Apple
From: Apple Product Security
Reply to list
APPLE-SA-2014-12-18-1 Xcode 6.2 beta 3 Xcode 6.2 beta 3 is now available and addresses the following: Git Available for: OS X Mavericks v10.9.4 or later Impact: Synching with a malicious git repository may allow unexpected files to be added to the . [...]
From: Apple Product Security
Reply to list
APPLE-SA-2014-12-12-1 OS X: Flash Player plug-in blocked Due to security issues in older versions, Apple has updated the web plug-in blocking mechanism to disable all versions prior to Flash Player 16.0.0.235 and 13.0.0.259. Information on blocked web plug-ins will be posted to: http://support. [...]
From: Apple Product Security
Reply to list
APPLE-SA-2014-12-11-1 Safari 8.0.2, Safari 7.1.2, and Safari 6.2.2 Safari 8.0.2, Safari 7.1.2, and Safari 6.2.2 are now available and include the security content of Safari 8.0.1, Safari 7.1.1, and Safari 6.2.1: https://support.apple.com/en-us/HT6596 Safari 8.0.2, Safari 7.1.2, and Safari 6.2. [...]
From: Apple Product Security
Reply to list
APPLE-SA-2014-12-9-1 iOS 8.1.2 iOS 8.1.2 is now available and includes the security content of iOS 8.1.1: https://support.apple.com/en-us/HT6590 Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "8.1.2". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ iQIcBAEBAgAGBQJUh5NeAAoJEBcWfLTuOo7tU1wP/2nkHWHE6tMk3MliuGTWPgOQ bBTUTn71tc46iniZYosRTSKVY8b23jED57OhubCy4jS9Nw3gXOpguGMhNp9+9yWh 3F5fDnkmEjUwX8DTEya/XH+E+89CGUB7ysqDgy2pdkAsHPS8NHDeapRgXWFEK/F6 l5xvWGYTpqKE9JlEZisBKOox9Bm5C2i0/0oNtPIIB9mqPbFgrX4bZe5dP53RBABE 8JVPSI0uRRqNJHc0Q4wg2Re5e4MmT6n9apcHDr9A7d7XL4d9nf1erEdSiItk5ov5 reI4yRxJ6j/yE3FZQL7dikcKjEOXcKlujWkTfZUT3W0sBVcz4bua6pbQbfjgQJTv z0d7/gg9ftOOqdjjJ7chKzr6NRsc1VDUpY56nQwNSG88sssAsSKi3iOngAxpDCEi nzbk2MDaQ0XrCjF1ViZe0mCysqhcQ26MgYb2eIb2HWzHu4fajNZjaIJnz5OUtpD3 gafTgwmsVYAEuzdpWsyAHuP8GzbN76ckYowZUzc265wY3WMKJ2qEtJxDqJDX3c7Y gERP8NpDomVImrAJzLaBc+EDudWuZ7pVWNtoALgPoudyJJQkUAaFnapA1tr2BBFF Q83czo7WK91L0SWPlrCLPWoSMqGrENsR9NC39YaPPMJr/LTV3IuH+51erbFT/7tR 6zaepHK412hfvYrFbSXD =aVu1
From: Apple Product Security
Reply to list
APPLE-SA-2014-12-3-1 Safari 8.0.1, Safari 7.1.1, and Safari 6.2.1 Safari 8.0.1, Safari 7.1.1, and Safari 6.2.1 is now available and addresses the following: WebKit Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10. [...]
From: Apple Product Security
Reply to list
APPLE-SA-2013-11-14-1 iOS 7.0.4 iOS 7.0.4 is now available and addresses the following: App Store Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: App and In-App purchases may be completed with insufficient authorization [...]
Integer overflow in the OZDocument::parseElement function in Apple Motion 5.0.7 allows remote attackers to cause a denial of service (application crash) via a (1) large or (2) small value in the subview attribute of a viewer element in a .motn file. (CVSS:5.0) (Last Update:2014-01-13)
Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Targa image. (CVSS:9.3) (Last Update:2013-11-02)
Integer signedness error in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PnSize opcode in a PICT file that triggers a stack-based buffer overflow. (CVSS:9.3) (Last Update:2013-11-02)
Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information. (CVSS:9.3) (Last Update:2012-12-18)