«
Expand/Collapse
184 items tagged "mac os"
Related tags:
apple security [+],
update [+],
overflow [+],
information [+],
hacking [+],
audio [+],
zero [+],
zed attack [+],
x kernel [+],
video [+],
usa [+],
security vulnerabilities [+],
security experience [+],
security advisory [+],
secunia [+],
penetration [+],
mac os x server [+],
mac [+],
zero day [+],
read [+],
intrusion detection tool [+],
intrusion [+],
detection [+],
day [+],
buffer [+],
arbitrary code execution [+],
apple mac os [+],
Skype [+],
vega web [+],
vega [+],
testing [+],
scanner [+],
remote buffer overflow [+],
proxy [+],
open source web [+],
mac osx [+],
interactive web application [+],
denial of service [+],
bugtraq [+],
beta mac os [+],
apple safari [+],
zap [+],
x. this [+],
x lion [+],
x imageio [+],
wireshark [+],
windows [+],
web context [+],
traversal [+],
traffic generator [+],
traffic [+],
tiff [+],
tar [+],
service vulnerability [+],
packet traffic [+],
ostinato [+],
ngs [+],
network [+],
linux [+],
kismet [+],
kernel extensions [+],
intrusion detection [+],
industry [+],
generator [+],
file [+],
dominic chell [+],
directory traversal [+],
directory [+],
cisco aironet [+],
charlie miller [+],
chaos communication congress [+],
buffer overflow vulnerability [+],
x. user [+],
x xnu [+],
x release [+],
x linux [+],
x ftpd [+],
x appletv [+],
viper [+],
ubuntu [+],
trace [+],
technical [+],
sunos [+],
sun solaris 10 [+],
start [+],
sniffer [+],
script [+],
retrieval requests [+],
resource exhaustion [+],
remote [+],
record [+],
raw [+],
randy robbins [+],
quicktime [+],
puppet [+],
packet [+],
netsupport [+],
memory access [+],
manager agent [+],
libc [+],
kismet wireless [+],
kevin estis [+],
kernel panic [+],
joe damato [+],
jesse daguanno [+],
java web start [+],
java sandbox [+],
java browser [+],
issue [+],
irk [+],
integer [+],
injection [+],
information disclosure vulnerability [+],
information disclosure [+],
idefense security advisory [+],
hooking [+],
handling [+],
function [+],
ftpd [+],
freebsd [+],
formula [+],
forensic data [+],
forensic [+],
fnmatch [+],
filesystem data [+],
filesystem [+],
engineering [+],
disclosure [+],
directory server [+],
denial [+],
david weston tags [+],
david weston [+],
cyber security alert [+],
cyber [+],
crafting [+],
client [+],
cff [+],
bug [+],
buffer overflow [+],
based buffer overflow [+],
auto [+],
attacker [+],
apple tv [+],
apple hfs [+],
adobe reader [+],
zorg [+],
x. we [+],
x. i [+],
x widget [+],
x webdav [+],
x to [+],
x physical [+],
x malware [+],
x image [+],
x google [+],
x evocam [+],
webserver [+],
vendor [+],
tiger [+],
test [+],
tcp [+],
system [+],
storm [+],
stack segment [+],
stack overflow [+],
source [+],
signal interface [+],
shellcode [+],
shell [+],
server versions [+],
server [+],
security authors [+],
safer use [+],
runtime [+],
red hat fedora [+],
red [+],
protocol implementation [+],
program locks [+],
policy [+],
pjsip [+],
paul harrington [+],
paper [+],
packetstormsecurity [+],
packet storm security [+],
osx [+],
os x intel [+],
open source implementation [+],
old [+],
o fly [+],
nokia n900 [+],
nokia [+],
news [+],
new mac [+],
new [+],
multiple buffer overflow [+],
multiple [+],
memory [+],
mach [+],
mac antivirus [+],
linux freebsd [+],
let [+],
leopard [+],
kernel internals [+],
intel [+],
integrity protection [+],
index structure [+],
hp ux [+],
honggfuzz [+],
heap memory [+],
hacking mac [+],
hack [+],
google [+],
fuzzer [+],
felix [+],
fedora core [+],
fanboys [+],
extension [+],
evocam [+],
dynamic libraries [+],
dino dai zovi [+],
core [+],
code execution [+],
code [+],
client platforms [+],
charles edge [+],
bastille [+],
avira [+],
asia [+],
apple xnu [+],
apple sandbox [+],
Tools [+],
security [+],
x uri stack [+],
x update [+],
x snow [+],
x sms [+],
x recovery [+],
x mail [+],
x has [+],
x exploit [+],
x compact [+],
x address [+],
wild [+],
webkit [+],
virtualbox [+],
video function [+],
version [+],
variant [+],
uses [+],
users [+],
transfer protocol ftp [+],
tiff image [+],
tiff heap [+],
tags [+],
sun [+],
studio [+],
sophos [+],
software testing tool [+],
server message block [+],
serious security flaw [+],
serious [+],
security holes [+],
security experts [+],
secure [+],
sdk package [+],
sdk [+],
safeguard [+],
safari for windows [+],
safari [+],
rootkits [+],
recovery partition [+],
rec [+],
real [+],
reader [+],
ransomware [+],
protocol [+],
protection [+],
proof of concept [+],
proof [+],
pinhead [+],
pgp users [+],
pgp [+],
patching [+],
panic [+],
microsoft office [+],
malware [+],
malicious users [+],
mail client [+],
macs [+],
mac os x update [+],
mac os x mail [+],
locking [+],
locked [+],
linux wireless [+],
linux mac [+],
library [+],
jay beale [+],
java vulnerability [+],
java security holes [+],
ios [+],
insecurity [+],
ilja [+],
hype [+],
html [+],
holes [+],
hfs [+],
hacks [+],
hackintosh [+],
fuzzing [+],
flaw [+],
flashback [+],
flaming hoops [+],
file transfer protocol [+],
facetime [+],
exploits [+],
executable file [+],
encryption [+],
download [+],
don [+],
disk [+],
disgraced [+],
diginotar [+],
decompiler [+],
decoder [+],
darknet [+],
crowd [+],
couple suggestions [+],
concept [+],
computer boots [+],
christian klein [+],
certificates [+],
canon camera [+],
camera [+],
brings [+],
bring [+],
black [+],
bff [+],
beta [+],
basic [+],
b trojan [+],
autofill [+],
apple shares [+],
apple safari for windows [+],
apple purges [+],
apple patches [+],
apple ios [+],
apple filing [+],
anyone [+],
anti virus software [+],
android [+],
afp [+],
adobe [+],
address book [+],
Software [+],
Pentesting [+],
ExploitsVulnerabilities [+],
os x [+],
vulnerability [+],
x event [+],
mac os x [+],
x server [+],
java [+],
authors [+],
memory corruption [+],
kernel [+],
web [+],
txt [+],
strongswan [+],
ipsec implementation [+],
ipsec [+],
implementation [+],
exchange protocols [+],
enterprise deployments [+],
black hat [+],
authentication mechanisms [+],
apple [+],
advisory [+],
aanval [+]
-
-
16:16
»
Packet Storm Security Advisories
Apple Security Advisory 2012-05-15-1 - QuickTime 7.7.2 is now available and addresses multiple security issues. Multiple stack overflows existed in QuickTime's handling of TeXML files. A heap overflow existed in QuickTime's handling of text tracks. A heap buffer overflow existed in the handling of H.264 encoded movie files. An uninitialized memory access issue existed in the handling of MP4 encoded files. For OS X Lion systems, this issue is addressed in OS X Lion v10.7.3. For Mac OS X v10.6 systems, this issue is addressed in Security Update 2012-001. Various other issues were also addressed.
-
16:16
»
Packet Storm Security Recent Files
Apple Security Advisory 2012-05-15-1 - QuickTime 7.7.2 is now available and addresses multiple security issues. Multiple stack overflows existed in QuickTime's handling of TeXML files. A heap overflow existed in QuickTime's handling of text tracks. A heap buffer overflow existed in the handling of H.264 encoded movie files. An uninitialized memory access issue existed in the handling of MP4 encoded files. For OS X Lion systems, this issue is addressed in OS X Lion v10.7.3. For Mac OS X v10.6 systems, this issue is addressed in Security Update 2012-001. Various other issues were also addressed.
-
16:16
»
Packet Storm Security Misc. Files
Apple Security Advisory 2012-05-15-1 - QuickTime 7.7.2 is now available and addresses multiple security issues. Multiple stack overflows existed in QuickTime's handling of TeXML files. A heap overflow existed in QuickTime's handling of text tracks. A heap buffer overflow existed in the handling of H.264 encoded movie files. An uninitialized memory access issue existed in the handling of MP4 encoded files. For OS X Lion systems, this issue is addressed in OS X Lion v10.7.3. For Mac OS X v10.6 systems, this issue is addressed in Security Update 2012-001. Various other issues were also addressed.
-
-
15:54
»
Packet Storm Security Recent Files
strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.
-
15:54
»
Packet Storm Security Misc. Files
strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.
-
-
15:07
»
Packet Storm Security Advisories
Apple Security Advisory 2012-04-12-1 - Java for OS X 2012-003 and Java for Mac OS X 10.6 Update 8 is now available. As a security hardening measure, the Java browser plugin and Java Web Start are deactivated if they are unused for 35 days. Installing this update will automatically deactivate the Java browser plugin and Java Web Start. Users may re-enable Java if they encounter Java applets on a web page or Java Web Start applications.
-
15:07
»
Packet Storm Security Recent Files
Apple Security Advisory 2012-04-12-1 - Java for OS X 2012-003 and Java for Mac OS X 10.6 Update 8 is now available. As a security hardening measure, the Java browser plugin and Java Web Start are deactivated if they are unused for 35 days. Installing this update will automatically deactivate the Java browser plugin and Java Web Start. Users may re-enable Java if they encounter Java applets on a web page or Java Web Start applications.
-
15:07
»
Packet Storm Security Misc. Files
Apple Security Advisory 2012-04-12-1 - Java for OS X 2012-003 and Java for Mac OS X 10.6 Update 8 is now available. As a security hardening measure, the Java browser plugin and Java Web Start are deactivated if they are unused for 35 days. Installing this update will automatically deactivate the Java browser plugin and Java Web Start. Users may re-enable Java if they encounter Java applets on a web page or Java Web Start applications.
-
-
7:22
»
Packet Storm Security Advisories
Ubuntu Security Notice 1419-1 - It was discovered that Puppet used a predictable filename when downloading Mac OS X package files. A local attacker could exploit this to overwrite arbitrary files. It was discovered that Puppet incorrectly handled filebucket retrieval requests. A local attacker could exploit this to read arbitrary files. It was discovered that Puppet incorrectly handled filebucket store requests. A local attacker could exploit this to perform a denial of service via resource exhaustion. Various other issues were also addressed.
-
7:22
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1419-1 - It was discovered that Puppet used a predictable filename when downloading Mac OS X package files. A local attacker could exploit this to overwrite arbitrary files. It was discovered that Puppet incorrectly handled filebucket retrieval requests. A local attacker could exploit this to read arbitrary files. It was discovered that Puppet incorrectly handled filebucket store requests. A local attacker could exploit this to perform a denial of service via resource exhaustion. Various other issues were also addressed.
-
7:22
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1419-1 - It was discovered that Puppet used a predictable filename when downloading Mac OS X package files. A local attacker could exploit this to overwrite arbitrary files. It was discovered that Puppet incorrectly handled filebucket retrieval requests. A local attacker could exploit this to read arbitrary files. It was discovered that Puppet incorrectly handled filebucket store requests. A local attacker could exploit this to perform a denial of service via resource exhaustion. Various other issues were also addressed.
-
-
20:29
»
Packet Storm Security Recent Files
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Mac OS X release.
-
20:29
»
Packet Storm Security Tools
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Mac OS X release.
-
20:29
»
Packet Storm Security Misc. Files
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Mac OS X release.
-
-
18:14
»
Packet Storm Security Advisories
Apple Security Advisory 2012-04-03-1 - Java for OS X 2012-001 and Java for Mac OS X 10.6 Update 7 is now available. It addresses multiple vulnerabilities that exist in Java 1.6.0_29, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox.
-
18:14
»
Packet Storm Security Recent Files
Apple Security Advisory 2012-04-03-1 - Java for OS X 2012-001 and Java for Mac OS X 10.6 Update 7 is now available. It addresses multiple vulnerabilities that exist in Java 1.6.0_29, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox.
-
18:14
»
Packet Storm Security Misc. Files
Apple Security Advisory 2012-04-03-1 - Java for OS X 2012-001 and Java for Mac OS X 10.6 Update 7 is now available. It addresses multiple vulnerabilities that exist in Java 1.6.0_29, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox.
-
-
21:54
»
Packet Storm Security Advisories
Secunia Security Advisory - Apple has issued an update for Java for Mac OS X. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
-
-
22:36
»
SecDocs
Authors:
Felix 'FX' Lindner Tags:
Mac OS X Google iPhone Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: We will discuss the two different approaches Apple and Google take for the client platforms iPad and Chromebook, how they are similar and how they are not. From the security architecture and integrity protection details to your account and identity that links you firmly back to the respective vendor, we will provide the big picture with occasional close-up shots. Here is what powers the vendor has over you, or what powers he gives to arbitrary unwashed attackers at conferences through fails in logic, binary or HTML.
-
22:36
»
SecDocs
Authors:
Felix 'FX' Lindner Tags:
Mac OS X Google iPhone Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: We will discuss the two different approaches Apple and Google take for the client platforms iPad and Chromebook, how they are similar and how they are not. From the security architecture and integrity protection details to your account and identity that links you firmly back to the respective vendor, we will provide the big picture with occasional close-up shots. Here is what powers the vendor has over you, or what powers he gives to arbitrary unwashed attackers at conferences through fails in logic, binary or HTML.
-
-
16:44
»
Packet Storm Security Recent Files
Aanval is the industry's most comprehensive snort and syslog intrusion detection, correlation and management console. Aanval is designed specifically to scale from small single sensor installations to global enterprise deployments. Aanval is browser based and designed to work on all current variants of UNIX, Linux and Mac OS X.
-
16:44
»
Packet Storm Security Tools
Aanval is the industry's most comprehensive snort and syslog intrusion detection, correlation and management console. Aanval is designed specifically to scale from small single sensor installations to global enterprise deployments. Aanval is browser based and designed to work on all current variants of UNIX, Linux and Mac OS X.
-
16:44
»
Packet Storm Security Misc. Files
Aanval is the industry's most comprehensive snort and syslog intrusion detection, correlation and management console. Aanval is designed specifically to scale from small single sensor installations to global enterprise deployments. Aanval is browser based and designed to work on all current variants of UNIX, Linux and Mac OS X.
-
-
18:58
»
Packet Storm Security Recent Files
strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.
-
18:58
»
Packet Storm Security Misc. Files
strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.
-
-
3:11
»
Packet Storm Security Recent Files
The Bastille Hardening program locks down an operating system, configuring the system for increased security. It currently supports Red Hat, Fedora Core, Red Hat Enterprise, SuSE, SuSE Enterprise, Mandrake, Debian, and Gentoo, HP-UX, and Apple's Mac OS X.
-
3:11
»
Packet Storm Security Misc. Files
The Bastille Hardening program locks down an operating system, configuring the system for increased security. It currently supports Red Hat, Fedora Core, Red Hat Enterprise, SuSE, SuSE Enterprise, Mandrake, Debian, and Gentoo, HP-UX, and Apple's Mac OS X.
-
-
17:47
»
Packet Storm Security Recent Files
Ostinato is an open-source, cross-platform packet/traffic generator and analyzer with a friendly GUI. It aims to be "Wireshark in Reverse" and thus become complementary to Wireshark. This is the Mac OS X release.
-
17:47
»
Packet Storm Security Tools
Ostinato is an open-source, cross-platform packet/traffic generator and analyzer with a friendly GUI. It aims to be "Wireshark in Reverse" and thus become complementary to Wireshark. This is the Mac OS X release.
-
17:47
»
Packet Storm Security Misc. Files
Ostinato is an open-source, cross-platform packet/traffic generator and analyzer with a friendly GUI. It aims to be "Wireshark in Reverse" and thus become complementary to Wireshark. This is the Mac OS X release.
-
-
16:30
»
Packet Storm Security Recent Files
Vega is a GUI-based, multi-platform, free and open source web security scanner that can be used to find instances of SQL injection, cross-site scripting (XSS), and other vulnerabilities in your web applications. Vega also includes an intercepting proxy for interactive web application debugging. Vega attack modules are written in Javascript, users can easily modify them or write their own. This is the Mac OS X 64-bit version.
-
16:30
»
Packet Storm Security Tools
Vega is a GUI-based, multi-platform, free and open source web security scanner that can be used to find instances of SQL injection, cross-site scripting (XSS), and other vulnerabilities in your web applications. Vega also includes an intercepting proxy for interactive web application debugging. Vega attack modules are written in Javascript, users can easily modify them or write their own. This is the Mac OS X 64-bit version.
-
16:30
»
Packet Storm Security Misc. Files
Vega is a GUI-based, multi-platform, free and open source web security scanner that can be used to find instances of SQL injection, cross-site scripting (XSS), and other vulnerabilities in your web applications. Vega also includes an intercepting proxy for interactive web application debugging. Vega attack modules are written in Javascript, users can easily modify them or write their own. This is the Mac OS X 64-bit version.
-
16:25
»
Packet Storm Security Recent Files
Vega is a GUI-based, multi-platform, free and open source web security scanner that can be used to find instances of SQL injection, cross-site scripting (XSS), and other vulnerabilities in your web applications. Vega also includes an intercepting proxy for interactive web application debugging. Vega attack modules are written in Javascript, users can easily modify them or write their own. This is the Mac OS X 32-bit version.
-
16:25
»
Packet Storm Security Tools
Vega is a GUI-based, multi-platform, free and open source web security scanner that can be used to find instances of SQL injection, cross-site scripting (XSS), and other vulnerabilities in your web applications. Vega also includes an intercepting proxy for interactive web application debugging. Vega attack modules are written in Javascript, users can easily modify them or write their own. This is the Mac OS X 32-bit version.
-
-
17:11
»
Packet Storm Security Recent Files
strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.
-
17:11
»
Packet Storm Security Misc. Files
strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.
-
-
17:42
»
Packet Storm Security Recent Files
strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.
-
17:42
»
Packet Storm Security Misc. Files
strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.
-
-
12:35
»
Packet Storm Security Recent Files
Packet Storm Widget is a Mac OS X widget that allows users to see all latest news from packetstormsecurity.org. A user can choose between different kind of news to see: All of the Latest Content, Latest News, Latest Files, Latest 0 Days, Latest Vulnerabilities and Latest Exploits. This allows a user to always keep up to date on their favorite security topics. Please note that this was *not* created by Packet Storm Security and questions should be directed to the author. This should run on Leopard, Snow Leopard, Lion and Tiger.
-
12:35
»
Packet Storm Security Misc. Files
Packet Storm Widget is a Mac OS X widget that allows users to see all latest news from packetstormsecurity.org. A user can choose between different kind of news to see: All of the Latest Content, Latest News, Latest Files, Latest 0 Days, Latest Vulnerabilities and Latest Exploits. This allows a user to always keep up to date on their favorite security topics. Please note that this was *not* created by Packet Storm Security and questions should be directed to the author. This should run on Leopard, Snow Leopard, Lion and Tiger.
-
-
19:09
»
Packet Storm Security Exploits
Apple Safari versions 5.0 and later on Mac OS and Windows are vulnerable to a directory traversal issue with the handling of "safari-extension://" URLs. Attackers can create malicious websites that trigger Safari to send files from the victim's system to the attacker. Arbitrary Javascript can be executed in the web context of the Safari extension.
-
19:09
»
Packet Storm Security Exploits
Apple Safari versions 5.0 and later on Mac OS and Windows are vulnerable to a directory traversal issue with the handling of "safari-extension://" URLs. Attackers can create malicious websites that trigger Safari to send files from the victim's system to the attacker. Arbitrary Javascript can be executed in the web context of the Safari extension.
-
19:09
»
Packet Storm Security Recent Files
Apple Safari versions 5.0 and later on Mac OS and Windows are vulnerable to a directory traversal issue with the handling of "safari-extension://" URLs. Attackers can create malicious websites that trigger Safari to send files from the victim's system to the attacker. Arbitrary Javascript can be executed in the web context of the Safari extension.
-
19:09
»
Packet Storm Security Misc. Files
Apple Safari versions 5.0 and later on Mac OS and Windows are vulnerable to a directory traversal issue with the handling of "safari-extension://" URLs. Attackers can create malicious websites that trigger Safari to send files from the victim's system to the attacker. Arbitrary Javascript can be executed in the web context of the Safari extension.
-
-
22:50
»
Packet Storm Security Advisories
Technical Cyber Security Alert 2011-286A - There are multiple vulnerabilities in Mac OS X 10.6.8, 10.7, and 10.7.1 and Mac OS X Server 10.6.8, 10.7, and 10.7.1. Apple has released updates to address these vulnerabilities.
-
22:50
»
Packet Storm Security Recent Files
Technical Cyber Security Alert 2011-286A - There are multiple vulnerabilities in Mac OS X 10.6.8, 10.7, and 10.7.1 and Mac OS X Server 10.6.8, 10.7, and 10.7.1. Apple has released updates to address these vulnerabilities.
-
22:50
»
Packet Storm Security Misc. Files
Technical Cyber Security Alert 2011-286A - There are multiple vulnerabilities in Mac OS X 10.6.8, 10.7, and 10.7.1 and Mac OS X Server 10.6.8, 10.7, and 10.7.1. Apple has released updates to address these vulnerabilities.
-
-
18:51
»
Packet Storm Security Advisories
A critical pointer vulnerability is located in the Mac OS X and Windows versions of Skype. The bug is located in 2 input forms of a unicode HTTP search request to the Skype search directory server. The vulnerability allows a local attacker to crash the complete Skype process via an unknown unhandled software exception. The bug allows a local attacker to overwrite or read a new address (skype_debug2_win7_x64x.png).
-
18:51
»
Packet Storm Security Recent Files
A critical pointer vulnerability is located in the Mac OS X and Windows versions of Skype. The bug is located in 2 input forms of a unicode HTTP search request to the Skype search directory server. The vulnerability allows a local attacker to crash the complete Skype process via an unknown unhandled software exception. The bug allows a local attacker to overwrite or read a new address (skype_debug2_win7_x64x.png).
-
18:51
»
Packet Storm Security Misc. Files
A critical pointer vulnerability is located in the Mac OS X and Windows versions of Skype. The bug is located in 2 input forms of a unicode HTTP search request to the Skype search directory server. The vulnerability allows a local attacker to crash the complete Skype process via an unknown unhandled software exception. The bug allows a local attacker to overwrite or read a new address (skype_debug2_win7_x64x.png).
-
-
17:04
»
Packet Storm Security Recent Files
strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.
-
17:04
»
Packet Storm Security Misc. Files
strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.
-
-
23:28
»
Sophos product advisories
If you install SafeGuard Disk Encryption for Mac 5.50.1 on Mac OS X 10.7 (Lion), Mac OS X 10.7 will no longer start. Instead the computer boots up into the Mac OS X Recovery partition.
-
-
7:20
»
Packet Storm Security Advisories
A corrupt Canon Camera RAW file (.CR2) can cause a crash in the RawCamera library. This affects viewing files in both the Preview.app application or via Quick Look. Mac OS X 10.6.6 with RawCamera.bundle versions prior to 3.6 are affected.
-
7:18
»
Packet Storm Security Advisories
Dominic Chell of NGS Secure has discovered a High risk vulnerability in Mac OS X ImageIO. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution.
-
-
12:54
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mac OS X's CFF Decoder.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
2:00
»
Packet Storm Security Advisories
Secunia Security Advisory - Apple has issued an update for Java for Mac OS X. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
-
-
4:18
»
Packet Storm Security Advisories
Secunia Security Advisory - Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.
-
-
20:41
»
Packet Storm Security Exploits
Multiple vendors libc/fnmatch(3) suffer from a denial of service vulnerability. Affected software includes Apache 2.2.17, NetBSD 5.1, OpenBSD 4.8, FreeBSD, Mac OS X 10.6, and Sun Solaris 10. Apache proof of concept is included.
-
20:41
»
Packet Storm Security Recent Files
Multiple vendors libc/fnmatch(3) suffer from a denial of service vulnerability. Affected software includes Apache 2.2.17, NetBSD 5.1, OpenBSD 4.8, FreeBSD, Mac OS X 10.6, and Sun Solaris 10. Apache proof of concept is included.
-
20:41
»
Packet Storm Security Misc. Files
Multiple vendors libc/fnmatch(3) suffer from a denial of service vulnerability. Affected software includes Apache 2.2.17, NetBSD 5.1, OpenBSD 4.8, FreeBSD, Mac OS X 10.6, and Sun Solaris 10. Apache proof of concept is included.
-
18:45
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader on Mac OS X.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
14:44
»
SecDocs
Authors:
Dionysus Blazakis Tags:
security Mac OS X Event:
Black Hat DC 2011 Abstract: Despite the never ending proclamations of the end of memory corruption vulnerabilities, modern software still falls to exploits that target these bugs. Current operating systems incorporate a battery of exploit mitigations making life significantly more complex for attackers. Additionally, developers are becoming increasingly aware of the security implications of previously idiomatic code. Leading software publishers are teaching defensive coding techniques and have adopted an offensive mindset for product testing. Unfortunately, a single vulnerability can still provide the attacker the leverage needed to gain entry. Security researchers have disclosed multiple ways to render the mitigations ineffective (under the right circumstances) -- imagine what techniques are not public. One bug can still "ruin your day". In this presentation, I describe the architecture and implementation of the Apple XNU Sandbox framework (previously codenamed "Seatbelt"). This framework is used to contain App Store applications on iOS and some server applications on OS X. I will give you a complete tour of the Sandbox internals, most of which are in closed source modules (kernel extensions and dynamic libraries). This information is useful for auditors or exploit developers attempting to escape the sandbox and for developers or defenders attempting to secure their applications. I will also release an automated profile decompiler to extract a human readable policy definition from a compiled profile inside the kernel (iOS kernelcache or OS X). By the end of the presentation, you will have a working understanding of the entire access control system from policy definition to sandbox initialization to the kernel's policy enforcement.
-
14:39
»
SecDocs
Authors:
Dionysus Blazakis Tags:
security Mac OS X Event:
Black Hat DC 2011 Abstract: Despite the never ending proclamations of the end of memory corruption vulnerabilities, modern software still falls to exploits that target these bugs. Current operating systems incorporate a battery of exploit mitigations making life significantly more complex for attackers. Additionally, developers are becoming increasingly aware of the security implications of previously idiomatic code. Leading software publishers are teaching defensive coding techniques and have adopted an offensive mindset for product testing. Unfortunately, a single vulnerability can still provide the attacker the leverage needed to gain entry. Security researchers have disclosed multiple ways to render the mitigations ineffective (under the right circumstances) -- imagine what techniques are not public. One bug can still "ruin your day". In this presentation, I describe the architecture and implementation of the Apple XNU Sandbox framework (previously codenamed "Seatbelt"). This framework is used to contain App Store applications on iOS and some server applications on OS X. I will give you a complete tour of the Sandbox internals, most of which are in closed source modules (kernel extensions and dynamic libraries). This information is useful for auditors or exploit developers attempting to escape the sandbox and for developers or defenders attempting to secure their applications. I will also release an automated profile decompiler to extract a human readable policy definition from a compiled profile inside the kernel (iOS kernelcache or OS X). By the end of the presentation, you will have a working understanding of the entire access control system from policy definition to sandbox initialization to the kernel's policy enforcement.
-
-
14:29
»
Packet Storm Security Advisories
VSR identified a vulnerability in HFS+, a filesystem implemented in the OS X XNU kernel. HFS+ is the default filesystem in use on many installations of the Mac OS X operating system. By exploiting this vulnerability, an unprivileged user with local access to a machine using HFS+ may be able to read raw filesystem data, bypassing file permissions and resulting in information disclosure.
-
14:29
»
Packet Storm Security Recent Files
VSR identified a vulnerability in HFS+, a filesystem implemented in the OS X XNU kernel. HFS+ is the default filesystem in use on many installations of the Mac OS X operating system. By exploiting this vulnerability, an unprivileged user with local access to a machine using HFS+ may be able to read raw filesystem data, bypassing file permissions and resulting in information disclosure.
-
14:29
»
Packet Storm Security Misc. Files
VSR identified a vulnerability in HFS+, a filesystem implemented in the OS X XNU kernel. HFS+ is the default filesystem in use on many installations of the Mac OS X operating system. By exploiting this vulnerability, an unprivileged user with local access to a machine using HFS+ may be able to read raw filesystem data, bypassing file permissions and resulting in information disclosure.
-
14:24
»
Packet Storm Security Advisories
Paul Harrington of NGS Secure has discovered a high risk vulnerability in Mac OS X Image RAW. Multiple buffer overflow issues existed in Image RAW's handling of Canon RAW images. Viewing a maliciously crafted Canon RAW image may result in an unexpected application termination or arbitrary code execution. Versions affected include Mac OS X 10.6 through 10.6.6, Mac OS X Server 10.6 through 10.6.6 with RawCamera.bundle versions prior to 3.6.
-
14:24
»
Packet Storm Security Recent Files
Paul Harrington of NGS Secure has discovered a high risk vulnerability in Mac OS X Image RAW. Multiple buffer overflow issues existed in Image RAW's handling of Canon RAW images. Viewing a maliciously crafted Canon RAW image may result in an unexpected application termination or arbitrary code execution. Versions affected include Mac OS X 10.6 through 10.6.6, Mac OS X Server 10.6 through 10.6.6 with RawCamera.bundle versions prior to 3.6.
-
13:35
»
Packet Storm Security Advisories
Dominic Chell of NGS Secure has discovered a High risk vulnerability in Mac OS X ImageIO. An integer overflow issue exists in ImageIO's handling of JPEG-encoded TIFF images. Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution. Versions affected include Mac OS X 10.6 through 10.6.6, Mac OS X Server 10.6 through 10.6.6.
-
13:35
»
Packet Storm Security Recent Files
Dominic Chell of NGS Secure has discovered a High risk vulnerability in Mac OS X ImageIO. An integer overflow issue exists in ImageIO's handling of JPEG-encoded TIFF images. Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution. Versions affected include Mac OS X 10.6 through 10.6.6, Mac OS X Server 10.6 through 10.6.6.
-
13:35
»
Packet Storm Security Misc. Files
Dominic Chell of NGS Secure has discovered a High risk vulnerability in Mac OS X ImageIO. An integer overflow issue exists in ImageIO's handling of JPEG-encoded TIFF images. Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution. Versions affected include Mac OS X 10.6 through 10.6.6, Mac OS X Server 10.6 through 10.6.6.
-
13:32
»
Packet Storm Security Advisories
iDefense Security Advisory 03.21.11 -Remote exploitation of a memory corruption vulnerability in Apple Inc.'s OfficeImport framework could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing an Excel file with a certain maliciously constructed record. This record is used to describe a formula that is shared between multiple cells. In this record, the 'formula' field is used to specify the formula used. By corrupting certain opcodes within this formula it is possible to trigger a memory corruption vulnerability. This can lead to the execution of arbitrary code. Apple has reported Mac OS X and OS X Server 10.6 through 10.6.6 vulnerable.
-
13:32
»
Packet Storm Security Recent Files
iDefense Security Advisory 03.21.11 -Remote exploitation of a memory corruption vulnerability in Apple Inc.'s OfficeImport framework could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing an Excel file with a certain maliciously constructed record. This record is used to describe a formula that is shared between multiple cells. In this record, the 'formula' field is used to specify the formula used. By corrupting certain opcodes within this formula it is possible to trigger a memory corruption vulnerability. This can lead to the execution of arbitrary code. Apple has reported Mac OS X and OS X Server 10.6 through 10.6.6 vulnerable.
-
13:32
»
Packet Storm Security Misc. Files
iDefense Security Advisory 03.21.11 -Remote exploitation of a memory corruption vulnerability in Apple Inc.'s OfficeImport framework could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing an Excel file with a certain maliciously constructed record. This record is used to describe a formula that is shared between multiple cells. In this record, the 'formula' field is used to specify the formula used. By corrupting certain opcodes within this formula it is possible to trigger a memory corruption vulnerability. This can lead to the execution of arbitrary code. Apple has reported Mac OS X and OS X Server 10.6 through 10.6.6 vulnerable.
-
13:31
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-108 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mac OS X's CFF Decoder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the Type1Scaler library processes a specially formatted compact font file. When processing this file, the application will corrupt memory outside the bounds of an allocated buffer. This can lead to code execution under the context of the application that utilizes the library.
-
13:31
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-108 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mac OS X's CFF Decoder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the Type1Scaler library processes a specially formatted compact font file. When processing this file, the application will corrupt memory outside the bounds of an allocated buffer. This can lead to code execution under the context of the application that utilizes the library.
-
13:31
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-108 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mac OS X's CFF Decoder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the Type1Scaler library processes a specially formatted compact font file. When processing this file, the application will corrupt memory outside the bounds of an allocated buffer. This can lead to code execution under the context of the application that utilizes the library.
-
-
14:42
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-074 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader on Mac OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the U3D component distributed with the Reader. The application uses the Parent Node count to calculate the size of an allocation. This value is not properly validated and the result of this size calculation can be wrapped to an unexpectedly small and insufficient value. Writes to this newly allocated buffer can be outside the bounds of its allocation. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the application.
-
14:42
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-074 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader on Mac OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the U3D component distributed with the Reader. The application uses the Parent Node count to calculate the size of an allocation. This value is not properly validated and the result of this size calculation can be wrapped to an unexpectedly small and insufficient value. Writes to this newly allocated buffer can be outside the bounds of its allocation. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the application.
-
14:42
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-074 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader on Mac OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the U3D component distributed with the Reader. The application uses the Parent Node count to calculate the size of an allocation. This value is not properly validated and the result of this size calculation can be wrapped to an unexpectedly small and insufficient value. Writes to this newly allocated buffer can be outside the bounds of its allocation. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the application.
-
-
7:59
»
Packet Storm Security Recent Files
Kismet is an 802.11 layer 2 wireless network sniffer. It can sniff 802.11b, 802.11a, and 802.11g traffic. It is capable of sniffing using almost any wireless card supported in Linux, which currently divide into cards handled by libpcap and the Linux-Wireless extensions (such as Cisco Aironet), and cards supported by the Wlan-NG project which use the Prism/2 chipset (such as Linksys, Dlink, and Zoom). Besides Linux, Kismet also supports FreeBSD, OpenBSD and Mac OS X systems. Features Multiple packet capture sources, Runtime network sorting by AP MAC address (bssid), IP block detection via ARP and DHCP packet dissection, Cisco product detection via CDP, Ethereal and tcpdump compatible file logging, Airsnort-compatible "interesting" (cryptographically weak) logging, Secure SUID behavior, GPS devices and wireless devices fingerprinting. Kismet also includes a tool called gpsmap that can be used to create maps from logged GPS data.
-
7:59
»
Packet Storm Security Tools
Kismet is an 802.11 layer 2 wireless network sniffer. It can sniff 802.11b, 802.11a, and 802.11g traffic. It is capable of sniffing using almost any wireless card supported in Linux, which currently divide into cards handled by libpcap and the Linux-Wireless extensions (such as Cisco Aironet), and cards supported by the Wlan-NG project which use the Prism/2 chipset (such as Linksys, Dlink, and Zoom). Besides Linux, Kismet also supports FreeBSD, OpenBSD and Mac OS X systems. Features Multiple packet capture sources, Runtime network sorting by AP MAC address (bssid), IP block detection via ARP and DHCP packet dissection, Cisco product detection via CDP, Ethereal and tcpdump compatible file logging, Airsnort-compatible "interesting" (cryptographically weak) logging, Secure SUID behavior, GPS devices and wireless devices fingerprinting. Kismet also includes a tool called gpsmap that can be used to create maps from logged GPS data.
-
7:59
»
Packet Storm Security Misc. Files
Kismet is an 802.11 layer 2 wireless network sniffer. It can sniff 802.11b, 802.11a, and 802.11g traffic. It is capable of sniffing using almost any wireless card supported in Linux, which currently divide into cards handled by libpcap and the Linux-Wireless extensions (such as Cisco Aironet), and cards supported by the Wlan-NG project which use the Prism/2 chipset (such as Linksys, Dlink, and Zoom). Besides Linux, Kismet also supports FreeBSD, OpenBSD and Mac OS X systems. Features Multiple packet capture sources, Runtime network sorting by AP MAC address (bssid), IP block detection via ARP and DHCP packet dissection, Cisco product detection via CDP, Ethereal and tcpdump compatible file logging, Airsnort-compatible "interesting" (cryptographically weak) logging, Secure SUID behavior, GPS devices and wireless devices fingerprinting. Kismet also includes a tool called gpsmap that can be used to create maps from logged GPS data.
-
-
19:59
»
Packet Storm Security Recent Files
ZORG is an open source implementation of the ZRTP protocol implementation. ZRTP provides end-to-end key exchange with Elliptic Curve Diffie-Hellmann 384bit and AES-256 SRTP encryption. This particular archive is Zorg C++, which has been integrated with PJSIP open source VoIP SDK and it's provided as an integration patch against PJSIP 1.8.5. It has been tested on iPhone, Symbian, Windows, Linux and Mac OS X.
-
19:59
»
Packet Storm Security Misc. Files
ZORG is an open source implementation of the ZRTP protocol implementation. ZRTP provides end-to-end key exchange with Elliptic Curve Diffie-Hellmann 384bit and AES-256 SRTP encryption. This particular archive is Zorg C++, which has been integrated with PJSIP open source VoIP SDK and it's provided as an integration patch against PJSIP 1.8.5. It has been tested on iPhone, Symbian, Windows, Linux and Mac OS X.
-
-
12:20
»
Packet Storm Security Exploits
NetSupport Manager Agent suffers from a stack-based buffer overflow vulnerability. Version 11 for Linux, 9.50 for Solaris, and 11.00 for Mac OS X are confirmed vulnerable. The advisory and exploit are both included in this archive.
-
12:20
»
Packet Storm Security Recent Files
NetSupport Manager Agent suffers from a stack-based buffer overflow vulnerability. Version 11 for Linux, 9.50 for Solaris, and 11.00 for Mac OS X are confirmed vulnerable. The advisory and exploit are both included in this archive.
-
12:20
»
Packet Storm Security Misc. Files
NetSupport Manager Agent suffers from a stack-based buffer overflow vulnerability. Version 11 for Linux, 9.50 for Solaris, and 11.00 for Mac OS X are confirmed vulnerable. The advisory and exploit are both included in this archive.
-
4:03
»
Packet Storm Security Advisories
Secunia Security Advisory - A vulnerability has been reported in Mac OS X, which can be exploited by malicious people to potentially compromise a vulnerable system.
-
-
5:11
»
Packet Storm Security Recent Files
Honggfuzz is a general-purpose, easy-to-use fuzzer with interesting analysis options. Given a starting corpus of test files, Honggfuzz supplies and modifies input to a test program and utilizes the ptrace() API/POSIX signal interface to detect and log crashes. It works on Linux, FreeBSD and Mac OS X.
-
5:11
»
Packet Storm Security Misc. Files
Honggfuzz is a general-purpose, easy-to-use fuzzer with interesting analysis options. Given a starting corpus of test files, Honggfuzz supplies and modifies input to a test program and utilizes the ptrace() API/POSIX signal interface to detect and log crashes. It works on Linux, FreeBSD and Mac OS X.
-
-
11:22
»
Packet Storm Security Tools
Ostinato is an open-source, cross-platform packet/traffic generator and analyzer with a friendly GUI. It aims to be "Wireshark in Reverse" and thus become complementary to Wireshark. This is the Mac OS X release.
-
-
14:22
»
Packet Storm Security Recent Files
Aanval is the industry's most comprehensive snort and syslog intrusion detection, correlation and management console. Aanval is designed specifically to scale from small single sensor installations to global enterprise deployments. Aanval is browser based and designed to work on all current variants of UNIX, Linux and Mac OS X.
-
14:22
»
Packet Storm Security Tools
Aanval is the industry's most comprehensive snort and syslog intrusion detection, correlation and management console. Aanval is designed specifically to scale from small single sensor installations to global enterprise deployments. Aanval is browser based and designed to work on all current variants of UNIX, Linux and Mac OS X.
-
14:22
»
Packet Storm Security Misc. Files
Aanval is the industry's most comprehensive snort and syslog intrusion detection, correlation and management console. Aanval is designed specifically to scale from small single sensor installations to global enterprise deployments. Aanval is browser based and designed to work on all current variants of UNIX, Linux and Mac OS X.
-
-
13:50
»
Packet Storm Security Recent Files
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Mac OS X, Windows and Cross Platform releases are all included in this file.
-
13:50
»
Packet Storm Security Misc. Files
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Mac OS X, Windows and Cross Platform releases are all included in this file.
-
-
4:19
»
Packet Storm Security Advisories
Secunia Security Advisory - A security issue has been reported in Mac OS X Server, which can be exploited by malicious users to gain knowledge of sensitive information.
-
-
19:02
»
Packet Storm Security Recent Files
Core Security Technologies Advisory - The Apple Type Services is prone to memory corruption due a sign mismatch vulnerability when handling the last offset value of the CharStrings INDEX structure. This vulnerability could be used by a remote attacker to execute arbitrary code, by enticing the user of Mac OS X v10.5.x to view or download a PDF document containing a embedded malicious CFF font.
-
19:01
»
Packet Storm Security Advisories
Core Security Technologies Advisory - The Apple Type Services is prone to memory corruption due a sign mismatch vulnerability when handling the last offset value of the CharStrings INDEX structure. This vulnerability could be used by a remote attacker to execute arbitrary code, by enticing the user of Mac OS X v10.5.x to view or download a PDF document containing a embedded malicious CFF font.
-
-
17:15
»
Packet Storm Security Tools
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Mac OS X, Windows and Cross Platform releases are all included in this file.
-
17:14
»
Packet Storm Security Recent Files
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Mac OS X, Windows and Cross Platform releases are all included in this file.
-
-
14:00
»
Packet Storm Security Advisories
The parental controls built into the Mac OS X Mail client can be easily bypassed by anyone who knows the email address of the child and his/her parent.
-
-
0:01
»
Packet Storm Security Tools
Aanval is the industry's most comprehensive snort and syslog intrusion detection, correlation and management console. Aanval is designed specifically to scale from small single sensor installations to global enterprise deployments. Aanval is browser based and designed to work on all current variants of UNIX, Linux and Mac OS X.
-
0:01
»
Packet Storm Security Recent Files
Aanval is the industry's most comprehensive snort and syslog intrusion detection, correlation and management console. Aanval is designed specifically to scale from small single sensor installations to global enterprise deployments. Aanval is browser based and designed to work on all current variants of UNIX, Linux and Mac OS X.
-
-
20:34
»
Packet Storm Security Recent Files
The Mac OS X WebDAV kernel extension is vulnerable to a denial of service issue that allows a local unprivileged user to trigger a kernel panic due to a memory overallocation.
-
20:33
»
Packet Storm Security Advisories
The Mac OS X WebDAV kernel extension is vulnerable to a denial of service issue that allows a local unprivileged user to trigger a kernel panic due to a memory overallocation.
-
-
22:51
»
Packet Storm Security Tools
Kismet is an 802.11 layer 2 wireless network sniffer. It can sniff 802.11b, 802.11a, and 802.11g traffic. It is capable of sniffing using almost any wireless card supported in Linux, which currently divide into cards handled by libpcap and the Linux-Wireless extensions (such as Cisco Aironet), and cards supported by the Wlan-NG project which use the Prism/2 chipset (such as Linksys, Dlink, and Zoom). Besides Linux, Kismet also supports FreeBSD, OpenBSD and Mac OS X systems. Features Multiple packet capture sources, Runtime network sorting by AP MAC address (bssid), IP block detection via ARP and DHCP packet dissection, Cisco product detection via CDP, Ethereal and tcpdump compatible file logging, Airsnort-compatible interesting (cryptographically weak) logging, Secure SUID behavior, GPS devices and wireless devices fingerprinting. Kismet also includes a tool called gpsmap that can be used to create maps from logged GPS data.
-
-
0:31
»
SecuriTeam
A vulnerability was discovered in Apple Safari for Windows, Mac OS X and iPhone.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
2:43
»
Packet Storm Security Recent Files
This Metasploit module exploits a stack overflow in the web server provided with the EvoCam program for Mac OS X. We use Dino Dai Zovi's exec-from-heap technique to copy the payload from the non-executable stack segment to heap memory. Vulnerable versions include 3.6.6, 3.6.7, and possibly earlier versions as well. EvoCam version 3.6.8 fixes the vulnerability.
-
2:43
»
Packet Storm Security Exploits
This Metasploit module exploits a stack overflow in the web server provided with the EvoCam program for Mac OS X. We use Dino Dai Zovi's exec-from-heap technique to copy the payload from the non-executable stack segment to heap memory. Vulnerable versions include 3.6.6, 3.6.7, and possibly earlier versions as well. EvoCam version 3.6.8 fixes the vulnerability.
-
-
21:02
»
SecDocs
Authors:
Matthieu Suiche Tags:
forensic Mac OS X Event:
Black Hat DC 2010 Abstract: In 2008 and 2009, companies and governments interests for Microsoft Windows physical memory growled significantly. Now it is time to talk about Mac OS X. This talk will describe basis of Mac OS X Kernel Internals (and not a XNU kernel creation timeline) and how to retrieve various information like machine information, mounted file systems, processes listing and extraction and threads, kernel extensions listing and extraction and Rootkit detection.
-
21:02
»
SecDocs
Authors:
Matthieu Suiche Tags:
forensic Mac OS X Event:
Black Hat DC 2010 Abstract: In 2008 and 2009, companies and governments interests for Microsoft Windows physical memory growled significantly. Now it is time to talk about Mac OS X. This talk will describe basis of Mac OS X Kernel Internals (and not a XNU kernel creation timeline) and how to retrieve various information like machine information, mounted file systems, processes listing and extraction and threads, kernel extensions listing and extraction and Rootkit detection.
-
-
10:42
»
Hack a Day
A new beta build of VirtualBox, Sun’s Oracle’s free x86 virtualization software, makes it possible to run Mac OS X as a guest operating system…no shenanigans or flaming hoops to jump through, just pop in the $30 retail Snow Leopard upgrade disc and go. This had previously only been possible with some awkward Hackintosh-style maneuvering, or [...]
-
-
14:13
»
Carnal0wnage
I wanted to be able to view/sniff some traffic from my android phone. Mostly to see how "closed" the gowalla checkin api was (not very).
The first couple suggestions were to connect the phone to wifi and checkin. To do this from the comfort of my own home meant checking in from home and I didn't really want to do that.
Installing the android emulator is pretty straightforward, the only problem is that it doesnt come with the android market or the ability to easily(?) download apps to mess with.
After some googling I found this post:
http://tech-droid.blogspot.com/2009/11/android-market-on-emulator.htmlThis enabled me to get a working android emulator with android market place.
Go
here and download the sdk for whatever system you are using, I'm on ubuntu...
You'll need to download some platforms as the sdk doesnt come with much of anyting by default.
To launch the Android SDK and AVD Manager on Windows, execute
SDK Setup.exe, at the root of the SDK directory. On Mac OS X or Linux, execute the
android tool in the
/tools/ folder. This will start the GUI (least on linux --I dont care about windows)
Go to available packages and download sdk package for Android 1.5 or 1.6. I used 1.5
over in installed packages you should see the sdk when its all done.
Go
here and download the system image for 1.5 or 1.6
Create an AVD (1.5 or 1.6). populate it how you want, I gave it one of everything on the hardware.
After you create the avd, you should have an avd folder in your .android folder. Something like .android/avd/[avdname]
Copy the system.img file you downloaded from HTC in there.
start that puppy up
If you went the 1.5 route you are probably getting a slide keyboard to open thing. Hit CTRL+F11 to change the orientation of the phone to "slide it open"
You now have a pretty much fully functional android to muck around with and now any communications with any apps should be sniffable in wireshark.
What about the GPS? The debugger gives you the ability to set the GPS manually so you can be anywhere you want to be :-)
additional reading:
https://www.isecpartners.com/files/iSEC_Android_Exploratory_Blackhat_2009.pdf-CG
-
-
23:00
»
Packet Storm Security Tools
Aanval is the industry's most comprehensive snort and syslog intrusion detection, correlation and management console. Aanval is designed specifically to scale from small single sensor installations to global enterprise deployments. Aanval is browser based and designed to work on all current variants of UNIX, Linux and Mac OS X.
-
23:00
»
Packet Storm Security Recent Files
Aanval is the industry's most comprehensive snort and syslog intrusion detection, correlation and management console. Aanval is designed specifically to scale from small single sensor installations to global enterprise deployments. Aanval is browser based and designed to work on all current variants of UNIX, Linux and Mac OS X.
Linux you can use Afpfs-ng
