Full Disclosure
Posted by Apple Product Security on Dec 14
APPLE-SA-2016-12-13-4 iCloud for Windows v6.1
iCloud for Windows v6.1 is now available and addresses the following:
WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4692: Apple
CVE-2016-7635: Apple
CVE-2016-7652: Apple
WebKit
Available for: Windows 7 and…
Posted by Berend-Jan Wever on Dec 14
Since November I have been releasing details on all vulnerabilities I
found that I have not released before. This is the thirty-first entry
in the series. This information is available in more detail on my blog
at http://blog.skylined.nl/20161213001.html. There you can find a repro
that triggered this issue in addition to the information below.
If you find these releases useful, and would like to help me make time
to continue releasing this kind…
Posted by Apple Product Security on Dec 14
APPLE-SA-2016-12-13-3 iTunes 12.5.4
iTunes 12.5.4 is now available and addresses the following:
WebKit
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4692: Apple
CVE-2016-7635: Apple
CVE-2016-7652: Apple
WebKit
Impact: Processing maliciously crafted web content may result in the
disclosure of process…
Posted by Apple Product Security on Dec 14
APPLE-SA-2016-12-13-2 Safari 10.0.2
Safari 10.0.2 is now available and addresses the following:
Safari Reader
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.1
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: Multiple validation issues were addressed through
improved input sanitization.
CVE-2016-7650: Erling Ellingsen…
Posted by Apple Product Security on Dec 14
APPLE-SA-2016-12-13-1 macOS 10.12.2
macOS 10.12.2 is now available and addresses the following:
apache_mod_php
Available for: macOS Sierra 10.12.1
Impact: A remote attacker may cause an unexpected application
termination or arbitrary code execution
Description: Multiple issues existed in PHP before 5.6.26. These were
addressed by updating PHP to version 5.6.26.
CVE-2016-7411
CVE-2016-7412
CVE-2016-7413
CVE-2016-7414
CVE-2016-7416
CVE-2016-7417…
Posted by hyp3rlinx on Dec 14
[+] Credits: John Page aka hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/ADOBE-ANIMATE-MEMORY-CORRUPTION-VULNERABILITY.txt
[+] ISR: ApparitionSec
Vendor:
=============
www.adobe.com
Product(s):
=============================
Adobe Animate
15.2.1.95 and earlier versions
Adobe Animate (formerly Adobe Flash Professional, Macromedia Flash, and
FutureSplash Animator) is a multimedia…
Posted by Elar Lang on Dec 13
Title: SQL injection in Joomla extension DT Register
Credit: Elar Lang / https://security.elarlang.eu
Vulnerability: SQL injection
Vulnerable version: before 3.1.12 (Joomla 3.x) / 2.8.18 (Joomla 2.5)
CVE: pending
Full Disclosure URL:
https://security.elarlang.eu/sql-injection-in-joomla-extension-dt-register.html
Vendor: DTH Development
* Vendor URL: http://www.dthdevelopment.com/
Product: DT Register “Calendar & Event Registration”…
Posted by Berend-Jan Wever on Dec 12
Since November I have been releasing details on all vulnerabilities I
found that I have not released before. This is the thirtieth entry
in the series. This information is available in more detail on my blog
at http://blog.skylined.nl/20161212001.html. There you can find a repro
that triggered this issue in addition to the information below.
If you find these releases useful, and would like to help me make time
to continue releasing this kind of…
Posted by Apple Product Security on Dec 12
APPLE-SA-2016-12-12-3 tvOS 10.1
tvOS 10.1 is now available and addresses the following:
Profiles
Available for: Apple TV (4th generation)
Impact: Opening a maliciously crafted certificate may lead to
arbitrary code execution
Description: A memory corruption issue existed in the handling of
certificate profiles. This issue was addressed through improved input
validation.
CVE-2016-7626: Maksymilian Arciemowicz (cxsecurity.com)
Installation…
Posted by Apple Product Security on Dec 12
APPLE-SA-2016-12-12-2 watchOS 3.1.1
watchOS 3.1.1 is now available and addresses the following:
Accounts
Available for: All Apple Watch models
Impact: An issue existed which did not reset the authorization
settings on app uninstall
Description: This issue was addressed through improved sanitization.
CVE-2016-7651: Ju Zhu and Lilang Wu of Trend Micro
Profiles
Available for: All Apple Watch models
Impact: Opening a maliciously crafted…