Knowledge base

About the security content of Safari 6.0.4

Posted in Apple Mac OS

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see "Apple Security Updates".
 

Safari 6.0.4

  • WebKit

    Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.3

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: An invalid cast issue existed in the handling of SVG files. This issue was addressed through improved type checking.

    CVE-ID

    CVE-2013-0912 : Nils and Jon from MWR Labs working with HP TippingPoint's Zero Day Initiative

Read Full Article

About Java for Mac OS X 10.6 Update 15

Posted in Apple Mac OS

Summary

Java for Mac OS X v10.6 Update 15 delivers improved security, reliability, and compatibility for Java SE 6. This update enables website-by-website control of the Java plug-in within Safari 5.1.9 or later, and supersedes all previous versions of Java for Mac OS X v10.6.

Read Full Article

About Java for OS X 2013-003

Posted in Apple Mac OS

This release updates the Apple-provided system Java SE 6 to version 1.6.0_45 and is for OS X versions 10.7 or later.

This update uninstalls the Apple-provided Java applet plug-in from all web browsers. To use applets on a web page, click on the region labeled "Missing plug-in" to go download the latest version of the Java applet plug-in from Oracle.

This update also removes the Java Preferences application, which is no longer required to configure applet settings.

Read Full Article

About the security content of Java for OS X 2013-003 and Mac OS X v10.6 Update 15

Posted in Apple Mac OS

  • Java

    Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 or later, OS X Lion Server v10.7 or later, OS X Mountain Lion v10.8 or later

    Impact: Multiple vulnerabilities in Java 1.6.0_43

    Description: Multiple vulnerabilities existed in Java 1.6.0_43, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues were addressed by updating to Java version 1.6.0_45. Further information is available via the Java website at http://www.oracle.com/technetwork/java/javase/releasenotes-136954.html

    CVE-ID

    CVE-2013-1491

    CVE-2013-1537

    CVE-2013-1540

    CVE-2013-1557

    CVE-2013-1558

    CVE-2013-1563

    CVE-2013-1569

    CVE-2013-2383

    CVE-2013-2384

    CVE-2013-2394

    CVE-2013-2417

    CVE-2013-2419

    CVE-2013-2420

    CVE-2013-2422

    CVE-2013-2424

    CVE-2013-2429

    CVE-2013-2430

    CVE-2013-2432

    CVE-2013-2435

    CVE-2013-2437

    CVE-2013-2440

    • Read Full Article

    OS X: Password may not be accepted after changing user's full name

    Posted in Apple Mac OS

    Resolution

    If the screen that appears when waking from sleep or exiting the screen saver shows the user's previous full name, and the correct password is not being accepted, use these steps:

    OS X Mountain Lion

    1. Hold the Option key while pressing Return. This will display the Name and Password fields.
    2. Type the user's current full name or account name into the Name field.
    3. Type the user's password into the Password field.
    4. Press Return.

    OS X Lion

    1. Hold the Option key while pressing Return to update the user's full name that is shown.
    2. Type the user's password.
    3. Press Return.

    After you have unlocked the screen with these steps, the correct name will be shown on subsequent attempts to wake the computer or exit the screen saver (until the next time the user's full name is changed).

    Read Full Article

    About the security content of Apple TV 5.2.1

    Posted in Apple Mac OS

  • Apple TV

    Available for: Apple TV 2nd generation and later

    Impact: A local user may be able to execute unsigned code

    Description: A state management issue existed in the handling of Mach-O executable files with overlapping segments. This issue was addressed by refusing to load an executable with overlapping segments.

    CVE-ID

    CVE-2013-0977 : evad3rs

    • Read Full Article

    About the security content of iOS 6.1.3

    Posted in Apple Mac OS

    For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

    For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."

    Where possible, CVE IDs are used to reference the vulnerabilities for further information.

    To learn about other Security Updates, see "Apple Security Updates".
     

    iOS 6.1.3

    • dyld

      Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later

      Impact: A local user may be able to execute unsigned code

      Description: A state management issue existed in the handling of Mach-O executable files with overlapping segments. This issue was addressed by refusing to load an executable with overlapping segments.

      CVE-ID

      CVE-2013-0977 : evad3rs

    • Kernel

      Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later

      Impact: A local user may be able to determine the address of structures in the kernel

      Description: An information disclosure issue existed in the ARM prefetch abort handler. This issue was addressed by panicking if the prefetch abort handler is not being called from an abort context.

      CVE-ID

      CVE-2013-0978 : evad3rs

    • Lockdown

      Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later

      Impact: A local user may be able to change permissions on arbitrary files

      Description: When restoring from backup, lockdownd changed permissions on certain files even if the path to the file included a symbolic link. This issue was addressed by not changing permissions on any file with a symlink in its path.

      CVE-ID

      CVE-2013-0979 : evad3rs

    • Passcode Lock

      Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later

      Impact: A person with physical access to the device may be able to bypass the screen lock

      Description: A logic issue existed in the handling of emergency calls from the lock screen. This issue was addressed through improved lock state management.

      CVE-ID

      CVE-2013-0980 : Christopher Heffley of theMedium.ca, videosdebarraquito

    • USB

      Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later

      Impact: A local user may be able to execute arbitrary code in the kernel

      Description: The IOUSBDeviceFamily driver used pipe object pointers that came from userspace. This issue was addressed by performing additional validation of pipe object pointers.

      CVE-ID

      CVE-2013-0981 : evad3rs

    • WebKit

      Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later

      Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

      Description: An invalid cast issue existed in the handling of SVG files. This issue was addressed through improved type checking.

      CVE-ID

      CVE-2013-0912 : Nils and Jon from MWR Labs working with HP TippingPoint's Zero Day Initiative

    Read Full Article

    About the OS X Mountain Lion v10.8.3 Update

    Posted in Apple Mac OS

    The OS X Mountain Lion v10.8.3 update is recommended for all OS X Mountain Lion users and includes new features and fixes.

    Updating your system

    1. You should back up your system before installation. To do this you can use Time Machine.
    2. Do not interrupt the installation process once you have started to update your system.
    3. You may experience unexpected results if you have third-party system software modifications installed, or if you've modified the operating system through other means.
    4. Click the Apple () menu and choose Software Update to check for the latest Apple software via the Mac App Store, including this update.
    5. Other software updates available for your computer may appear, which you should install. Note that an update's size may vary from computer to computer when installed using Software Update. Also, some updates must be installed prior to others.

    You can also download the manual update installer. This is a useful option when you need to update multiple computers but only want to download the update once. These versions of the standalone installers are available from Apple Support Downloads

    About the update

    This update is recommended for all OS X Mountain Lion users and includes features and fixes that improve the stability, compatibility, and security of your Mac, including:

    • The ability to redeem iTunes gift cards in the Mac App Store using your Mac's built-in camera
    • Boot Camp support for installing Windows 8
    • Boot Camp support for Macs with a 3 TB hard drive
    • A fix for an issue that could cause a file URL to quit apps unexpectedly
    • A fix for an issue that may cause Logic Pro to become unresponsive when using certain plug-ins
    • A fix for an issue that may cause audio to stutter on 2011 iMacs
    • A fix for an issue in Contacts that may cause cards to print out of order
    • A fix for an issue that may cause the desktop picture to change after logging out or restarting
    • A fix for an issue in Messages that may cause messages to appear out of order after waking from sleep
    • A fix for an issue that may cause the screen to display incorrectly after waking from sleep
    • Improves compatibility with IMAP servers in the Notes app
    • Allows the Slideshow screen saver to display photos located in a subfolder
    • A fix for an issue in Contacts that may cause addresses to print in the wrong location
    • Reliability improvements when using a Microsoft Exchange account in Mail
    • Xsan reliability improvements
    • A fix for an issue that could cause Active Directory accounts to be locked out after accessing the Security & Privacy pane in System Preferences
    • A fix for an issue that could cause link aggregation to not complete after a restart
    • A fix for an issue that could cause delays when logging into an Active Directory account on high latency networks
       

    Safari 6.0.3 

    Safari 6.0.3 is included in the OS X Mountain Lion v10.8.3 Update and contains fixes that improve performance, stability, and security, including:

    • Improves scrolling on facebook.com
    • Improves scrolling while zoomed in on a webpage
    • Improves performance on webpages with plug-in content
    • A fix for an issue that could cause the inaccurate appearance of an alert that bookmarks can't be changed
    • A fix for an issue that could cause duplicate bookmarks to appear on an iOS device after editing bookmarks with Safari in OS X
    • A fix for an issue that permitted users to access unfiltered search results when searching from google.com when Parental Controls are enabled
    • A fix for an issue that could prevent Safari from restoring the last position on a webpage a user navigated back to

    Read Full Article