Posted by NoSuchCon on Oct 24

————————————————————–
NoSuchCon 2014 – the bullshit-free conference

November 19-21 2014
Espace Niemeyer, Paris (France)
www.nosuchcon.org

Schedule: http://www.nosuchcon.org/#schedule
Registration: http://www.nosuchcon.org/#registration

NoSuchCon 2014 schedule has been published, go register while it’s not
too late!

-=- Wednesday, November 19 -=-

* Keynote: Program Synthesis in Reverse Engineering…

Posted by Stefan Kanthak on Oct 24

Hi @ll,

the just released QuickTime 7.7.6 and iTunes 12.0.1 for Windows still
have quite some of the beginners errors I documented in
<http://seclists.org/fulldisclosure/2014/Aug/33> and
<http://seclists.org/fulldisclosure/2014/Aug/44>

QuickTime 7.7.6:

[HKEY_LOCAL_MACHINESOFTWAREClientsMediaQuickTimeshellopencommand]
@=”C:\Program Files\QuickTime\QuickTimePlayer.exe”

iTunes 12.0.1:…

Posted by Stefan Kanthak on Oct 24

Hi @ll,

the just released iTunes 12.0.1 for Windows still (cf.
<http://seclists.org/fulldisclosure/2014/Jul/30>) comes
with COMPLETELY outdated and VULNERAEBLE 3rd party libraries
(as part of AppleMobileDeviceSupport.msi):

* libeay32.dll and ssleay32.dll 0.9.8d

are more than SEVEN years old and have at least 27 unfixed CVEs!

* libcurl.dll 7.16.2

is more than SEVEN years old and has at least 18 unfixed CVEs!
the current version…

Posted by Barak Engel on Oct 24

Thank you Brandon Perry for finding this vulnerability.

We would like to make a correction to the disclosure – this issue
affects only the Mule Enterprise Management Console (MMC) used by some
customer administrators to manage Mule ESB runtimes, and not the Mule
ESB runtime itself. MMC is typically deployed in a secure network
segment, accessible only to trusted users. Therefore, under normal
conditions, this exploit would originate from an…