magmatic.com - Squawk Box

MAAS History

APPLE-SA-2011-03-08-1 Java for Mac OS X 10.6 Update 4

Wednesday, March 9, 2011 at 12:15AM

Apple has released an update to Java for Mac OSX10.6 to address vulnerabilities which allowed an applet to execute code outside of the SandBox. Apple's Java update is always behind the latest release from Oracle. Users should apply the update to MacOSX Client and MacOSX Server.

Sean OConnell Public |

Post a Comment |

1 Reference |

tagged

Condition:GREEN in

Apple,

Java,

Updates

Wednesday

Mar092011

APPLE-SA-2011-03-08-2 Java for Mac OS X 10.5 Update 9

Wednesday, March 9, 2011 at 12:13AM

Apple has released an update to Java for Mac OSX10.5 to address vulnerabilities which allowed an applet to execute code outside of the SandBox. Apple's Java update is always behind the latest release from Oracle. Users should apply the update to MacOSX Client and MacOSX Server.

Sean OConnell Public |

Post a Comment |

1 Reference |

tagged

Condition:GREEN in

Apple,

Java,

Updates

Tuesday

Mar082011

Google Releases Chrome10.0.648.127 to Stable Channel

Tuesday, March 8, 2011 at 04:00PM

Google has release Chrome update 10.0.648.127 for MacOSX to the stable channel. This update includes features such as Flash Sand-Box for Windows and improved JavaScript performance. In addition the following vulnerabilities have been addressed (Directly from Google Site):

[42574] [42765] Low Possible to navigate or close the top location in a sandboxed frame. Credit to sirdarckcat of the Google Security Team.
[Linux only] [49747] Low Work around an X server bug and crash with long messages. Credit to Louis Lang.
[Linux only] [66962] Low Possible browser crash with parallel print()s. Credit to Aki Helin of OUSPG.
[$1337] [69187] Medium Cross-origin error message leak. Credit to Daniel Divricean.
[$500] [69628] High Memory corruption with counter nodes. Credit to Martin Barbella.
[$1000] [70027] High Stale node in box layout. Credit to Martin Barbella.
[$500] [70336] Medium Cross-origin error message leak with workers. Credit to Daniel Divricean.
[$1000] [70442] High Use after free with DOM URL handling. Credit to Sergey Glazunov.
[Linux only] [70779] Medium Out of bounds read handling unicode ranges. Credit to miaubiz.
[$1337] [70877] High Same origin policy bypass in v8. Credit to Daniel Divricean.
[70885] [71167] Low Pop-up blocker bypasses. Credit to Chamal de Silva.
[$1000] [71763] High Use-after-free in document script lifetime handling. Credit to miaubiz.
[71788] High Out-of-bounds write in the OGG container. Credit to Google Chrome Security Team (SkyLined); plus subsequent independent discovery by David Weston of Microsoft and MSVR.
[$1000] [72028] High Stale pointer in table painting. Credit to Martin Barbella.
[73026] High Use of corrupt out-of-bounds structure in video code. Credit to Tavis Ormandy of the Google Security Team.
[$1000] [73066] High Crash with the DataView object. Credit to Sergey Glazunov.
[$1000] [73134] High Bad cast in text rendering. Credit to miaubiz.
[$2000] [73196] High Stale pointer in WebKit context code. Credit to Sergey Glazunov.
[73716] Low Leak of heap address in XSLT. Credit to Google Chrome Security Team (Chris Evans).
[$1500] [73746] High Stale pointer with SVG cursors. Credit to Sergey Glazunov.
[$1000] [74030] High DOM tree corruption with attribute handling. Credit to Sergey Glazunov.
[$1000] [74662] High Corruption via re-entrancy of RegExp code. Credit to Christian Holler.
[$1000] [74675] High Invalid memory access in v8. Credit to Christian Holler.

This update is critical and the second one in the last eight days.

magmaticConsulting |

Post a Comment |

1 Reference |

tagged

Condition:GREEN in

Chrome,

Google,

Updates

Wednesday

Mar022011

Apple Releases iTunes 10.2

Wednesday, March 2, 2011 at 06:46PM

Apple has released iTunes 10.2 which addresses several security issues in the Vista version and stability issues in the Mac OSX version which include the following:

Sync with your iPhone, iPad, or iPod touch with iOS 4.3.
Improved Home Sharing. Browse and play from your iTunes libraries with Home Sharing on any iPhone, iPad, or iPod touch with iOS 4.3.

The update can be applied via Software Update.

Sean OConnell Public |

Post a Comment |

1 Reference |

tagged

Condition:GREEN in

Apple,

Updates,

iTunes

Tuesday

Mar012011

Google Chrome Update 9.0.597 Released

Tuesday, March 1, 2011 at 04:45PM

Google has released to the stable channel an update for Chrome to address various stability and security issues.

[$1000] [54262] High URL bar spoof. Credit to Jordi Chancel.
[$500] [63732] High Crash with javascript dialogs. Credit to Sergey Radchenko.
[$1000] [68263] High Stylesheet node stale pointer. Credit to Sergey Glazunov.
[$1000] [68741] High Stale pointer with key frame rule. Credit to Sergey Glazunov.
[$500] [70078] High Crash with forms controls. Credit to Stefan van Zanden.
[$1000] [70244] High Crash in SVG rendering. Credit to Sławomir Błażek.
[64-bit Linux only] [70376] Medium Out-of-bounds read in pickle deserialization. Credit to Evgeniy Stepanov of the Chromium development community.
[$1000] [71114] High Stale node in table handling. Credit to Martin Barbella.
[$1000] [71115] High Stale pointer in table rendering. Credit to Martin Barbella.
[$1000] [71296] High Stale pointer in SVG animations. Credit to miaubiz.
[$1000] [71386] High Stale nodes in XHTML. Credit to wushi of team509.
[$1000] [71388] High Crash in textarea handling. Credit to wushi of team509.
[$1000] [71595] High Stale pointer in device orientation. Credit to Sergey Glazunov.
[71717] Medium Out-of-bounds read in WebGL. Credit to miaubiz.
[$1000] [71855] High Integer overflow in textarea handling. Credit to miaubiz.
[71960] Medium Out-of-bounds read in WebGL. Credit to Google Chrome Security Team (Inferno).
[72214] High Accidental exposure of internal extension functions. Credit to Tavis Ormandy of the Google Security Team.
[$1000] [72437] High Use-after-free with blocked plug-ins. Credit to Chamal de Silva.
[$1000] [73235] High Stale pointer in layout. Credit to Martin Barbella.