Fixing some of the known issues with cups, tar, Safari, samba, etc. Lots of updates in this one.
Apple has more info with CVE’s listed here. SANS also has a blurb about it here. I’ll install tonight and take some notes. Also, coming soon — more tool discussions.
I’d say it’s less ‘risk’ and more ‘real’ at this point — but I’m traveling and I haven’t had much time to look into it yet. Heise has more info available here.
See here. Just a quick note: if you read the Symantec advisory regarding the Quicktime RTSP Header Vunerability, they mention blocking certain traffic if you’re worried about the exploit — which appears to be Windows specific at this point. In the interest of being safe though, here is a set of ipfw rules for blocking […]
Symantec is reporting details of a vulnerability in Quicktime 7.2 and 7.3 that is currently unpatched by Apple. Right now the exploits in the wild for this vulnerability appear to only be loading Windows executables, but the suggestion is that OS X systems could potentially be vulnerable as well. Recommended steps until there is […]
The Tipping Point / 3com funded Zero Day Initiative posted a whole batch of Quicktime vulnerabilities yesterday:
ZDI-07-065
ZDI-07-066
ZDI-07-067
ZDI-07-068
While all of them are interesting, the 65 and 68 items stand out to me as the less important ones, as exploitation of the issue requires that a user open a specific file. The more nefarious items in […]