«
Expand/Collapse
178 items tagged "mac os x"
Related tags:
secunia [+],
apple security [+],
update [+],
txt [+],
information [+],
hacking [+],
zed attack [+],
x server [+],
x kernel [+],
usa [+],
security vulnerabilities [+],
security experience [+],
security advisory [+],
remote [+],
penetration [+],
audio [+],
apple [+],
zero day [+],
zero [+],
x prior [+],
video [+],
open source web [+],
multiple [+],
intrusion detection tool [+],
intrusion [+],
interactive web application [+],
detection [+],
day [+],
code [+],
Skype [+],
vega web [+],
vega [+],
testing [+],
scanner [+],
proxy [+],
mac osx [+],
denial of service [+],
bugtraq [+],
beta mac os [+],
zap [+],
x. this [+],
x lion [+],
wireshark [+],
traffic generator [+],
traffic [+],
tar [+],
service vulnerability [+],
retired [+],
read [+],
packet traffic [+],
ostinato [+],
network [+],
mac os x server [+],
linux [+],
kismet [+],
kernel panic [+],
intrusion detection [+],
industry [+],
generator [+],
cisco aironet [+],
charlie miller [+],
cff [+],
x. user [+],
x xnu [+],
x release [+],
x malware [+],
x linux [+],
x ftpd [+],
x appletv [+],
viper [+],
ubuntu [+],
trace [+],
technical [+],
sunos [+],
sun solaris 10 [+],
start [+],
sniffer [+],
script [+],
retrieval requests [+],
resource exhaustion [+],
record [+],
randy robbins [+],
quicktime [+],
puppet [+],
packet [+],
old [+],
memory access [+],
libc [+],
kismet wireless [+],
kevin estis [+],
joe damato [+],
jesse daguanno [+],
java web start [+],
java sandbox [+],
java browser [+],
issue [+],
irk [+],
injection [+],
information disclosure vulnerability [+],
information disclosure [+],
idefense security advisory [+],
hooking [+],
handling [+],
function [+],
ftpd [+],
freebsd [+],
formula [+],
forensic data [+],
forensic [+],
fnmatch [+],
filesystem data [+],
filesystem [+],
file [+],
engineering [+],
disclosure [+],
directory server [+],
denial [+],
david weston tags [+],
david weston [+],
cyber security alert [+],
cyber [+],
crafting [+],
code execution [+],
canon camera [+],
bug [+],
buffer overflow [+],
auto [+],
attacker [+],
apple tv [+],
apple hfs [+],
adobe reader [+],
zorg [+],
x widget [+],
x webdav [+],
x to [+],
x physical [+],
x imageio [+],
x evocam [+],
x compact [+],
vulnerabilities [+],
tiger [+],
test [+],
tcp [+],
storm [+],
source [+],
signal interface [+],
shellcode [+],
shell [+],
server versions [+],
server [+],
security holes [+],
security authors [+],
safer use [+],
runtime [+],
remote buffer overflow [+],
protocol implementation [+],
pjsip [+],
paper [+],
packetstormsecurity [+],
packet storm security [+],
osx [+],
os x intel [+],
open source implementation [+],
o fly [+],
nokia n900 [+],
nokia [+],
news [+],
new mac [+],
new [+],
memory [+],
mach [+],
linux freebsd [+],
let [+],
leopard [+],
kernel internals [+],
kernel extensions [+],
java security holes [+],
intel [+],
index structure [+],
honggfuzz [+],
holes [+],
hacking mac [+],
hack [+],
fuzzer [+],
framework [+],
flashback [+],
fanboys [+],
extension [+],
execution [+],
core [+],
charles edge [+],
chaos communication congress [+],
asia [+],
Tools [+],
security [+],
os x [+],
x uri stack [+],
x update [+],
x snow [+],
x sms [+],
x recovery [+],
x quicktime [+],
x preferences [+],
x mail [+],
x image [+],
x has [+],
x exploit [+],
x cve [+],
x cups [+],
x cfnetwork [+],
x atsserver [+],
x address [+],
wild [+],
webkit [+],
vuln [+],
virtualbox [+],
video function [+],
version [+],
variant [+],
uses [+],
users [+],
unspecified [+],
tags [+],
system [+],
sun [+],
studio [+],
sophos [+],
software testing tool [+],
serious security flaw [+],
serious [+],
security experts [+],
sdk package [+],
sdk [+],
save [+],
safeguard [+],
safari for windows [+],
safari [+],
rootkits [+],
restrictions [+],
recovery partition [+],
rec [+],
real [+],
reader [+],
raw [+],
ransomware [+],
protection [+],
proof of concept [+],
proof [+],
poc [+],
plugs [+],
pinhead [+],
pgp users [+],
pgp [+],
patching [+],
patch [+],
panic [+],
overflow [+],
notification [+],
ngs [+],
microsoft office [+],
malware [+],
malicious users [+],
mail client [+],
macs [+],
mac os x update [+],
mac os x security [+],
mac os x mail [+],
mac antivirus [+],
login [+],
locking [+],
locked [+],
linux wireless [+],
linux mac [+],
library [+],
kit [+],
jpeg [+],
jay beale [+],
ios [+],
interface [+],
insecurity [+],
index [+],
ilja [+],
hype [+],
html [+],
hfs [+],
hacks [+],
hackintosh [+],
fuzzing [+],
font format [+],
flaw [+],
flaming hoops [+],
fixe [+],
feature [+],
facetime [+],
exploits [+],
exploit [+],
executable file [+],
encryption [+],
dozen holes [+],
dozen [+],
download [+],
disk [+],
decompiler [+],
decoder [+],
darknet [+],
crowd [+],
crimeware [+],
couple suggestions [+],
concept [+],
computer boots [+],
client [+],
christian klein [+],
charstrings [+],
camera [+],
buffer overflow vulnerability [+],
buffer [+],
brings [+],
bring [+],
black [+],
bff [+],
beta [+],
basic [+],
b trojan [+],
avira [+],
autofill [+],
apple shares [+],
apple safari for windows [+],
apple safari [+],
apple patches [+],
apple ios [+],
apple fixes [+],
anyone [+],
anti virus software [+],
android [+],
adobe [+],
address book [+],
Software [+],
ExploitsVulnerabilities [+],
vulnerability [+],
apple mac os x [+],
apple mac os [+],
x event [+],
mac os [+],
web [+],
mac [+],
authors [+],
advisory [+],
memory corruption [+],
kernel [+],
java [+],
enterprise deployments [+],
black hat [+],
aanval [+]
-
-
16:16
»
Packet Storm Security Advisories
Apple Security Advisory 2012-05-15-1 - QuickTime 7.7.2 is now available and addresses multiple security issues. Multiple stack overflows existed in QuickTime's handling of TeXML files. A heap overflow existed in QuickTime's handling of text tracks. A heap buffer overflow existed in the handling of H.264 encoded movie files. An uninitialized memory access issue existed in the handling of MP4 encoded files. For OS X Lion systems, this issue is addressed in OS X Lion v10.7.3. For Mac OS X v10.6 systems, this issue is addressed in Security Update 2012-001. Various other issues were also addressed.
-
16:16
»
Packet Storm Security Recent Files
Apple Security Advisory 2012-05-15-1 - QuickTime 7.7.2 is now available and addresses multiple security issues. Multiple stack overflows existed in QuickTime's handling of TeXML files. A heap overflow existed in QuickTime's handling of text tracks. A heap buffer overflow existed in the handling of H.264 encoded movie files. An uninitialized memory access issue existed in the handling of MP4 encoded files. For OS X Lion systems, this issue is addressed in OS X Lion v10.7.3. For Mac OS X v10.6 systems, this issue is addressed in Security Update 2012-001. Various other issues were also addressed.
-
16:16
»
Packet Storm Security Misc. Files
Apple Security Advisory 2012-05-15-1 - QuickTime 7.7.2 is now available and addresses multiple security issues. Multiple stack overflows existed in QuickTime's handling of TeXML files. A heap overflow existed in QuickTime's handling of text tracks. A heap buffer overflow existed in the handling of H.264 encoded movie files. An uninitialized memory access issue existed in the handling of MP4 encoded files. For OS X Lion systems, this issue is addressed in OS X Lion v10.7.3. For Mac OS X v10.6 systems, this issue is addressed in Security Update 2012-001. Various other issues were also addressed.
-
-
5:01
»
Packet Storm Security Advisories
Secunia Security Advisory - A security issue has been reported in Apple Mac OS X, which can be exploited by malicious people with physical access to bypass certain security restrictions.
-
-
15:07
»
Packet Storm Security Advisories
Apple Security Advisory 2012-04-12-1 - Java for OS X 2012-003 and Java for Mac OS X 10.6 Update 8 is now available. As a security hardening measure, the Java browser plugin and Java Web Start are deactivated if they are unused for 35 days. Installing this update will automatically deactivate the Java browser plugin and Java Web Start. Users may re-enable Java if they encounter Java applets on a web page or Java Web Start applications.
-
15:07
»
Packet Storm Security Recent Files
Apple Security Advisory 2012-04-12-1 - Java for OS X 2012-003 and Java for Mac OS X 10.6 Update 8 is now available. As a security hardening measure, the Java browser plugin and Java Web Start are deactivated if they are unused for 35 days. Installing this update will automatically deactivate the Java browser plugin and Java Web Start. Users may re-enable Java if they encounter Java applets on a web page or Java Web Start applications.
-
15:07
»
Packet Storm Security Misc. Files
Apple Security Advisory 2012-04-12-1 - Java for OS X 2012-003 and Java for Mac OS X 10.6 Update 8 is now available. As a security hardening measure, the Java browser plugin and Java Web Start are deactivated if they are unused for 35 days. Installing this update will automatically deactivate the Java browser plugin and Java Web Start. Users may re-enable Java if they encounter Java applets on a web page or Java Web Start applications.
-
-
7:22
»
Packet Storm Security Advisories
Ubuntu Security Notice 1419-1 - It was discovered that Puppet used a predictable filename when downloading Mac OS X package files. A local attacker could exploit this to overwrite arbitrary files. It was discovered that Puppet incorrectly handled filebucket retrieval requests. A local attacker could exploit this to read arbitrary files. It was discovered that Puppet incorrectly handled filebucket store requests. A local attacker could exploit this to perform a denial of service via resource exhaustion. Various other issues were also addressed.
-
7:22
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1419-1 - It was discovered that Puppet used a predictable filename when downloading Mac OS X package files. A local attacker could exploit this to overwrite arbitrary files. It was discovered that Puppet incorrectly handled filebucket retrieval requests. A local attacker could exploit this to read arbitrary files. It was discovered that Puppet incorrectly handled filebucket store requests. A local attacker could exploit this to perform a denial of service via resource exhaustion. Various other issues were also addressed.
-
7:22
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1419-1 - It was discovered that Puppet used a predictable filename when downloading Mac OS X package files. A local attacker could exploit this to overwrite arbitrary files. It was discovered that Puppet incorrectly handled filebucket retrieval requests. A local attacker could exploit this to read arbitrary files. It was discovered that Puppet incorrectly handled filebucket store requests. A local attacker could exploit this to perform a denial of service via resource exhaustion. Various other issues were also addressed.
-
-
20:29
»
Packet Storm Security Recent Files
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Mac OS X release.
-
20:29
»
Packet Storm Security Tools
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Mac OS X release.
-
20:29
»
Packet Storm Security Misc. Files
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Mac OS X release.
-
-
18:14
»
Packet Storm Security Advisories
Apple Security Advisory 2012-04-03-1 - Java for OS X 2012-001 and Java for Mac OS X 10.6 Update 7 is now available. It addresses multiple vulnerabilities that exist in Java 1.6.0_29, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox.
-
18:14
»
Packet Storm Security Recent Files
Apple Security Advisory 2012-04-03-1 - Java for OS X 2012-001 and Java for Mac OS X 10.6 Update 7 is now available. It addresses multiple vulnerabilities that exist in Java 1.6.0_29, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox.
-
18:14
»
Packet Storm Security Misc. Files
Apple Security Advisory 2012-04-03-1 - Java for OS X 2012-001 and Java for Mac OS X 10.6 Update 7 is now available. It addresses multiple vulnerabilities that exist in Java 1.6.0_29, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox.
-
-
21:54
»
Packet Storm Security Advisories
Secunia Security Advisory - Apple has issued an update for Java for Mac OS X. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
-
-
16:44
»
Packet Storm Security Recent Files
Aanval is the industry's most comprehensive snort and syslog intrusion detection, correlation and management console. Aanval is designed specifically to scale from small single sensor installations to global enterprise deployments. Aanval is browser based and designed to work on all current variants of UNIX, Linux and Mac OS X.
-
16:44
»
Packet Storm Security Tools
Aanval is the industry's most comprehensive snort and syslog intrusion detection, correlation and management console. Aanval is designed specifically to scale from small single sensor installations to global enterprise deployments. Aanval is browser based and designed to work on all current variants of UNIX, Linux and Mac OS X.
-
16:44
»
Packet Storm Security Misc. Files
Aanval is the industry's most comprehensive snort and syslog intrusion detection, correlation and management console. Aanval is designed specifically to scale from small single sensor installations to global enterprise deployments. Aanval is browser based and designed to work on all current variants of UNIX, Linux and Mac OS X.
-
-
17:47
»
Packet Storm Security Recent Files
Ostinato is an open-source, cross-platform packet/traffic generator and analyzer with a friendly GUI. It aims to be "Wireshark in Reverse" and thus become complementary to Wireshark. This is the Mac OS X release.
-
17:47
»
Packet Storm Security Tools
Ostinato is an open-source, cross-platform packet/traffic generator and analyzer with a friendly GUI. It aims to be "Wireshark in Reverse" and thus become complementary to Wireshark. This is the Mac OS X release.
-
17:47
»
Packet Storm Security Misc. Files
Ostinato is an open-source, cross-platform packet/traffic generator and analyzer with a friendly GUI. It aims to be "Wireshark in Reverse" and thus become complementary to Wireshark. This is the Mac OS X release.
-
-
16:30
»
Packet Storm Security Recent Files
Vega is a GUI-based, multi-platform, free and open source web security scanner that can be used to find instances of SQL injection, cross-site scripting (XSS), and other vulnerabilities in your web applications. Vega also includes an intercepting proxy for interactive web application debugging. Vega attack modules are written in Javascript, users can easily modify them or write their own. This is the Mac OS X 64-bit version.
-
16:30
»
Packet Storm Security Tools
Vega is a GUI-based, multi-platform, free and open source web security scanner that can be used to find instances of SQL injection, cross-site scripting (XSS), and other vulnerabilities in your web applications. Vega also includes an intercepting proxy for interactive web application debugging. Vega attack modules are written in Javascript, users can easily modify them or write their own. This is the Mac OS X 64-bit version.
-
16:30
»
Packet Storm Security Misc. Files
Vega is a GUI-based, multi-platform, free and open source web security scanner that can be used to find instances of SQL injection, cross-site scripting (XSS), and other vulnerabilities in your web applications. Vega also includes an intercepting proxy for interactive web application debugging. Vega attack modules are written in Javascript, users can easily modify them or write their own. This is the Mac OS X 64-bit version.
-
16:25
»
Packet Storm Security Recent Files
Vega is a GUI-based, multi-platform, free and open source web security scanner that can be used to find instances of SQL injection, cross-site scripting (XSS), and other vulnerabilities in your web applications. Vega also includes an intercepting proxy for interactive web application debugging. Vega attack modules are written in Javascript, users can easily modify them or write their own. This is the Mac OS X 32-bit version.
-
16:25
»
Packet Storm Security Tools
Vega is a GUI-based, multi-platform, free and open source web security scanner that can be used to find instances of SQL injection, cross-site scripting (XSS), and other vulnerabilities in your web applications. Vega also includes an intercepting proxy for interactive web application debugging. Vega attack modules are written in Javascript, users can easily modify them or write their own. This is the Mac OS X 32-bit version.
-
16:25
»
Packet Storm Security Misc. Files
Vega is a GUI-based, multi-platform, free and open source web security scanner that can be used to find instances of SQL injection, cross-site scripting (XSS), and other vulnerabilities in your web applications. Vega also includes an intercepting proxy for interactive web application debugging. Vega attack modules are written in Javascript, users can easily modify them or write their own. This is the Mac OS X 32-bit version.
-
-
20:55
»
Packet Storm Security Advisories
Secunia Security Advisory - A weakness has been discovered in Apple Mac OS X, which can be exploited by malicious people to cause a DoS (Denial of Service).
-
-
12:35
»
Packet Storm Security Recent Files
Packet Storm Widget is a Mac OS X widget that allows users to see all latest news from packetstormsecurity.org. A user can choose between different kind of news to see: All of the Latest Content, Latest News, Latest Files, Latest 0 Days, Latest Vulnerabilities and Latest Exploits. This allows a user to always keep up to date on their favorite security topics. Please note that this was *not* created by Packet Storm Security and questions should be directed to the author. This should run on Leopard, Snow Leopard, Lion and Tiger.
-
12:35
»
Packet Storm Security Misc. Files
Packet Storm Widget is a Mac OS X widget that allows users to see all latest news from packetstormsecurity.org. A user can choose between different kind of news to see: All of the Latest Content, Latest News, Latest Files, Latest 0 Days, Latest Vulnerabilities and Latest Exploits. This allows a user to always keep up to date on their favorite security topics. Please note that this was *not* created by Packet Storm Security and questions should be directed to the author. This should run on Leopard, Snow Leopard, Lion and Tiger.
-
-
22:50
»
Packet Storm Security Advisories
Technical Cyber Security Alert 2011-286A - There are multiple vulnerabilities in Mac OS X 10.6.8, 10.7, and 10.7.1 and Mac OS X Server 10.6.8, 10.7, and 10.7.1. Apple has released updates to address these vulnerabilities.
-
22:50
»
Packet Storm Security Recent Files
Technical Cyber Security Alert 2011-286A - There are multiple vulnerabilities in Mac OS X 10.6.8, 10.7, and 10.7.1 and Mac OS X Server 10.6.8, 10.7, and 10.7.1. Apple has released updates to address these vulnerabilities.
-
22:50
»
Packet Storm Security Misc. Files
Technical Cyber Security Alert 2011-286A - There are multiple vulnerabilities in Mac OS X 10.6.8, 10.7, and 10.7.1 and Mac OS X Server 10.6.8, 10.7, and 10.7.1. Apple has released updates to address these vulnerabilities.
-
-
18:51
»
Packet Storm Security Advisories
A critical pointer vulnerability is located in the Mac OS X and Windows versions of Skype. The bug is located in 2 input forms of a unicode HTTP search request to the Skype search directory server. The vulnerability allows a local attacker to crash the complete Skype process via an unknown unhandled software exception. The bug allows a local attacker to overwrite or read a new address (skype_debug2_win7_x64x.png).
-
18:51
»
Packet Storm Security Recent Files
A critical pointer vulnerability is located in the Mac OS X and Windows versions of Skype. The bug is located in 2 input forms of a unicode HTTP search request to the Skype search directory server. The vulnerability allows a local attacker to crash the complete Skype process via an unknown unhandled software exception. The bug allows a local attacker to overwrite or read a new address (skype_debug2_win7_x64x.png).
-
18:51
»
Packet Storm Security Misc. Files
A critical pointer vulnerability is located in the Mac OS X and Windows versions of Skype. The bug is located in 2 input forms of a unicode HTTP search request to the Skype search directory server. The vulnerability allows a local attacker to crash the complete Skype process via an unknown unhandled software exception. The bug allows a local attacker to overwrite or read a new address (skype_debug2_win7_x64x.png).
-
-
23:28
»
Sophos product advisories
If you install SafeGuard Disk Encryption for Mac 5.50.1 on Mac OS X 10.7 (Lion), Mac OS X 10.7 will no longer start. Instead the computer boots up into the Mac OS X Recovery partition.
-
-
7:20
»
Packet Storm Security Advisories
A corrupt Canon Camera RAW file (.CR2) can cause a crash in the RawCamera library. This affects viewing files in both the Preview.app application or via Quick Look. Mac OS X 10.6.6 with RawCamera.bundle versions prior to 3.6 are affected.
-
7:20
»
Packet Storm Security Recent Files
A corrupt Canon Camera RAW file (.CR2) can cause a crash in the RawCamera library. This affects viewing files in both the Preview.app application or via Quick Look. Mac OS X 10.6.6 with RawCamera.bundle versions prior to 3.6 are affected.
-
7:20
»
Packet Storm Security Misc. Files
A corrupt Canon Camera RAW file (.CR2) can cause a crash in the RawCamera library. This affects viewing files in both the Preview.app application or via Quick Look. Mac OS X 10.6.6 with RawCamera.bundle versions prior to 3.6 are affected.
-
-
12:54
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mac OS X's CFF Decoder.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
2:00
»
Packet Storm Security Advisories
Secunia Security Advisory - Apple has issued an update for Java for Mac OS X. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
-
-
4:18
»
Packet Storm Security Advisories
Secunia Security Advisory - Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.
-
-
20:41
»
Packet Storm Security Exploits
Multiple vendors libc/fnmatch(3) suffer from a denial of service vulnerability. Affected software includes Apache 2.2.17, NetBSD 5.1, OpenBSD 4.8, FreeBSD, Mac OS X 10.6, and Sun Solaris 10. Apache proof of concept is included.
-
20:41
»
Packet Storm Security Recent Files
Multiple vendors libc/fnmatch(3) suffer from a denial of service vulnerability. Affected software includes Apache 2.2.17, NetBSD 5.1, OpenBSD 4.8, FreeBSD, Mac OS X 10.6, and Sun Solaris 10. Apache proof of concept is included.
-
20:41
»
Packet Storm Security Misc. Files
Multiple vendors libc/fnmatch(3) suffer from a denial of service vulnerability. Affected software includes Apache 2.2.17, NetBSD 5.1, OpenBSD 4.8, FreeBSD, Mac OS X 10.6, and Sun Solaris 10. Apache proof of concept is included.
-
18:45
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader on Mac OS X.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
14:29
»
Packet Storm Security Advisories
VSR identified a vulnerability in HFS+, a filesystem implemented in the OS X XNU kernel. HFS+ is the default filesystem in use on many installations of the Mac OS X operating system. By exploiting this vulnerability, an unprivileged user with local access to a machine using HFS+ may be able to read raw filesystem data, bypassing file permissions and resulting in information disclosure.
-
14:29
»
Packet Storm Security Recent Files
VSR identified a vulnerability in HFS+, a filesystem implemented in the OS X XNU kernel. HFS+ is the default filesystem in use on many installations of the Mac OS X operating system. By exploiting this vulnerability, an unprivileged user with local access to a machine using HFS+ may be able to read raw filesystem data, bypassing file permissions and resulting in information disclosure.
-
14:29
»
Packet Storm Security Misc. Files
VSR identified a vulnerability in HFS+, a filesystem implemented in the OS X XNU kernel. HFS+ is the default filesystem in use on many installations of the Mac OS X operating system. By exploiting this vulnerability, an unprivileged user with local access to a machine using HFS+ may be able to read raw filesystem data, bypassing file permissions and resulting in information disclosure.
-
13:32
»
Packet Storm Security Advisories
iDefense Security Advisory 03.21.11 -Remote exploitation of a memory corruption vulnerability in Apple Inc.'s OfficeImport framework could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing an Excel file with a certain maliciously constructed record. This record is used to describe a formula that is shared between multiple cells. In this record, the 'formula' field is used to specify the formula used. By corrupting certain opcodes within this formula it is possible to trigger a memory corruption vulnerability. This can lead to the execution of arbitrary code. Apple has reported Mac OS X and OS X Server 10.6 through 10.6.6 vulnerable.
-
13:32
»
Packet Storm Security Recent Files
iDefense Security Advisory 03.21.11 -Remote exploitation of a memory corruption vulnerability in Apple Inc.'s OfficeImport framework could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing an Excel file with a certain maliciously constructed record. This record is used to describe a formula that is shared between multiple cells. In this record, the 'formula' field is used to specify the formula used. By corrupting certain opcodes within this formula it is possible to trigger a memory corruption vulnerability. This can lead to the execution of arbitrary code. Apple has reported Mac OS X and OS X Server 10.6 through 10.6.6 vulnerable.
-
13:32
»
Packet Storm Security Misc. Files
iDefense Security Advisory 03.21.11 -Remote exploitation of a memory corruption vulnerability in Apple Inc.'s OfficeImport framework could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing an Excel file with a certain maliciously constructed record. This record is used to describe a formula that is shared between multiple cells. In this record, the 'formula' field is used to specify the formula used. By corrupting certain opcodes within this formula it is possible to trigger a memory corruption vulnerability. This can lead to the execution of arbitrary code. Apple has reported Mac OS X and OS X Server 10.6 through 10.6.6 vulnerable.
-
13:31
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-108 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mac OS X's CFF Decoder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the Type1Scaler library processes a specially formatted compact font file. When processing this file, the application will corrupt memory outside the bounds of an allocated buffer. This can lead to code execution under the context of the application that utilizes the library.
-
13:31
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-108 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mac OS X's CFF Decoder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the Type1Scaler library processes a specially formatted compact font file. When processing this file, the application will corrupt memory outside the bounds of an allocated buffer. This can lead to code execution under the context of the application that utilizes the library.
-
13:31
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-108 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mac OS X's CFF Decoder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the Type1Scaler library processes a specially formatted compact font file. When processing this file, the application will corrupt memory outside the bounds of an allocated buffer. This can lead to code execution under the context of the application that utilizes the library.
-
-
14:42
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-074 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader on Mac OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the U3D component distributed with the Reader. The application uses the Parent Node count to calculate the size of an allocation. This value is not properly validated and the result of this size calculation can be wrapped to an unexpectedly small and insufficient value. Writes to this newly allocated buffer can be outside the bounds of its allocation. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the application.
-
14:42
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-074 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader on Mac OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the U3D component distributed with the Reader. The application uses the Parent Node count to calculate the size of an allocation. This value is not properly validated and the result of this size calculation can be wrapped to an unexpectedly small and insufficient value. Writes to this newly allocated buffer can be outside the bounds of its allocation. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the application.
-
14:42
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-074 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader on Mac OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the U3D component distributed with the Reader. The application uses the Parent Node count to calculate the size of an allocation. This value is not properly validated and the result of this size calculation can be wrapped to an unexpectedly small and insufficient value. Writes to this newly allocated buffer can be outside the bounds of its allocation. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the application.
-
-
7:59
»
Packet Storm Security Recent Files
Kismet is an 802.11 layer 2 wireless network sniffer. It can sniff 802.11b, 802.11a, and 802.11g traffic. It is capable of sniffing using almost any wireless card supported in Linux, which currently divide into cards handled by libpcap and the Linux-Wireless extensions (such as Cisco Aironet), and cards supported by the Wlan-NG project which use the Prism/2 chipset (such as Linksys, Dlink, and Zoom). Besides Linux, Kismet also supports FreeBSD, OpenBSD and Mac OS X systems. Features Multiple packet capture sources, Runtime network sorting by AP MAC address (bssid), IP block detection via ARP and DHCP packet dissection, Cisco product detection via CDP, Ethereal and tcpdump compatible file logging, Airsnort-compatible "interesting" (cryptographically weak) logging, Secure SUID behavior, GPS devices and wireless devices fingerprinting. Kismet also includes a tool called gpsmap that can be used to create maps from logged GPS data.
-
7:59
»
Packet Storm Security Tools
Kismet is an 802.11 layer 2 wireless network sniffer. It can sniff 802.11b, 802.11a, and 802.11g traffic. It is capable of sniffing using almost any wireless card supported in Linux, which currently divide into cards handled by libpcap and the Linux-Wireless extensions (such as Cisco Aironet), and cards supported by the Wlan-NG project which use the Prism/2 chipset (such as Linksys, Dlink, and Zoom). Besides Linux, Kismet also supports FreeBSD, OpenBSD and Mac OS X systems. Features Multiple packet capture sources, Runtime network sorting by AP MAC address (bssid), IP block detection via ARP and DHCP packet dissection, Cisco product detection via CDP, Ethereal and tcpdump compatible file logging, Airsnort-compatible "interesting" (cryptographically weak) logging, Secure SUID behavior, GPS devices and wireless devices fingerprinting. Kismet also includes a tool called gpsmap that can be used to create maps from logged GPS data.
-
7:59
»
Packet Storm Security Misc. Files
Kismet is an 802.11 layer 2 wireless network sniffer. It can sniff 802.11b, 802.11a, and 802.11g traffic. It is capable of sniffing using almost any wireless card supported in Linux, which currently divide into cards handled by libpcap and the Linux-Wireless extensions (such as Cisco Aironet), and cards supported by the Wlan-NG project which use the Prism/2 chipset (such as Linksys, Dlink, and Zoom). Besides Linux, Kismet also supports FreeBSD, OpenBSD and Mac OS X systems. Features Multiple packet capture sources, Runtime network sorting by AP MAC address (bssid), IP block detection via ARP and DHCP packet dissection, Cisco product detection via CDP, Ethereal and tcpdump compatible file logging, Airsnort-compatible "interesting" (cryptographically weak) logging, Secure SUID behavior, GPS devices and wireless devices fingerprinting. Kismet also includes a tool called gpsmap that can be used to create maps from logged GPS data.
-
-
19:59
»
Packet Storm Security Recent Files
ZORG is an open source implementation of the ZRTP protocol implementation. ZRTP provides end-to-end key exchange with Elliptic Curve Diffie-Hellmann 384bit and AES-256 SRTP encryption. This particular archive is Zorg C++, which has been integrated with PJSIP open source VoIP SDK and it's provided as an integration patch against PJSIP 1.8.5. It has been tested on iPhone, Symbian, Windows, Linux and Mac OS X.
-
19:59
»
Packet Storm Security Misc. Files
ZORG is an open source implementation of the ZRTP protocol implementation. ZRTP provides end-to-end key exchange with Elliptic Curve Diffie-Hellmann 384bit and AES-256 SRTP encryption. This particular archive is Zorg C++, which has been integrated with PJSIP open source VoIP SDK and it's provided as an integration patch against PJSIP 1.8.5. It has been tested on iPhone, Symbian, Windows, Linux and Mac OS X.
-
-
4:03
»
Packet Storm Security Advisories
Secunia Security Advisory - A vulnerability has been reported in Mac OS X, which can be exploited by malicious people to potentially compromise a vulnerable system.
-
-
5:11
»
Packet Storm Security Recent Files
Honggfuzz is a general-purpose, easy-to-use fuzzer with interesting analysis options. Given a starting corpus of test files, Honggfuzz supplies and modifies input to a test program and utilizes the ptrace() API/POSIX signal interface to detect and log crashes. It works on Linux, FreeBSD and Mac OS X.
-
5:11
»
Packet Storm Security Misc. Files
Honggfuzz is a general-purpose, easy-to-use fuzzer with interesting analysis options. Given a starting corpus of test files, Honggfuzz supplies and modifies input to a test program and utilizes the ptrace() API/POSIX signal interface to detect and log crashes. It works on Linux, FreeBSD and Mac OS X.
-
-
11:22
»
Packet Storm Security Tools
Ostinato is an open-source, cross-platform packet/traffic generator and analyzer with a friendly GUI. It aims to be "Wireshark in Reverse" and thus become complementary to Wireshark. This is the Mac OS X release.
-
-
14:22
»
Packet Storm Security Recent Files
Aanval is the industry's most comprehensive snort and syslog intrusion detection, correlation and management console. Aanval is designed specifically to scale from small single sensor installations to global enterprise deployments. Aanval is browser based and designed to work on all current variants of UNIX, Linux and Mac OS X.
-
14:22
»
Packet Storm Security Tools
Aanval is the industry's most comprehensive snort and syslog intrusion detection, correlation and management console. Aanval is designed specifically to scale from small single sensor installations to global enterprise deployments. Aanval is browser based and designed to work on all current variants of UNIX, Linux and Mac OS X.
-
14:22
»
Packet Storm Security Misc. Files
Aanval is the industry's most comprehensive snort and syslog intrusion detection, correlation and management console. Aanval is designed specifically to scale from small single sensor installations to global enterprise deployments. Aanval is browser based and designed to work on all current variants of UNIX, Linux and Mac OS X.
-
-
13:50
»
Packet Storm Security Recent Files
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Mac OS X, Windows and Cross Platform releases are all included in this file.
-
13:50
»
Packet Storm Security Misc. Files
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Mac OS X, Windows and Cross Platform releases are all included in this file.
-
-
4:19
»
Packet Storm Security Advisories
Secunia Security Advisory - A security issue has been reported in Mac OS X Server, which can be exploited by malicious users to gain knowledge of sensitive information.
-
-
19:02
»
Packet Storm Security Recent Files
Core Security Technologies Advisory - The Apple Type Services is prone to memory corruption due a sign mismatch vulnerability when handling the last offset value of the CharStrings INDEX structure. This vulnerability could be used by a remote attacker to execute arbitrary code, by enticing the user of Mac OS X v10.5.x to view or download a PDF document containing a embedded malicious CFF font.
-
19:01
»
Packet Storm Security Advisories
Core Security Technologies Advisory - The Apple Type Services is prone to memory corruption due a sign mismatch vulnerability when handling the last offset value of the CharStrings INDEX structure. This vulnerability could be used by a remote attacker to execute arbitrary code, by enticing the user of Mac OS X v10.5.x to view or download a PDF document containing a embedded malicious CFF font.
-
-
17:15
»
Packet Storm Security Tools
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Mac OS X, Windows and Cross Platform releases are all included in this file.
-
17:14
»
Packet Storm Security Recent Files
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Mac OS X, Windows and Cross Platform releases are all included in this file.
-
-
14:00
»
Packet Storm Security Advisories
The parental controls built into the Mac OS X Mail client can be easily bypassed by anyone who knows the email address of the child and his/her parent.
-
-
16:31
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Mac OS X.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
0:01
»
Packet Storm Security Tools
Aanval is the industry's most comprehensive snort and syslog intrusion detection, correlation and management console. Aanval is designed specifically to scale from small single sensor installations to global enterprise deployments. Aanval is browser based and designed to work on all current variants of UNIX, Linux and Mac OS X.
-
0:01
»
Packet Storm Security Recent Files
Aanval is the industry's most comprehensive snort and syslog intrusion detection, correlation and management console. Aanval is designed specifically to scale from small single sensor installations to global enterprise deployments. Aanval is browser based and designed to work on all current variants of UNIX, Linux and Mac OS X.
-
-
20:34
»
Packet Storm Security Recent Files
The Mac OS X WebDAV kernel extension is vulnerable to a denial of service issue that allows a local unprivileged user to trigger a kernel panic due to a memory overallocation.
-
20:33
»
Packet Storm Security Advisories
The Mac OS X WebDAV kernel extension is vulnerable to a denial of service issue that allows a local unprivileged user to trigger a kernel panic due to a memory overallocation.
-
-
22:51
»
Packet Storm Security Tools
Kismet is an 802.11 layer 2 wireless network sniffer. It can sniff 802.11b, 802.11a, and 802.11g traffic. It is capable of sniffing using almost any wireless card supported in Linux, which currently divide into cards handled by libpcap and the Linux-Wireless extensions (such as Cisco Aironet), and cards supported by the Wlan-NG project which use the Prism/2 chipset (such as Linksys, Dlink, and Zoom). Besides Linux, Kismet also supports FreeBSD, OpenBSD and Mac OS X systems. Features Multiple packet capture sources, Runtime network sorting by AP MAC address (bssid), IP block detection via ARP and DHCP packet dissection, Cisco product detection via CDP, Ethereal and tcpdump compatible file logging, Airsnort-compatible interesting (cryptographically weak) logging, Secure SUID behavior, GPS devices and wireless devices fingerprinting. Kismet also includes a tool called gpsmap that can be used to create maps from logged GPS data.
-
-
0:31
»
SecuriTeam
A vulnerability was discovered in Apple Safari for Windows, Mac OS X and iPhone.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
21:02
»
SecDocs
Authors:
Matthieu Suiche Tags:
forensic Mac OS X Event:
Black Hat DC 2010 Abstract: In 2008 and 2009, companies and governments interests for Microsoft Windows physical memory growled significantly. Now it is time to talk about Mac OS X. This talk will describe basis of Mac OS X Kernel Internals (and not a XNU kernel creation timeline) and how to retrieve various information like machine information, mounted file systems, processes listing and extraction and threads, kernel extensions listing and extraction and Rootkit detection.
-
21:02
»
SecDocs
Authors:
Matthieu Suiche Tags:
forensic Mac OS X Event:
Black Hat DC 2010 Abstract: In 2008 and 2009, companies and governments interests for Microsoft Windows physical memory growled significantly. Now it is time to talk about Mac OS X. This talk will describe basis of Mac OS X Kernel Internals (and not a XNU kernel creation timeline) and how to retrieve various information like machine information, mounted file systems, processes listing and extraction and threads, kernel extensions listing and extraction and Rootkit detection.
-
-
10:42
»
Hack a Day
A new beta build of VirtualBox, Sun’s Oracle’s free x86 virtualization software, makes it possible to run Mac OS X as a guest operating system…no shenanigans or flaming hoops to jump through, just pop in the $30 retail Snow Leopard upgrade disc and go. This had previously only been possible with some awkward Hackintosh-style maneuvering, or [...]
-
-
14:13
»
Carnal0wnage
I wanted to be able to view/sniff some traffic from my android phone. Mostly to see how "closed" the gowalla checkin api was (not very).
The first couple suggestions were to connect the phone to wifi and checkin. To do this from the comfort of my own home meant checking in from home and I didn't really want to do that.
Installing the android emulator is pretty straightforward, the only problem is that it doesnt come with the android market or the ability to easily(?) download apps to mess with.
After some googling I found this post:
http://tech-droid.blogspot.com/2009/11/android-market-on-emulator.htmlThis enabled me to get a working android emulator with android market place.
Go
here and download the sdk for whatever system you are using, I'm on ubuntu...
You'll need to download some platforms as the sdk doesnt come with much of anyting by default.
To launch the Android SDK and AVD Manager on Windows, execute
SDK Setup.exe, at the root of the SDK directory. On Mac OS X or Linux, execute the
android tool in the
/tools/ folder. This will start the GUI (least on linux --I dont care about windows)
Go to available packages and download sdk package for Android 1.5 or 1.6. I used 1.5
over in installed packages you should see the sdk when its all done.
Go
here and download the system image for 1.5 or 1.6
Create an AVD (1.5 or 1.6). populate it how you want, I gave it one of everything on the hardware.
After you create the avd, you should have an avd folder in your .android folder. Something like .android/avd/[avdname]
Copy the system.img file you downloaded from HTC in there.
start that puppy up
If you went the 1.5 route you are probably getting a slide keyboard to open thing. Hit CTRL+F11 to change the orientation of the phone to "slide it open"
You now have a pretty much fully functional android to muck around with and now any communications with any apps should be sniffable in wireshark.
What about the GPS? The debugger gives you the ability to set the GPS manually so you can be anywhere you want to be :-)
additional reading:
https://www.isecpartners.com/files/iSEC_Android_Exploratory_Blackhat_2009.pdf-CG
-
-
23:00
»
Packet Storm Security Tools
Aanval is the industry's most comprehensive snort and syslog intrusion detection, correlation and management console. Aanval is designed specifically to scale from small single sensor installations to global enterprise deployments. Aanval is browser based and designed to work on all current variants of UNIX, Linux and Mac OS X.
-
23:00
»
Packet Storm Security Recent Files
Aanval is the industry's most comprehensive snort and syslog intrusion detection, correlation and management console. Aanval is designed specifically to scale from small single sensor installations to global enterprise deployments. Aanval is browser based and designed to work on all current variants of UNIX, Linux and Mac OS X.
1337day (was: Inj3ct0r, 1337db) (1 unread)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities (1 unread)
Bugtraq
XSSed
Penetration Testing
BackTrack Linux Forums
Threatpost
carnal0wnage.attackresearch.com
Darknet
The Exploitant
Wirevolution
