According to posts on the Bugtraq mailing list [ 1 / 2 ], Cisco's popular router and switch operating system -- IOS -- suffers from two zero day Denial of Service (DoS) vulnerabilities. These advisories come from the penetration test team Of NCNIPC (China). The advisories share minimal technical details about the two supposed flaws. They do say, attackers can trigger one DoS … [Read more...]
Apple Releases OS X, Safari, and iOS Security Updates
Yesterday, Apple released a handful of security advisories for various products, including: OS X 10.6.x (Snow Leopard) Safari 5.0.5 for Mac and Windows iOS 4.3.2 iOS 4.2.7 (for CDMA iPhones) The Snow Leopard update only fixes one security issue. If you read my "Fraudulent Certificate" post from a few weeks ago, you know that attackers were able to get their grubby hands … [Read more...]
2011's First OS X Update Patches 57 Vulnerabilities
Summary: These vulnerabilities affect: All current versions of OS X 10.5.x (Leopard) and OS X 10.6.x (Snow Leopard) How an attacker exploits them: Multiple vectors of attack, including enticing your users to visit a malicious web site, or into downloading and viewing various documents or images Impact: Various results; in the worst case, an attacker executes code on your … [Read more...]
Latest OS X Java Updates Prevent Code Execution
Summary: This vulnerability affects: OS X 10.5.x (Leopard) and 10.6.x (Snow Leopard) How an attacker exploits it: By enticing your users to a malicious website containing specially crafted Java applets Impact: In the worst case, an attacker executes code on your user’s computer, with that user’s privileges What to do: Install Java for OS X 10.5 Update 9 or Java for OS X … [Read more...]
Windows zero day and small Snow Leopard update start off the new year
A fresh new year has begun and we already have security vulnerabilities in two of the most popular operating systems; Windows and OS X. Let's start with the more worrisome one - Windows. According to a recent Microsoft Security Advisory, the Graphics Rendering Engine that ships with most versions of Windows (one of the components that helps display graphics on your screen) … [Read more...]