Knowledge base

About the security content of Safari 6.0.5

Posted in Apple Mac OS

  • WebKit

    Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.3

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.

    CVE-ID

    CVE-2013-0879 : Atte Kettunen of OUSPG

    CVE-2013-0991 : Jay Civelli of the Chromium development community

    CVE-2013-0992 : Google Chrome Security Team (Martin Barbella)

    CVE-2013-0993 : Google Chrome Security Team (Inferno)

    CVE-2013-0994 : David German of Google

    CVE-2013-0995 : Google Chrome Security Team (Inferno)

    CVE-2013-0996 : Google Chrome Security Team (Inferno)

    CVE-2013-0997 : Vitaliy Toropov working with HP's Zero Day Initiative

    CVE-2013-0998 : pa_kt working with HP's Zero Day Initiative

    CVE-2013-0999 : pa_kt working with HP's Zero Day Initiative

    CVE-2013-1000 : Fermin J. Serna of the Google Security Team

    CVE-2013-1001 : Ryan Humenick

    CVE-2013-1002 : Sergey Glazunov

    CVE-2013-1003 : Google Chrome Security Team (Inferno)

    CVE-2013-1004 : Google Chrome Security Team (Martin Barbella)

    CVE-2013-1005 : Google Chrome Security Team (Martin Barbella)

    CVE-2013-1006 : Google Chrome Security Team (Martin Barbella)

    CVE-2013-1007 : Google Chrome Security Team (Inferno)

    CVE-2013-1008 : Sergey Glazunov

    CVE-2013-1009 : Apple

    CVE-2013-1010 : miaubiz

    CVE-2013-1011 : Google Chrome Security Team (Inferno)

    CVE-2013-1023 : Google Chrome Security Team (Inferno)

  • Read Full Article

    AirPrint Basics

    Posted in Apple Mac OS

    You can print from the Apple applications, such as Mail, Safari, Photos, Camera, Maps, Pages, Numbers, Keynote, Filemaker Go, and so on. Apps available from the App Store may also offer this feature.

    To print, follow these steps:

    1. Tap the action icon .
    2. Tap the Print button.
    3. Select the appropriate settings, and then tap Print.

    Important: If you are printing for the first time, or if the previously selected printer is not available, you will need to select a printer before step 3.

    Note: AirPrint displays only the essential printer options that apply to the document or image being printed. Details such as media type, page size, and orientation are automatically determined at print time.

    Read Full Article

    About the security content of QuickTime 7.7.4

    Posted in Apple Mac OS

    This document describes the security content of QuickTime 7.7.4.

    For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

    For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."

    Where possible, CVE IDs are used to reference the vulnerabilities for further information.

    To learn about other Security Updates, see "Apple Security Updates".

    QuickTime 7.7.4

    • QuickTime

      Available for: Windows 7, Vista, XP SP2 or later

      Impact: Opening a maliciously crafted TeXML file may lead to an unexpected application termination or arbitrary code execution

      Description: A memory corruption issue existed in the handling of TeXML files. This issue was addressed through improved bounds checking.

      CVE-ID

      CVE-2013-1015 : Aniway.Anyway@gmail.com working with HP's Zero Day Initiative

    • QuickTime

      Available for: Windows 7, Vista, XP SP2 or later

      Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

      Description: A buffer overflow existed in the handling of H.263 encoded movie files. This issue was addressed through improved bounds checking.

      CVE-ID

      CVE-2013-1016 : Tom Gallagher (Microsoft) & Paul Bates (Microsoft) working with HP's Zero Day Initiative

    • QuickTime

      Available for: Windows 7, Vista, XP SP2 or later

      Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

      Description: A buffer overflow existed in the handling of 'dref' atoms. This issue was addressed through improved bounds checking.

      CVE-ID

      CVE-2013-1017 : Tom Gallagher (Microsoft) & Paul Bates (Microsoft) working with HP's Zero Day Initiative

    • QuickTime

      Available for: Windows 7, Vista, XP SP2 or later

      Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

      Description: A buffer overflow existed in the handling of H.264 encoded movie files. This issue was addressed through improved bounds checking.

      CVE-ID

      CVE-2013-1018 : G. Geshev working with HP's Zero Day Initiative

    • QuickTime

      Available for: Windows 7, Vista, XP SP2 or later

      Impact: Playing a maliciously crafted MP3 file may lead to an unexpected application termination or arbitrary code execution

      Description: A buffer overflow existed in the handling of MP3 files. This issue was addressed through improved bounds checking.

      CVE-ID

      CVE-2013-0989 : G. Geshev working with HP's Zero Day Initiative

    • QuickTime

      Available for: Windows 7, Vista, XP SP2 or later

      Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

      Description: A buffer overflow existed in the handling of Sorenson encoded movie files. This issue was addressed through improved bounds checking.

      CVE-ID

      CVE-2013-1019 : Tom Gallagher (Microsoft) & Paul Bates (Microsoft) working with HP's Zero Day Initiative

    • QuickTime

      Available for: Windows 7, Vista, XP SP2 or later

      Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

      Description: A memory corruption issue existed in the handling of JPEG encoded data. This issue was addressed through improved bounds checking.

      CVE-ID

      CVE-2013-1020 : Tom Gallagher (Microsoft) & Paul Bates (Microsoft) working with HP's Zero Day Initiative

    • QuickTime

      Available for: Windows 7, Vista, XP SP2 or later

      Impact: Viewing a maliciously crafted QTIF file may lead to an unexpected application termination or arbitrary code execution

      Description: A memory corruption issue existed in the handling of QTIF files. This issue was addressed through improved bounds checking.

      CVE-ID

      CVE-2013-0987 : roob working with iDefense VCP

    • QuickTime

      Available for: Windows 7, Vista, XP SP2 or later

      Impact: Opening a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

      Description: A buffer overflow existed in the handling of JPEG encoded data. This issue was addressed through improved bounds checking.

      CVE-ID

      CVE-2013-1021 : Mil3s beep working with HP's Zero Day Initiative

    • QuickTime

      Available for: Windows 7, Vista, XP SP2 or later

      Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

      Description: A buffer overflow existed in the handling of 'enof' atoms. This issue was addressed through improved bounds checking.

      CVE-ID

      CVE-2013-0986 : Tom Gallagher (Microsoft) & Paul Bates (Microsoft) working with HP's Zero Day Initiative

    • QuickTime

      Available for: Windows 7, Vista, XP SP2 or later

      Impact: Viewing a maliciously crafted FPX file may lead to an unexpected application termination or arbitrary code execution

      Description: A buffer overflow existed in the handling of FPX files. This issue was addressed through improved bounds checking.

      CVE-ID

      CVE-2013-0988 : G. Geshev working with HP's Zero Day Initiative

    • QuickTime

      Available for: Windows 7, Vista, XP SP2 or later

      Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

      Description: A buffer underflow existed in the handling of 'mvhd' atoms. This issue was addressed through improved bounds checking.

      CVE-ID

      CVE-2013-1022 : Andrea Micalizzi aka rgod working with HP's Zero Day Initiative

     

    Read Full Article

    About the security content of iTunes 11.0.3

    Posted in Apple Mac OS

  • iTunes

    Available for: Windows 7, Vista, XP SP2 or later

    Impact: A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code executionn

    Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.

    CVE-ID

    CVE-2012-2824 : miaubiz

    CVE-2012-2857 : Arthur Gerkis

    CVE-2012-3748 : Joost Pol and Daan Keuper of Certified Secure working with HP TippingPoint's Zero Day Initiative

    CVE-2012-5112 : Pinkie Pie working with Google's Pwnium 2 contest

    CVE-2013-0879 : Atte Kettunen of OUSPG

    CVE-2013-0912 : Nils and Jon from MWR Labs working with HP TippingPoint's Zero Day Initiative

    CVE-2013-0948 : Abhishek Arya (Inferno) of the Google Chrome Security Team

    CVE-2013-0949 : Abhishek Arya (Inferno) of the Google Chrome Security Team

    CVE-2013-0950 : Abhishek Arya (Inferno) of the Google Chrome Security Team

    CVE-2013-0951 : Apple

    CVE-2013-0952 : Abhishek Arya (Inferno) of the Google Chrome Security Team

    CVE-2013-0953 : Abhishek Arya (Inferno) of the Google Chrome Security Team

    CVE-2013-0954 : Dominic Cooney of Google and Martin Barbella of the Google Chrome Security Team

    CVE-2013-0955 : Apple

    CVE-2013-0956 : Apple Product Security

    CVE-2013-0958 : Abhishek Arya (Inferno) of the Google Chrome Security Team

    CVE-2013-0959 : Abhishek Arya (Inferno) of the Google Chrome Security Team

    CVE-2013-0960 : Apple

    CVE-2013-0961 : wushi of team509 working with iDefense VCP

    CVE-2013-0991 : Jay Civelli of the Chromium development community

    CVE-2013-0992 : Google Chrome Security Team (Martin Barbella)

    CVE-2013-0993 : Google Chrome Security Team (Inferno)

    CVE-2013-0994 : David German of Google

    CVE-2013-0995 : Google Chrome Security Team (Inferno)

    CVE-2013-0996 : Google Chrome Security Team (Inferno)

    CVE-2013-0997 : Vitaliy Toropov working with HP TippingPoint's Zero Day Initiative

    CVE-2013-0998 : pa_kt working with HP TippingPoint's Zero Day Initiative

    CVE-2013-0999 : pa_kt working with HP TippingPoint's Zero Day Initiative

    CVE-2013-1000 : Fermin J. Serna of the Google Security Team

    CVE-2013-1001 : Ryan Humenick

    CVE-2013-1002 : Sergey Glazunov

    CVE-2013-1003 : Google Chrome Security Team (Inferno)

    CVE-2013-1004 : Google Chrome Security Team (Martin Barbella)

    CVE-2013-1005 : Google Chrome Security Team (Martin Barbella)

    CVE-2013-1006 : Google Chrome Security Team (Martin Barbella)

    CVE-2013-1007 : Google Chrome Security Team (Inferno)

    CVE-2013-1008 : Sergey Glazunov

    CVE-2013-1010 : miaubiz

    CVE-2013-1011 : Google Chrome Security Team (Inferno)

  • Read Full Article

    About Wake on Demand and Bonjour Sleep Proxy

    Posted in Apple Mac OS

    How does it work?

    By using Wake on Demand (on your Mac) and Bonjour Sleep Proxy (provided by an AirPort device or Apple TV), you can save energy and reduce costs while still ensuring full access to all your shared services. You can also remotely access shared services across the Internet via Back to My Mac.

    Wake on Demand works by partnering with a Bonjour Sleep Proxy running on your AirPort Base Station, Time Capsule or Apple TV (when no AirPort Base Station or Time Capsule is present on the network). Note: Apple TV will act as a Bonjour Sleep Proxy even if it is in sleep mode.

    Any Mac on your network that has Wake on Demand enabled in Energy Saver preferences will automatically register itself and its shared services with a Bonjour Sleep Proxy. When the Mac is in sleep mode and a request is made to access a shared service on the Mac, a Bonjour Sleep Proxy asks that Mac to wake and handle the request. Once that request is complete, the Mac will again register with the Bonjour Sleep Proxy and go back to sleep at its defined sleep interval in the Energy Saver preferences. Note: For ideal performance, you should have twenty or less Macs using Wake on Demand per Bonjour Sleep Proxy on your network.

    Notes

    • With Wake on Demand enabled (see below) and your Mac in sleep mode, your Mac will occasionally wake for a brief time, without lighting the screen, in order to maintain active shared service registrations with the Bonjour Sleep Proxy. On some Macs, sounds from the optical drive, hard drive, or fans may be heard during these brief periods. Note: Removing a sleeping Mac from the network will automatically remove its registered shared services from the Bonjour Sleep Proxy.
    • Bonjour Sleep Proxy runs on an AirPort Base Station, Time Capsule, or Apple TV (second generation or later)--when no AirPort base station or Time Capsule is present on the network--with the latest software updates installed.
    • Portable Macs with Wake on Demand enabled will only perform Wake on Demand functions when they are connected to a power adaptor and either the built-in display is open or an external display is attached.

    Examples of how Wake on Demand works

    iTunes and iPhoto Sharing

    Applications such as iTunes and iPhoto allow you to share your music, movies, and pictures with friends and family on your local network. Wake on Demand allows your Macs to go to sleep, but wake up automatically to let others view your shared stuff.

    Printer Sharing

    In OS X, you can connect a printer to a Mac and share it with other computers on the network. Wake on Demand allows the Mac to go to sleep while idle, but wake up automatically when it is needed to handle a print job.

    Back to My Mac

    With Wake on Demand, you can remotely access your Mac via the Internet and Back to My Mac, even if your Mac is in sleep mode.

    Local File Sharing, Screen Sharing, other sharing services

    In addition to helping your home Mac wake when you remotely access it using Back to My Mac, Wake on Demand also provides the same capability when you access your Mac locally from within your own home network, whether for File Sharing, Screen Sharing, remote log in via SSH, or other sharing services.
     

    Key features

    Automatic registration

    With "Wake for Network access" or "Wake for Wi-Fi network access" or "Wake for Ethernet network access" enabled in the Energy Saver preferences, OS X will automatically detect the presence of a Bonjour Sleep Proxy service running on your AirPort Base Station, Time Capsule, or Apple TV and register its shared services with the Bonjour Sleep Proxy before going to sleep.

    Works on any service

    Because Wake on Demand uses Bonjour, it can handle any service that registers with Bonjour regardless of the underlying protocol. 

    Compatibility

    Any Bonjour-enabled client (including both Mac and Windows) can discover Bonjour-registered shared services on your sleeping Macs. Any client that tries to connect to one of these shared services will cause the Mac to wake and provide the shared service to the client.

    For example: On a home network with an AirPort Base Station, a Mac sharing an iTunes playlist goes to sleep. A Mac or PC user on the home network sees the iTunes playlist in its iTunes and clicks it. The Bonjour Sleep Proxy wakes the sleeping Mac and its iTunes playlist appears on the other Mac or PC ready to play shared media.
     

    Setting up Bonjour Sleep Proxy and Wake on Demand

    To properly configure your network and devices for Bonjour Sleep Proxy and Wake on Demand, follow the steps below:

    Setting the Bonjour Sleep Proxy on your AirPort Base Station, Time Capsule or Apple TV

    Install the latest software updates for AirPort Base Station with 802.11n, Time Capsule, or Apple TV (second generation or later) to enable it to act as the Bonjour Sleep Proxy. Once installed, your AirPort Base Station, Time Capsule or Apple TV (when no AirPort base station or Time Capsule is present on the network) will make itself available as a Bonjour Sleep Proxy to other devices on your network with no other configuration necessary. 

    Setting up your Mac

    Macs that ship with Mac OS X v10.6 or later have Wake on Demand enabled by default, but for some earlier Macs this option must be enabled using the steps below.

    To enable Wake on Demand on a Mac follow these steps:

    1. From the Apple menu, choose System Preferences.
    2. From the View menu, choose Energy Saver.
    3. Select (check) "Wake for network access". Note: The "Wake for network access" option's text may differ depending on the capabilities of your Mac:
    • Wake for network access - Your Mac supports Wake on Demand over both Ethernet and AirPort
    • Wake for Ethernet network access - Your Mac supports Wake on Demand over Ethernet only
    • Wake for Wi-Fi network access - Your Mac supports Wake on Demand over AirPort only

    Setting up clients

    Any Bonjour client can interact with a Mac running Mac OS X v10.6 or later and cause it to Wake on Demand. For Microsoft Windows, you should install Bonjour for Windows.

    Wireless Wake on Demand

    You can verify that your Mac supports wireless Wake on Demand by following these steps:

    1. Open System Information.
      • While holding down the option key, click the Apple menu and select System Information…
    2. In the Network section, click Wi-Fi.

    If you see "Wake On Wireless: Supported", your Mac supports Wake on Demand when connected to your wireless network and automatically registered with the Sleep Proxy Server. If you do not see "Wake On Wireless: Supported", your Mac can use Wake on Demand if it is connected to your network with an Ethernet cable.

    The wireless network you use with Wake on Demand should be the first wireless network in your list of Preferred Networks. The wireless network priority can be set within the Network pane of System Preferences using the following steps:

    1. From the Apple menu, choose System Preferences…
    2. From the View menu choose Network.
    3. Select Wi-Fi from the list of network interfaces.
    4. If the padlock icon in the lower left is locked, click it. When prompted enter an admin name and password to unlock.
    5. Click the Advanced… button. 
    6. In the Preferred Networks list under the Wi-Fi tab, click and drag the name of your network that uses Wake on Demand to the top of the list.
    7. Click OK to save the settings.
    8. Click Apply, then close System Preferences

    Read Full Article