APPLE-SA-2016-12-13-2 Safari 10.0.2

December 14, 2016 007admin

Posted by Apple Product Security on Dec 14

Safari 10.0.2 is now available and addresses the following:

Safari Reader
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.1
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: Multiple validation issues were addressed through
improved input sanitization.
CVE-2016-7650: Erling Ellingsen…

Full Disclosure

APPLE-SA-2016-12-13-3 iTunes 12.5.4

December 14, 2016 007admin

Posted by Apple Product Security on Dec 14

APPLE-SA-2016-12-13-3 iTunes 12.5.4

iTunes 12.5.4 is now available and addresses the following:

WebKit
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4692: Apple
CVE-2016-7635: Apple
CVE-2016-7652: Apple

WebKit
Impact: Processing maliciously crafted web content may result in the
disclosure of process…

Full Disclosure

Adobe Animate <= v15.2.1.95 Memory Corruption Vulnerability

December 14, 2016 007admin

Posted by hyp3rlinx on Dec 14

[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source:
http://hyp3rlinx.altervista.org/advisories/ADOBE-ANIMATE-MEMORY-CORRUPTION-VULNERABILITY.txt

[+] ISR: ApparitionSec

Vendor:
=============
www.adobe.com

Product(s):
=============================
Adobe Animate
15.2.1.95 and earlier versions

Adobe Animate (formerly Adobe Flash Professional, Macromedia Flash, and
FutureSplash Animator) is a multimedia…

Fedora

firefox-50.1.0-1.fc25

December 14, 2016 007admin

– update to the new upstream version (50.1.0)
– fixed X Window crashes (mozbz#1271100)

Fedora

firefox-50.1.0-1.fc23

December 14, 2016 007admin

– update to the new upstream version (50.1.0)
– fixed X Window crashes (mozbz#1271100)

Fedora

firefox-50.1.0-1.fc24

December 14, 2016 007admin

– update to the new upstream version (50.1.0)
– fixed X Window crashes (mozbz#1271100)

Checkpoint

Dell SonicWALL Universal Management Suite ImagePreviewServlet SQL Injection

December 14, 2016 007admin

An SQL injection vulnerability exists in Dell SonicWALL Universal Management Suite. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request. Successful exploitation of this vulnerability can lead to arbitrary code execution in the context of SYSTEM on the target host.

Checkpoint

Adobe Flash Player Memory Corruption (APSB16-39: CVE-2016-7874; CVE-2016-7874)

December 14, 2016 007admin

A memory corruption vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file.

Security

Wannabe Hackers Are Paying To Learn How To Use The Mirai Botnet

December 13, 2016 007admin

Security

Researchers Are Preparing For Trump To Delete Government Science

December 13, 2016 007admin

007 Software

Monthly Archives: December 2016

APPLE-SA-2016-12-13-2 Safari 10.0.2

APPLE-SA-2016-12-13-3 iTunes 12.5.4

Adobe Animate <= v15.2.1.95 Memory Corruption Vulnerability

firefox-50.1.0-1.fc25

firefox-50.1.0-1.fc23

firefox-50.1.0-1.fc24

Dell SonicWALL Universal Management Suite ImagePreviewServlet SQL Injection

Adobe Flash Player Memory Corruption (APSB16-39: CVE-2016-7874; CVE-2016-7874)

Wannabe Hackers Are Paying To Learn How To Use The Mirai Botnet

Researchers Are Preparing For Trump To Delete Government Science

Software and Security Information