Apple
From: Apple Product Security
Reply to list
APPLE-SA-2015-02-05-1 OS X: Flash Player plug-in blocked Due to security issues in older versions, Apple has updated the web plug-in blocking mechanism to disable all versions prior to Flash Player 16.0.0.305 and 13.0.0.269. Information on blocked web plug-ins will be posted to: http://support. [...]
LaunchServices in Apple OS X before 10.10.2 does not properly handle file-type metadata, which allows attackers to bypass the Gatekeeper protection mechanism via a crafted JAR archive. (CVSS:5.0) (Last Update:2017-01-02)
The xpc_data_get_bytes function in libxpc in Apple OS X before 10.10.2 does not verify that a dictionary’s Attributes key has the xpc_data data type, which allows attackers to execute arbitrary code by providing a crafted dictionary to sysmond, related to an “XPC type confusion” issue. (CVSS:10.0) (Last Update:2015-02-02)
libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary code in an _networkd context via a crafted XPC message from a sandboxed app, as demonstrated by lack of verification of the XPC dictionary data type. (CVSS:7.5) (Last Update:2015-03-02)
From: Apple Product Security
Reply to list
APPLE-SA-2015-01-27-1 Apple TV 7.0.3 Apple TV 7.0.3 is now available and addresses the following: Apple TV Available for: Apple TV 3rd generation and later Impact: A maliciously crafted afc command may allow access to protected parts of the filesystem [...]
From: Apple Product Security
Reply to list
APPLE-SA-2015-01-27-4 OS X 10.10.2 and Security Update 2015-001 OS X 10.10.2 and Security Update 2015-001 are now available and address the following: AFP Server Available for: OS X Mavericks v10.9.5 Impact: A remote attacker may be able to determine all the network addresses of the system [...]
From: Apple Product Security
Reply to list
APPLE-SA-2015-01-27-3 Safari 8.0.3, Safari 7.1.3, and Safari 6.2.3 Safari 8.0.3, Safari 7.1.3, and Safari 6.2.3 are now available and address the following: WebKit Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10. [...]
From: Apple Product Security
Reply to list
APPLE-SA-2015-01-27-2 iOS 8.1.3 iOS 8.1.3 is now available and addresses the following: AppleFileConduit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A maliciously crafted afc command may allow access to protected parts of the filesystem [...]
From: Apple Product Security
Reply to list
APPLE-SA-2015-01-27-5 OS X: Flash Player plug-in blocked Due to security issues in older versions, Apple has updated the web plug-in blocking mechanism to disable all versions prior to Flash Player 16.0.0.296 and 13.0.0.264. Information on blocked web plug-ins will be posted to: http://support. [...]
From: Apple Product Security
Reply to list
APPLE-SA-2014-12-22-1 OS X NTP Security Update OS X NTP Security Update is now available and addresses the following: ntpd Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10.1 Impact: A remote attacker may be able to execute arbitrary code [...]