Monthly Archives: January 2017

Redhat

RHSA-2017:0180-1: Critical: java-1.8.0-openjdk security update

Red Hat Enterprise Linux: An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6
and Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of
Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5552, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3261, CVE-2017-3272, CVE-2017-3289

Full Disclosure

Apple iOS 10.2 (Notify – iTunes) – Filter Bypass & Persistent Vulnerability

Posted by Vulnerability Lab on Jan 20

Topic: Apple (iTunes Notify) – Bypass & Persistent Vulnerability

Advisory: https://www.vulnerability-lab.com/get_content.php?id=2024

Research Article:
https://www.vulnerability-db.com/?q=articles/2016/12/22/apple-ios-102-notify-function-vulnerable-attacks-idevice-itunes-appstore

Press Article:
https://thehackernews.com/2017/01/apple-itunes.html
https://threatpost.com/vulnerabilities-leave-itunes-app-store-open-to-script-injection/123129/

Hackers News

How A Bug Hunter Forced Apple to Completely Remove A Newly Launched Feature

Recently Apple released a new Feature for iPhone and iPad users, but it was so buggy that the company had no option other than rolling back the feature completely.

In November, Apple introduced a new App Store feature, dubbed “Notify” button — a bright orange button that users can click if they want to be alerted via iCloud Mail when any game or app becomes available on the App Store.