APPLE-SA-2017-03-27-1 Pages 6.1, Numbers 4.1, and Keynote 7.1 for Mac; Pages 3.1, Numbers 3.1, and Keynote 3.1 for iOS
Monthly Archives: March 2017
Bugtraq: [SECURITY] [DSA 3821-1] gst-plugins-ugly1.0 security update
[SECURITY] [DSA 3821-1] gst-plugins-ugly1.0 security update
Bugtraq: APPLE-SA-2017-03-27-7 macOS Server 5.3
APPLE-SA-2017-03-27-7 macOS Server 5.3
Re: Defense in depth — the Microsoft way (part 47): "AppLocker bypasses are not serviced via monthly security roll-ups"
Posted by Stefan Kanthak on Mar 28
I wrote Tuesday, March 21, 2017 8:09 PM:
[ …snip… ]
[ …snip… ]
If you can’t create an “AppCert.Dll” from the code I depicted or
don’t know how to implement the function “forbidden()” yourself:
just visit <https://skanthak.homepage.t-online.de/appcert.html>,
read it and get the prebuilt DLLs plus their .INF setup script,
packaged in a .CAB archive.
enjoy
Stefan Kanthak
APPLE-SA-2017-03-27-2 Safari 10.1
Posted by Apple Product Security on Mar 28
APPLE-SA-2017-03-27-2 Safari 10.1
Safari 10.1 is now available and addresses the following:
CoreGraphics
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.4
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved input validation.
CVE-2017-2444: Mei Wang of 360 GearTeam
Safari
Available for: OS…
APPLE-SA-2017-03-27-4 iOS 10.3
Posted by Apple Product Security on Mar 28
APPLE-SA-2017-03-27-4 iOS 10.3
iOS 10.3 is now available and addresses the following:
Accounts
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A user may be able to view an Apple ID from the lock screen
Description: A prompt management issue was addressed by removing
iCloud authentication prompts from the lock screen.
CVE-2017-2397: Suprovici Vadim of UniApps team, an anonymous…
APPLE-SA-2017-03-27-5 watchOS 3.2
Posted by Apple Product Security on Mar 28
APPLE-SA-2017-03-27-5 watchOS 3.2
watchOS 3.2 is now available and addresses the following:
Audio
Available for: All Apple Watch models
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2017-2430: an anonymous researcher working with Trend Micro’s
Zero Day Initiative
CVE-2017-2462: an anonymous researcher working…
APPLE-SA-2017-03-27-7 macOS Server 5.3
Posted by Apple Product Security on Mar 28
APPLE-SA-2017-03-27-7 macOS Server 5.3
macOS Server 5.3 is now available and addresses the following:
Profile Manager
Available for: macOS 10.12.4 and later
Impact: A remote user may be able to cause a denial-of-service
Description: A crafted request may cause a global cache to grow
indefinitely, leading to a denial-of-service. This was addressed by
not caching unknown MIME types.
CVE-2016-0751
Web Server
Available for: macOS 10.12.4 and…
APPLE-SA-2017-03-27-3 macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite
Posted by Apple Product Security on Mar 28
APPLE-SA-2017-03-27-3 macOS Sierra 10.12.4, Security Update
2017-001 El Capitan, and Security Update 2017-001 Yosemite
macOS Sierra 10.12.4, Security Update 2017-001 El Capitan,
and Security Update 2017-001 Yosemite are now available and
address the following:
apache
Available for: macOS Sierra 10.12.3
Impact: A remote attacker may be able to cause a denial of service
Description: Multiple issues existed in Apache before 2.4.25. These
were…
Re: Vulnerabilities in Transcend Wi-Fi SD Card
Posted by Joey Kelly on Mar 28
This conflates two issues, and anyhow, Basic Authentication is not a
problem (Digest won’t be any more secure than Basic, if SSL is used…
is it present?).
CAPTCHA has nothing to do with CSRF. Neither do default credentials.