Posted by Apple Product Security on Mar 28
APPLE-SA-2017-03-27-4 iOS 10.3
iOS 10.3 is now available and addresses the following:
Accounts
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A user may be able to view an Apple ID from the lock screen
Description: A prompt management issue was addressed by removing
iCloud authentication prompts from the lock screen.
CVE-2017-2397: Suprovici Vadim of UniApps team, an anonymous…
Posted by Apple Product Security on Mar 28
APPLE-SA-2017-03-27-5 watchOS 3.2
watchOS 3.2 is now available and addresses the following:
Audio
Available for: All Apple Watch models
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2017-2430: an anonymous researcher working with Trend Micro’s
Zero Day Initiative
CVE-2017-2462: an anonymous researcher working…
Posted by Apple Product Security on Mar 28
APPLE-SA-2017-03-27-7 macOS Server 5.3
macOS Server 5.3 is now available and addresses the following:
Profile Manager
Available for: macOS 10.12.4 and later
Impact: A remote user may be able to cause a denial-of-service
Description: A crafted request may cause a global cache to grow
indefinitely, leading to a denial-of-service. This was addressed by
not caching unknown MIME types.
CVE-2016-0751
Web Server
Available for: macOS 10.12.4 and…
Posted by Apple Product Security on Mar 28
APPLE-SA-2017-03-27-3 macOS Sierra 10.12.4, Security Update
2017-001 El Capitan, and Security Update 2017-001 Yosemite
macOS Sierra 10.12.4, Security Update 2017-001 El Capitan,
and Security Update 2017-001 Yosemite are now available and
address the following:
apache
Available for: macOS Sierra 10.12.3
Impact: A remote attacker may be able to cause a denial of service
Description: Multiple issues existed in Apache before 2.4.25. These
were…
Posted by Joey Kelly on Mar 28
This conflates two issues, and anyhow, Basic Authentication is not a
problem (Digest won’t be any more secure than Basic, if SSL is used…
is it present?).
CAPTCHA has nothing to do with CSRF. Neither do default credentials.
Posted by Haifei Li on Mar 28
Hi,
Just wanted to let you know I’ve released a blog post discussing an interesting Outlook bug (remote crashing, or?),
feel free to reach me for discussions of the exploitability of the bug.
http://justhaifei1.blogspot.com/2017/03/an-interesting-outlook-bug.html
An Interesting Outlook Bug<http://justhaifei1.blogspot.com/2017/03/an-interesting-outlook-bug.html>
justhaifei1.blogspot.com
Last week I reported an interesting bug in…
An update for Red Hat Enterprise Linux Amazon Machine Image is now available for
Red Hat Enterprise Linux 6.
Updated Red Hat Directory Server packages that fix one bug are now
available for Red Hat Directory Server 9.
Red Hat Enterprise Linux: Updated yum-rhn-plugin packages that fix one bug are now available for Red Hat
Enterprise Linux 6.5 Advanced Update Support.
Updated Red Hat Update Infrastructure 2.x packages that enable additional
content streams such as AUS and ELS