If you can’t create an “AppCert.Dll” from the code I depicted or
don’t know how to implement the function “forbidden()” yourself:
just visit <https://skanthak.homepage.t-online.de/appcert.html>,
read it and get the prebuilt DLLs plus their .INF setup script,
packaged in a .CAB archive.
This conflates two issues, and anyhow, Basic Authentication is not a
problem (Digest won’t be any more secure than Basic, if SSL is used…
is it present?).
CAPTCHA has nothing to do with CSRF. Neither do default credentials.
APPLE-SA-2017-03-27-3 macOS Sierra 10.12.4, Security Update
2017-001 El Capitan, and Security Update 2017-001 Yosemite
macOS Sierra 10.12.4, Security Update 2017-001 El Capitan,
and Security Update 2017-001 Yosemite are now available and
address the following:
apache
Available for: macOS Sierra 10.12.3
Impact: A remote attacker may be able to cause a denial of service
Description: Multiple issues existed in Apache before 2.4.25. These
were…
macOS Server 5.3 is now available and addresses the following:
Profile Manager
Available for: macOS 10.12.4 and later
Impact: A remote user may be able to cause a denial-of-service
Description: A crafted request may cause a global cache to grow
indefinitely, leading to a denial-of-service. This was addressed by
not caching unknown MIME types.
CVE-2016-0751
watchOS 3.2 is now available and addresses the following:
Audio
Available for: All Apple Watch models
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2017-2430: an anonymous researcher working with Trend Micro’s
Zero Day Initiative
CVE-2017-2462: an anonymous researcher working…
iOS 10.3 is now available and addresses the following:
Accounts
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A user may be able to view an Apple ID from the lock screen
Description: A prompt management issue was addressed by removing
iCloud authentication prompts from the lock screen.
CVE-2017-2397: Suprovici Vadim of UniApps team, an anonymous…
Safari 10.1 is now available and addresses the following:
CoreGraphics
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.4
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved input validation.
CVE-2017-2444: Mei Wang of 360 GearTeam
Just wanted to let you know I’ve released a blog post discussing an interesting Outlook bug (remote crashing, or?),
feel free to reach me for discussions of the exploitability of the bug.