APPLE-SA-2010-03-29-1 Security Update 2010-002 / Mac OS X v10.6.3
Apple has published a security update covering a number of issues, with varying impacts.
Security Update 2010-002 / Mac OS X v10.6.3 is now available and addresses the following:
AppKit: CVE-ID: CVE-2010-0056
Application Firewall: CVE-ID: CVE-2009-2801
AFP Server: CVE-ID: CVE-2010-0057, CVE-2010-0533
Apache: CVE-ID: CVE-2009-3095
ClamAV: CVE-ID: CVE-2010-0058
CoreAudio: CVE-ID: CVE-2010-0059, CVE-2010-0060
CoreMedia: CVE-ID: CVE-2010-0062
CoreTypes: CVE-ID: CVE-2010-0063
CUPS: CVE-ID: CVE-2010-0393
curl: CVE-ID: CVE-2009-2417, CVE-2009-0037
Cyrus: IMAP CVE-ID: CVE-2009-2632
Cyrus SASL: CVE-ID: CVE-2009-0688
DesktopServices: CVE-ID: CVE-2010-0064, CVE-2010-0537
Disk Images: CVE-ID: CVE-2010-0065, CVE-2010-0497
Directory Services: CVE-ID: CVE-2010-0498
Dovecot: CVE-ID: CVE-2010-0535
Event Monitor: CVE-ID: CVE-2010-0500
FreeRADIUS: CVE-ID: CVE-2010-0524
FTP Server: CVE-ID: CVE-2010-0501
iChat Server: CVE-ID: CVE-2006-1329, CVE-2010-0502, CVE-2010-0503, CVE-2010-0504
ImageIO: CVE-ID: CVE-2010-0505, CVE-2010-0041, CVE-2010-0042, CVE-2010-0043
Image RAW: CVE-ID: CVE-2010-0506, CVE-2010-0507
Libsystem: CVE-ID: CVE-2009-0689
Mail: CVE-ID: CVE-2010-0508, CVE-2010-0525
Mailman: CVE-ID: CVE-2008-0564
MySQL: CVE-ID: CVE-2008-4456, CVE-2008-7247, CVE-2009-2446, CVE-2009-4019, CVE-2009-4030
OS Services: CVE-ID: CVE-2010-0509
Password Server: CVE-ID: CVE-2010-0510
perl: CVE-ID: CVE-2008-5302, CVE-2008-5303
PHP: CVE-ID: CVE-2009-3557, CVE-2009-3558, CVE-2009-3559, CVE-2009-4017, CVE-2009-3557, CVE-2009-3558, CVE-2009-3559, CVE-2009-4142, CVE-2009-4143
Podcast Producer: CVE-ID: CVE-2010-0511
Preferences: CVE-ID: CVE-2010-0512
PS Normalizer: CVE-ID: CVE-2010-0513
QuickTime: CVE-ID: CVE-2010-0062, CVE-2010-0514, CVE-2010-0515, CVE-2010-0516, CVE-2010-0517, CVE-2010-0518, CVE-2010-0519, CVE-2010-0520, CVE-2010-0526
Ruby: CVE-ID: CVE-2009-2422, CVE-2009-3009, CVE-2009-4214, CVE-2009-1904
Server Admin: CVE-ID: CVE-2010-0521, CVE-2010-0522
SMB: CVE-ID: CVE-2009-2906
Tomcat: CVE-ID: CVE-2009-0580, CVE-2009-0033, CVE-2009-0783, CVE-2008-5515, CVE-2009-0781, CVE-2009-2901, CVE-2009-2902, CVE-2009-2693
unzip: CVE-ID: CVE-2008-0888
vim: CVE-ID: CVE-2008-2712, CVE-2008-4101, CVE-2009-0316
Wiki Server: CVE-ID: CVE-2010-0523, CVE-2010-0534
X1: 1 CVE-ID: CVE-2009-2042, CVE-2003-0063
xar: CVE-ID: CVE-2010-0055
To download: http://www.apple.com/support/downloads/
For more information:
http://support.apple.com/kb/HT1222
http://support.apple.com/kb/HT4014
http://support.apple.com/kb/HT4015
Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.
OpenSSL V 1.0.0 released!
OpenSSL 1.0.0 is now available, a major release!
Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.
Nmap 5.30BETA1 released
Nmap 5.30BETA1 is out. Many new features, new NSE scripts, nping, some syntax changes, some bug fixes and more. Nmap is hands down one of my favourite tools and a must have for any technical information security professional. Much more information and downloads available as always at: http://nmap.org/
Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.
OOB Update for Internet Explorer MS10-018
Microsoft Security Bulletin MS10-018 - Critical
This update resolves 10 different vulnerabilities in Internet Explorer, of which the most severe impact can be execution of arbitrary code. All versions of IE from 5.01 to 8.0 are affected to varying degrees. Both servers and workstations should be updated. The update replaces MS10-002, and addresses the MS Advisory 981374 vulnerability. Time to patch! It is a cumulative update.
Here is a listing of the related vulnerabilities and CVE entries:
Uninitialized Memory Corruption Vulnerability - CVE-2010-0267
Post Encoding Information Disclosure Vulnerability - CVE-2010-0488
Race Condition Memory Corruption Vulnerability - CVE-2010-0489
Uninitialized Memory Corruption Vulnerability - CVE-2010-0490
HTML Object Memory Corruption Vulnerability - CVE-2010-0491
HTML Object Memory Corruption Vulnerability - CVE-2010-0492
HTML Element Cross-Domain Vulnerability - CVE-2010-0494
Memory Corruption Vulnerability - CVE-2010-0805
Uninitialized Memory Corruption Vulnerability - CVE-2010-0806
HTML Rendering Memory Corruption Vulnerability - CVE-2010-0807
http://blogs.technet.com/msrc/archive/2010/03/30/security-bulletin-ms10-018-released.aspx
Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.
Comments
Anonymous
Dec 3rd 2022
9 months ago
Anonymous
Dec 3rd 2022
9 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
Anonymous
Dec 26th 2022
9 months ago
Anonymous
Dec 26th 2022
9 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
9 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
9 months ago
Anonymous
Dec 26th 2022
9 months ago
https://defineprogramming.com/
Dec 26th 2022
9 months ago
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
https://defineprogramming.com/
Dec 26th 2022
9 months ago
rthrth
Jan 2nd 2023
8 months ago