MAAS History
Archives
Wednesday
Oct202010

APPLE-SA-2010-10-20-2 Java for Mac OS X 10.5 Update 8

DateWednesday, October 20, 2010 at 06:59PM

Apple has released an updates to Java for Mac OSX Server and Client to address server vulnerabilities which are dated. This includes a fix to prevent an unsigned applet from execution outside the sand-box, proper handling of MACH RPC messaging and improvement to handling window bonds. Users should apply this update via Software Update. For More information please see reference link.

AuthordrStrangeP0rk | CommentPost a Comment | Reference1 Reference |
in , ,
Tuesday
Oct192010

Google Updates Chrome to 7.0.517.41

DateTuesday, October 19, 2010 at 08:49PM

Google has released an update of Chrome to the stable channel to address various stability and security issues. This includes fixes to crashes with forms, crash using auto fill, URL spoofing on page unload, element persistence in the element map and sandbox process failures (Not Confirmed on Mac OSX but affect Linux distributions). 

Users should apply the update by opening about Chrome and clicking on the check for updates link. For more information about improvements visit the reference links below. 

AuthordrStrangeP0rk | CommentPost a Comment | Reference1 Reference |
in , ,
Wednesday
Oct062010

Adobe Reader and Acrobat

DateWednesday, October 6, 2010 at 09:07AM

Adobe has released a security update for Acrobat and Acrobat Reader to address CVE-2010-2883 and CVE-2010-2884. This update was released ahead of schedule, users should apply this update promptly, it is marked as critical.

As a note we recommend using Preview.app for PDF files, within seatbelt for hard core users. 

AuthordrStrangeP0rk | CommentPost a Comment | Reference1 Reference |
in , ,
Saturday
Sep252010

Safari Auto Fill Flaw Can Still be Conducted Using Two Phase Process

DateSaturday, September 25, 2010 at 04:47PM

Jeremiah Grossman's Auto Fill Flaw can still be exploited by socially engineering a user to perform staged clicks on a form or page. In his online example the users location is used to provoke the first key. Other examples can be simple trickery such as type "DuD" to prove your a human. He has posted the technical details on his blog, the result is that the users Auto Fill information is passed without the knowledge of the user.

Auto fill altthough viewed as a convenicnce to users can result in sharing information the user did not plan to disclose. In Safari you should make sure to turn these settings off including on iOS devices. 

Recommended Settings

When thinking about privacy and the sharing of any personal information educate users in the concepts of trust and verification. If the form is completed automatically the user skips triggering mechanisms that can prevent these kinds of information gathering attacks. 

AuthordrStrangeP0rk | CommentPost a Comment | Reference2 References |
in , , , , ,
Monday
Sep202010

APPLE-SA-2010-09-20-1 Security Update 2010-006

DateMonday, September 20, 2010 at 08:03PM

Apple has released an update for OSX Server 10.6.4 to address an password bypass vulnerability in AFP Server. A malicious users may be able to bypass authentication if they are aware of a users of the system. Administrators should apply this software update to OSX Server,  a restart is required. 

AuthordrStrangeP0rk | CommentPost a Comment | Reference1 Reference |
in , , ,
Page 1 ... 14 15 16 17 18 ... 46 Next 5 Entries ยป