Last Updated: 2013-05-16 21:51:14 UTC
by Daniel Wesemann (Version: 1)
As an add-on to ISC Handler Lenny Zeltser's earlier diary on extracting certificates from signed Windows binaries, here's how to do the same on a Mac. Given that today's blog over at F-Secure documents a screenshot-taking Mac spyware that is signed with a developer ID, signed bad .apps might actually be more prevalent than expected.
To verify and extract signatures and certificates on an Apple .app, you can do (example Mail.app)
codesign -dvvvv --extract-certificates /Applications/Mail.app
This will save the certificates in DER format, named codesign0, codesign1, etc. These can then be displayed as usual with OpenSSL
openssl x509 -inform DER -in codesign0 -text
Last Updated: 2013-05-16 11:06:27 UTC
by Joel Esler (Version: 2)
Cisco TelePresence Supervisor MSE 8050 contains a vulnerability that may allow an unauthenticated, remote attacker to cause high CPU utilization and a reload of the affected system.
Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130515-mse