Posted by Apple Product Security on Aug 13
APPLE-SA-2015-08-13-1 Safari 8.0.8, Safari 7.1.8, and Safari 6.2.8
Safari 8.0.8, Safari 7.1.8, and Safari 6.2.8 is now available and
addresses the following:
Safari Application
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
and OS X Yosemite v10.10.4
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: A malicious website could open another site and prompt
for user input without a way for…
Posted by Apple Product Security on Aug 13
APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update
2015-006
OS X Yosemite v10.10.5 and Security Update 2015-006 is now available
and addresses the following:
apache
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.4
Impact: Multiple vulnerabilities existed in Apache 2.4.16, the most
serious of which may allow a remote attacker to cause a denial of
service.
Description: Multiple vulnerabilities existed in…
Posted by Apple Product Security on Aug 13
APPLE-SA-2015-08-13-3 iOS 8.4.1
iOS 8.4.1 is now available and addresses the following:
AppleFileConduit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A maliciously crafted afc command may allow access to
protected parts of the filesystem
Description: An issue existed in the symbolic linking mechanism of
afc. This issue was addressed by adding additional path checks.
CVE-ID
CVE-2015-5746…
Posted by Apple Product Security on Aug 13
APPLE-SA-2015-08-13-4 OS X Server v4.1.5
OS X Server v4.1.5 is now available and addresses the following:
BIND
Available for: OS X Yosemite v10.10.5 or later
Impact: A remote attacker may be able to cause a denial of service
Description: An assertion issue existed in the handling of TKEY
packets. This issue was addressed by updating BIND to version
9.9.7-P2.
CVE-ID
CVE-2015-5477
OS X Server v4.1.5 may be obtained from the Mac App Store….
Posted by Blue Frost Security Research Lab on Aug 13
Blue Frost Security GmbH
https://www.bluefrostsecurity.de/ research(at)bluefrostsecurity.de
BFS-SA-2015-002 13-August-2015
Posted by ERPScan inc on Aug 13
SAP <http://www.sap.com/> has released
<http://scn.sap.com/community/security/blog/2015/08/11/sap-security-patch-day-summary–august-2015>the
monthly critical patch update for August 2015. This patch update closes 22
vulnerabilities in SAP products, 15 have high priority, some of them belong
to the SAP HANA security area. The most popular vulnerability is Cross Site
Scripting (XSS). This month, three critical vulnerabilities found by…
Posted by Poyo VL on Aug 13
Dear list,
I am pleased to announce you NetRipper, a tool recently released at Defcon 23.
NetRipper is a post exploitation tool targeting Windows systems which uses API hooking in order to intercept network
traffic and encryption related functions from a low privileged user, being able to capture both plain-text traffic and
encrypted traffic before encryption/after decryption.
You can find the more information, source code, binaries,…
Apple Security Advisory 2015-08-13-4 – OS X Server v4.1.5 is now available and addresses a BIND related denial of service vulnerability.
Apple Security Advisory 2015-08-13-3 – iOS 8.4.1 is now available and addresses vulnerabilities in the afc command, AirTraffic, symlinks, and more.
Apple Security Advisory 2015-08-13-2 – OS X Yosemite 10.10.5 and Security Update 2015-006 is now available and addresses vulnerabilities in Apache, the OD plug-in, IOBluetoothHCIController, and more.