«
Expand/Collapse
207 items tagged "mac os x"
Related tags:
remote [+],
apple security [+],
apple [+],
video [+],
txt [+],
security advisory [+],
hacking [+],
bugtraq [+],
audio [+],
zed attack [+],
x. this [+],
x server [+],
x kernel [+],
usa [+],
security vulnerabilities [+],
security experience [+],
penetration [+],
denial of service [+],
code [+],
zero day [+],
zero [+],
x prior [+],
open source web [+],
multiple [+],
intrusion detection tool [+],
intrusion [+],
interactive web application [+],
detection [+],
day [+],
Skype [+],
vega web [+],
vega [+],
testing [+],
scanner [+],
proxy [+],
mac osx [+],
disclosure [+],
beta mac os [+],
asia [+],
zap [+],
x lion [+],
wireshark [+],
vulnerabilities [+],
traffic generator [+],
traffic [+],
tar [+],
service vulnerability [+],
retired [+],
read [+],
packet traffic [+],
ostinato [+],
network [+],
mac os x server [+],
linux [+],
kismet [+],
kernel panic [+],
intrusion detection [+],
industry [+],
generator [+],
cisco aironet [+],
charlie miller [+],
cff [+],
x. user [+],
x. we [+],
x xnu [+],
x release [+],
x malware [+],
x linux [+],
x ftpd [+],
x cve [+],
x appletv [+],
viper [+],
ubuntu [+],
trace [+],
technical [+],
sunos [+],
sun solaris 10 [+],
start [+],
south africa [+],
sniffer [+],
script [+],
retrieval requests [+],
resource exhaustion [+],
record [+],
randy robbins [+],
ralf philipp [+],
quicktime [+],
puppet [+],
protection [+],
packet [+],
p event [+],
olsrd [+],
olsr [+],
old [+],
nepal [+],
memory access [+],
macos [+],
libc [+],
kismet wireless [+],
kevin estis [+],
joe damato [+],
jesse daguanno [+],
java web start [+],
java sandbox [+],
java browser [+],
jacob appelbaum [+],
issue [+],
irk [+],
injection [+],
information disclosure vulnerability [+],
information disclosure [+],
idefense security advisory [+],
hooking [+],
handling [+],
g access [+],
function [+],
ftpd [+],
freebsd [+],
formula [+],
forensic data [+],
forensic [+],
fnmatch [+],
filevault [+],
filesystem data [+],
filesystem [+],
file [+],
execution [+],
europe [+],
engineering [+],
elektra wagenrad [+],
directory server [+],
denial [+],
david weston tags [+],
david weston [+],
cyber security alert [+],
cyber [+],
crafting [+],
code execution [+],
canon camera [+],
bug [+],
buffer overflow [+],
auto [+],
attacker [+],
apple tv [+],
apple hfs [+],
analysis [+],
adobe reader [+],
Software [+],
Community [+],
security [+],
zorg [+],
x. regardless [+],
x widget [+],
x webdav [+],
x to [+],
x physical [+],
x multiple [+],
x imageio [+],
x evocam [+],
x compact [+],
ulrich von zadow [+],
tiger [+],
test [+],
tcp [+],
talk [+],
system deployment [+],
system [+],
storm [+],
source [+],
signal interface [+],
shellcode [+],
shell [+],
server versions [+],
server [+],
security holes [+],
security authors [+],
safer use [+],
runtime [+],
remote buffer overflow [+],
python [+],
protocol implementation [+],
pjsip [+],
paper [+],
packetstormsecurity [+],
packet storm security [+],
osx [+],
os x intel [+],
open source implementation [+],
o fly [+],
nokia n900 [+],
nokia [+],
news [+],
new mac [+],
new [+],
memory [+],
macintosh security [+],
macintosh [+],
mach [+],
linux freebsd [+],
let [+],
leopard [+],
kernel internals [+],
kernel extensions [+],
java security holes [+],
introduction [+],
intel [+],
index structure [+],
honggfuzz [+],
holes [+],
hacking mac [+],
hack [+],
fuzzer [+],
framework [+],
flashback [+],
fanboys [+],
extension [+],
core [+],
charles edge [+],
apple safari [+],
apple hardware [+],
amit singh tags [+],
Tools [+],
os x [+],
apple mac os x [+],
apple mac os [+],
x event [+],
x uri stack [+],
x update [+],
x snow [+],
x sms [+],
x recovery [+],
x quicktime [+],
x preferences [+],
x mail [+],
x local [+],
x java [+],
x image [+],
x has [+],
x exploit [+],
x cups [+],
x cfnetwork [+],
x atsserver [+],
x address [+],
wild [+],
webkit [+],
vuln [+],
viscosity [+],
virtualbox [+],
video introduction [+],
video function [+],
version [+],
variant [+],
uses [+],
users [+],
use [+],
unspecified [+],
tags [+],
sun [+],
studio [+],
sophos [+],
software testing tool [+],
serious security flaw [+],
serious [+],
security experts [+],
sdk package [+],
sdk [+],
save [+],
safeguard [+],
safari for windows [+],
safari [+],
s system [+],
rootkits [+],
root [+],
restrictions [+],
recovery partition [+],
rec [+],
real [+],
reader [+],
raw [+],
ransomware [+],
proof of concept [+],
proof [+],
poc [+],
plugs [+],
pinhead [+],
pgp users [+],
pgp [+],
patching [+],
patch [+],
panic [+],
overflow [+],
oracle [+],
openvpn [+],
notification [+],
ngs [+],
mountain lion [+],
mountain [+],
microsoft office [+],
malware [+],
malloc [+],
malicious users [+],
mail client [+],
macs [+],
mac os x update [+],
mac os x security [+],
mac os x mail [+],
mac antivirus [+],
login [+],
locking [+],
locked [+],
lion [+],
linux wireless [+],
linux mac [+],
libsecurity [+],
library [+],
kit [+],
jpeg [+],
jay beale [+],
java security [+],
ios [+],
interface [+],
insecurity [+],
index [+],
ilja [+],
hype [+],
html [+],
hfs [+],
hacks [+],
hackintosh [+],
fuzzing [+],
free [+],
font format [+],
flaw [+],
flaming hoops [+],
fixe [+],
feature [+],
false sense of security [+],
facetime [+],
exploits [+],
exploit [+],
executable file [+],
encryption [+],
dozen holes [+],
dozen [+],
download [+],
disk [+],
decompiler [+],
decoder [+],
darknet [+],
crowd [+],
cross site scripting [+],
crimeware [+],
couple suggestions [+],
concept [+],
computer boots [+],
command execution [+],
client [+],
christian klein [+],
charstrings [+],
charge [+],
camera [+],
buffer overflow vulnerability [+],
buffer [+],
bsd subsystem [+],
brings [+],
bring [+],
black [+],
bff [+],
beta [+],
basic [+],
b trojan [+],
avira [+],
autofill [+],
audio introduction [+],
apple shares [+],
apple safari for windows [+],
apple patches [+],
apple mac [+],
apple ios [+],
apple fixes [+],
anyone [+],
anti virus software [+],
android [+],
adobe [+],
address book [+],
ExploitsVulnerabilities [+],
vulnerability [+],
advisory [+],
mac os [+],
secunia [+],
java [+],
mac [+],
web [+],
authors [+],
update [+],
memory corruption [+],
kernel [+],
information [+],
enterprise deployments [+],
chaos communication congress [+],
black hat [+],
aanval [+]
-
3:05
»
Packet Storm Security Advisories
Secunia Security Advisory - Apple has issued an update for Java for Mac OS X. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
-
-
21:51
»
SecDocs
Authors:
Angelo Laub Tags:
Mac OS X Event:
Chaos Communication Congress 21th (21C3) 2004 Abstract: Some recent security problems with Mac OS X stem from the fact that Apple tries to combine the Unix security model with easy and convient usability and closed source. Showing examples from our own research we will take you on a pleasant journey to get root on almost any recent Macintosh. And of course, there will be "just one more thing". While rumors have it that Mac OS X is extremely secure due to its open-source Darwin core and the elaborate Unix security model, little is known about practical problems that hide under its hood. While the lack of serious worms and other malware for the Mac might give users a false sense of security, things aren't that pretty once you dig deeper in the system. SUID root programs, closed-source security components, and badly-chosen default settings pile up to a security nightmare waiting to happen. We will give an overview of the problems, demonstrate example code, and give you an insight into communication problems with Apple support on security issues. Both problems with Mac OS X 10.3 (Panther) and the future version 10.4 (Tiger) will be addressed. As you can expect from any decent Apple presentation, be prepared for "one more thing".
-
-
11:22
»
Packet Storm Security Tools
This is a 64bit Mac OS-X kernel rootkit that uses no hardcoded address to hook the BSD subsystem in all OS-X Lion and below. It uses a combination of syscall hooking and DKOM to hide activity on a host. String resolution of symbols no longer works on Mountain Lion as symtab is destroyed during load, this code is portable on all Lion and below but requires re-working for hooking under Mountain Lion.
-
-
21:46
»
SecDocs
Authors:
Elektra Wagenrad Tags:
network P2P Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: Olsr.org's improved algorithm (compared to the initial INRIA OLSR draft) and how it may influence the development of ubiquitous free wireless networks. The Optimized Link State Routing Deamon - olsrd - from olsr.org is a routing application developed by community networking activists for wireless mesh networks. It is a open-source project that supports Mac OS-X, Window$ 98, 2000, XP, Linux, FreeBSD, OpenBSD and NetBSD. The application is available for Accesspoints that run Linux like the Linksys WRT54G, Asus Wl500g, Asus Wireles Harddrive, 4G Access Cube or Pocket PCs running Familiar Linux. Olsrd is a tremendous success. Community Wifi Networks all over the world are using olsrd now - in South Africa, Europe, Asia, Nepal, to mention a few. Rumours say that the most prominent person that communicates using olsrd at the moment is the Dalai Lama in exile... I will show what is going on in olsrd, where we are heading to with the protocol, what you can actually do with it now and what are the differences to the initial INRIA OLSR draft.
-
3:33
»
SecDocs
Authors:
Elektra Wagenrad Tags:
network P2P Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: Olsr.org's improved algorithm (compared to the initial INRIA OLSR draft) and how it may influence the development of ubiquitous free wireless networks. The Optimized Link State Routing Deamon - olsrd - from olsr.org is a routing application developed by community networking activists for wireless mesh networks. It is a open-source project that supports Mac OS-X, Window$ 98, 2000, XP, Linux, FreeBSD, OpenBSD and NetBSD. The application is available for Accesspoints that run Linux like the Linksys WRT54G, Asus Wl500g, Asus Wireles Harddrive, 4G Access Cube or Pocket PCs running Familiar Linux. Olsrd is a tremendous success. Community Wifi Networks all over the world are using olsrd now - in South Africa, Europe, Asia, Nepal, to mention a few. Rumours say that the most prominent person that communicates using olsrd at the moment is the Dalai Lama in exile... I will show what is going on in olsrd, where we are heading to with the protocol, what you can actually do with it now and what are the differences to the initial INRIA OLSR draft.
-
3:33
»
SecDocs
Authors:
Elektra Wagenrad Tags:
network P2P Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: Olsr.org's improved algorithm (compared to the initial INRIA OLSR draft) and how it may influence the development of ubiquitous free wireless networks. The Optimized Link State Routing Deamon - olsrd - from olsr.org is a routing application developed by community networking activists for wireless mesh networks. It is a open-source project that supports Mac OS-X, Window$ 98, 2000, XP, Linux, FreeBSD, OpenBSD and NetBSD. The application is available for Accesspoints that run Linux like the Linksys WRT54G, Asus Wl500g, Asus Wireles Harddrive, 4G Access Cube or Pocket PCs running Familiar Linux. Olsrd is a tremendous success. Community Wifi Networks all over the world are using olsrd now - in South Africa, Europe, Asia, Nepal, to mention a few. Rumours say that the most prominent person that communicates using olsrd at the moment is the Dalai Lama in exile... I will show what is going on in olsrd, where we are heading to with the protocol, what you can actually do with it now and what are the differences to the initial INRIA OLSR draft.
-
-
23:38
»
Packet Storm Security Advisories
Secunia Security Advisory - Apple has issued an update for Java for Mac OS X. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
-
21:28
»
SecDocs
Authors:
Ulrich von Zadow Tags:
technology Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: Using Python, a large variety of media-oriented systems can be scripted with very little effort. The talk will explore the available libraries for 2d and 3d graphics, video and sound and describe real-world experiences in deploying these systems. Multimedia on linux has made great progress. A few years ago, video support was very limited, low-latency-audio was impossible, getting jitter-free performance was a nightmare and fonts were rendered with a quality that made any designer cringe. This has changed. One language that has been used successfully in many multimedia systems is python. The talk will look at what is required to set up a multimedia system with python. While the focus will be on installations in public or semi-public areas (museums, showrooms, the c-base), many of the techniques can be used in other areas as well. Most of the talk will cover Linux-based systems, with some references to the possibilities of Mac OS X systems.
-
21:28
»
SecDocs
Authors:
Ulrich von Zadow Tags:
technology Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: Using Python, a large variety of media-oriented systems can be scripted with very little effort. The talk will explore the available libraries for 2d and 3d graphics, video and sound and describe real-world experiences in deploying these systems. Multimedia on linux has made great progress. A few years ago, video support was very limited, low-latency-audio was impossible, getting jitter-free performance was a nightmare and fonts were rendered with a quality that made any designer cringe. This has changed. One language that has been used successfully in many multimedia systems is python. The talk will look at what is required to set up a multimedia system with python. While the focus will be on installations in public or semi-public areas (museums, showrooms, the c-base), many of the techniques can be used in other areas as well. Most of the talk will cover Linux-based systems, with some references to the possibilities of Mac OS X systems.
-
-
17:00
»
SecuriTeam
Apple Mac OS X is prone to multiple information-disclosure vulnerabilities.
-
-
21:45
»
SecDocs
Authors:
Jacob Appelbaum Ralf-Philipp Weinmann Tags:
cryptography Mac OS X Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: Analysis of the MacOS X storage encryption technology FileVault. Having fun by reverse-engineering private Frameworks under MacOS X. We present an analysis of Apple's proprietary disk encryption technology, FileVault. Besides the vendor's claim of 128-bit security through the use of AES, not much was previously known about its inner workings. This talk will fill in the many missing details in the puzzle and analyse the design decisions. Besides the cryptographic details, this talk will of show how the relevant parts of the DiskImages framework were reverse-engineered for this project.
-
21:45
»
SecDocs
Authors:
Jacob Appelbaum Ralf-Philipp Weinmann Tags:
cryptography Mac OS X Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: Analysis of the MacOS X storage encryption technology FileVault. Having fun by reverse-engineering private Frameworks under MacOS X. We present an analysis of Apple's proprietary disk encryption technology, FileVault. Besides the vendor's claim of 128-bit security through the use of AES, not much was previously known about its inner workings. This talk will fill in the many missing details in the puzzle and analyse the design decisions. Besides the cryptographic details, this talk will of show how the relevant parts of the DiskImages framework were reverse-engineered for this project.
-
21:45
»
SecDocs
Authors:
Jacob Appelbaum Ralf-Philipp Weinmann Tags:
cryptography Mac OS X Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: Analysis of the MacOS X storage encryption technology FileVault. Having fun by reverse-engineering private Frameworks under MacOS X. We present an analysis of Apple's proprietary disk encryption technology, FileVault. Besides the vendor's claim of 128-bit security through the use of AES, not much was previously known about its inner workings. This talk will fill in the many missing details in the puzzle and analyse the design decisions. Besides the cryptographic details, this talk will of show how the relevant parts of the DiskImages framework were reverse-engineered for this project.
-
-
21:43
»
SecDocs
Authors:
Amit Singh Tags:
DRM Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: Ever since Apple announced the x86 version of Mac OS X, people have been obsessed with running the operating system on non-Apple hardware. The media has given this topic more than its fair share of coverage, with nary a week going by without some discussion of the tussle between Apple and system attackers attempting to "crack" Mac OS X. Regardless of the periodic outcomes of such tussles (including the so-called hacker victories), widespread myths continue about what happens inside Mac OS X with respect to such protection. Moreover, the presence of trusted platform modules (TPMs) in newer Apple computer models only makes the situation more interesting--trusted hardware is perhaps one of the most untrusted (and misunderstood) entities on earth. In this talk, we will unravel some TPM mysteries and look at the architecture of Mac OS X relevant to software protection.
-
-
21:43
»
SecDocs
Authors:
Amit Singh Tags:
DRM Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: Ever since Apple announced the x86 version of Mac OS X, people have been obsessed with running the operating system on non-Apple hardware. The media has given this topic more than its fair share of coverage, with nary a week going by without some discussion of the tussle between Apple and system attackers attempting to "crack" Mac OS X. Regardless of the periodic outcomes of such tussles (including the so-called hacker victories), widespread myths continue about what happens inside Mac OS X with respect to such protection. Moreover, the presence of trusted platform modules (TPMs) in newer Apple computer models only makes the situation more interesting--trusted hardware is perhaps one of the most untrusted (and misunderstood) entities on earth. In this talk, we will unravel some TPM mysteries and look at the architecture of Mac OS X relevant to software protection.
-
-
7:44
»
Packet Storm Security Exploits
Viscosity OpenVPN client for Mac OS X suffers from a local root command execution vulnerability due to a suid binary executing site.py.
-
-
1:42
»
Packet Storm Security Advisories
Secunia Security Advisory - Multiple vulnerabilities have been reported in Apple Safari for Mac OS X, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, disclose sensitive information, bypass certain security restrictions, and compromise a user's system.
-
-
21:55
»
Packet Storm Security Advisories
Secunia Security Advisory - Apple has issued an update for Java for Mac OS X. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information, manipulate certain data, and cause a DoS (Denial of Service) and by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
-
-
16:16
»
Packet Storm Security Advisories
Apple Security Advisory 2012-05-15-1 - QuickTime 7.7.2 is now available and addresses multiple security issues. Multiple stack overflows existed in QuickTime's handling of TeXML files. A heap overflow existed in QuickTime's handling of text tracks. A heap buffer overflow existed in the handling of H.264 encoded movie files. An uninitialized memory access issue existed in the handling of MP4 encoded files. For OS X Lion systems, this issue is addressed in OS X Lion v10.7.3. For Mac OS X v10.6 systems, this issue is addressed in Security Update 2012-001. Various other issues were also addressed.
-
16:16
»
Packet Storm Security Recent Files
Apple Security Advisory 2012-05-15-1 - QuickTime 7.7.2 is now available and addresses multiple security issues. Multiple stack overflows existed in QuickTime's handling of TeXML files. A heap overflow existed in QuickTime's handling of text tracks. A heap buffer overflow existed in the handling of H.264 encoded movie files. An uninitialized memory access issue existed in the handling of MP4 encoded files. For OS X Lion systems, this issue is addressed in OS X Lion v10.7.3. For Mac OS X v10.6 systems, this issue is addressed in Security Update 2012-001. Various other issues were also addressed.
-
16:16
»
Packet Storm Security Misc. Files
Apple Security Advisory 2012-05-15-1 - QuickTime 7.7.2 is now available and addresses multiple security issues. Multiple stack overflows existed in QuickTime's handling of TeXML files. A heap overflow existed in QuickTime's handling of text tracks. A heap buffer overflow existed in the handling of H.264 encoded movie files. An uninitialized memory access issue existed in the handling of MP4 encoded files. For OS X Lion systems, this issue is addressed in OS X Lion v10.7.3. For Mac OS X v10.6 systems, this issue is addressed in Security Update 2012-001. Various other issues were also addressed.
-
-
5:01
»
Packet Storm Security Advisories
Secunia Security Advisory - A security issue has been reported in Apple Mac OS X, which can be exploited by malicious people with physical access to bypass certain security restrictions.
-
-
15:07
»
Packet Storm Security Advisories
Apple Security Advisory 2012-04-12-1 - Java for OS X 2012-003 and Java for Mac OS X 10.6 Update 8 is now available. As a security hardening measure, the Java browser plugin and Java Web Start are deactivated if they are unused for 35 days. Installing this update will automatically deactivate the Java browser plugin and Java Web Start. Users may re-enable Java if they encounter Java applets on a web page or Java Web Start applications.
-
15:07
»
Packet Storm Security Recent Files
Apple Security Advisory 2012-04-12-1 - Java for OS X 2012-003 and Java for Mac OS X 10.6 Update 8 is now available. As a security hardening measure, the Java browser plugin and Java Web Start are deactivated if they are unused for 35 days. Installing this update will automatically deactivate the Java browser plugin and Java Web Start. Users may re-enable Java if they encounter Java applets on a web page or Java Web Start applications.
-
15:07
»
Packet Storm Security Misc. Files
Apple Security Advisory 2012-04-12-1 - Java for OS X 2012-003 and Java for Mac OS X 10.6 Update 8 is now available. As a security hardening measure, the Java browser plugin and Java Web Start are deactivated if they are unused for 35 days. Installing this update will automatically deactivate the Java browser plugin and Java Web Start. Users may re-enable Java if they encounter Java applets on a web page or Java Web Start applications.
-
-
7:22
»
Packet Storm Security Advisories
Ubuntu Security Notice 1419-1 - It was discovered that Puppet used a predictable filename when downloading Mac OS X package files. A local attacker could exploit this to overwrite arbitrary files. It was discovered that Puppet incorrectly handled filebucket retrieval requests. A local attacker could exploit this to read arbitrary files. It was discovered that Puppet incorrectly handled filebucket store requests. A local attacker could exploit this to perform a denial of service via resource exhaustion. Various other issues were also addressed.
-
7:22
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1419-1 - It was discovered that Puppet used a predictable filename when downloading Mac OS X package files. A local attacker could exploit this to overwrite arbitrary files. It was discovered that Puppet incorrectly handled filebucket retrieval requests. A local attacker could exploit this to read arbitrary files. It was discovered that Puppet incorrectly handled filebucket store requests. A local attacker could exploit this to perform a denial of service via resource exhaustion. Various other issues were also addressed.
-
7:22
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1419-1 - It was discovered that Puppet used a predictable filename when downloading Mac OS X package files. A local attacker could exploit this to overwrite arbitrary files. It was discovered that Puppet incorrectly handled filebucket retrieval requests. A local attacker could exploit this to read arbitrary files. It was discovered that Puppet incorrectly handled filebucket store requests. A local attacker could exploit this to perform a denial of service via resource exhaustion. Various other issues were also addressed.
-
-
20:29
»
Packet Storm Security Recent Files
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Mac OS X release.
-
20:29
»
Packet Storm Security Tools
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Mac OS X release.
-
20:29
»
Packet Storm Security Misc. Files
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Mac OS X release.
-
-
18:14
»
Packet Storm Security Advisories
Apple Security Advisory 2012-04-03-1 - Java for OS X 2012-001 and Java for Mac OS X 10.6 Update 7 is now available. It addresses multiple vulnerabilities that exist in Java 1.6.0_29, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox.
-
18:14
»
Packet Storm Security Recent Files
Apple Security Advisory 2012-04-03-1 - Java for OS X 2012-001 and Java for Mac OS X 10.6 Update 7 is now available. It addresses multiple vulnerabilities that exist in Java 1.6.0_29, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox.
-
18:14
»
Packet Storm Security Misc. Files
Apple Security Advisory 2012-04-03-1 - Java for OS X 2012-001 and Java for Mac OS X 10.6 Update 7 is now available. It addresses multiple vulnerabilities that exist in Java 1.6.0_29, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox.
-
-
21:54
»
Packet Storm Security Advisories
Secunia Security Advisory - Apple has issued an update for Java for Mac OS X. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
-
-
16:44
»
Packet Storm Security Recent Files
Aanval is the industry's most comprehensive snort and syslog intrusion detection, correlation and management console. Aanval is designed specifically to scale from small single sensor installations to global enterprise deployments. Aanval is browser based and designed to work on all current variants of UNIX, Linux and Mac OS X.
-
16:44
»
Packet Storm Security Tools
Aanval is the industry's most comprehensive snort and syslog intrusion detection, correlation and management console. Aanval is designed specifically to scale from small single sensor installations to global enterprise deployments. Aanval is browser based and designed to work on all current variants of UNIX, Linux and Mac OS X.
-
16:44
»
Packet Storm Security Misc. Files
Aanval is the industry's most comprehensive snort and syslog intrusion detection, correlation and management console. Aanval is designed specifically to scale from small single sensor installations to global enterprise deployments. Aanval is browser based and designed to work on all current variants of UNIX, Linux and Mac OS X.
-
-
17:47
»
Packet Storm Security Recent Files
Ostinato is an open-source, cross-platform packet/traffic generator and analyzer with a friendly GUI. It aims to be "Wireshark in Reverse" and thus become complementary to Wireshark. This is the Mac OS X release.
-
17:47
»
Packet Storm Security Tools
Ostinato is an open-source, cross-platform packet/traffic generator and analyzer with a friendly GUI. It aims to be "Wireshark in Reverse" and thus become complementary to Wireshark. This is the Mac OS X release.
-
17:47
»
Packet Storm Security Misc. Files
Ostinato is an open-source, cross-platform packet/traffic generator and analyzer with a friendly GUI. It aims to be "Wireshark in Reverse" and thus become complementary to Wireshark. This is the Mac OS X release.
-
-
16:30
»
Packet Storm Security Recent Files
Vega is a GUI-based, multi-platform, free and open source web security scanner that can be used to find instances of SQL injection, cross-site scripting (XSS), and other vulnerabilities in your web applications. Vega also includes an intercepting proxy for interactive web application debugging. Vega attack modules are written in Javascript, users can easily modify them or write their own. This is the Mac OS X 64-bit version.
-
16:30
»
Packet Storm Security Tools
Vega is a GUI-based, multi-platform, free and open source web security scanner that can be used to find instances of SQL injection, cross-site scripting (XSS), and other vulnerabilities in your web applications. Vega also includes an intercepting proxy for interactive web application debugging. Vega attack modules are written in Javascript, users can easily modify them or write their own. This is the Mac OS X 64-bit version.
-
16:30
»
Packet Storm Security Misc. Files
Vega is a GUI-based, multi-platform, free and open source web security scanner that can be used to find instances of SQL injection, cross-site scripting (XSS), and other vulnerabilities in your web applications. Vega also includes an intercepting proxy for interactive web application debugging. Vega attack modules are written in Javascript, users can easily modify them or write their own. This is the Mac OS X 64-bit version.
-
16:25
»
Packet Storm Security Recent Files
Vega is a GUI-based, multi-platform, free and open source web security scanner that can be used to find instances of SQL injection, cross-site scripting (XSS), and other vulnerabilities in your web applications. Vega also includes an intercepting proxy for interactive web application debugging. Vega attack modules are written in Javascript, users can easily modify them or write their own. This is the Mac OS X 32-bit version.
-
16:25
»
Packet Storm Security Tools
Vega is a GUI-based, multi-platform, free and open source web security scanner that can be used to find instances of SQL injection, cross-site scripting (XSS), and other vulnerabilities in your web applications. Vega also includes an intercepting proxy for interactive web application debugging. Vega attack modules are written in Javascript, users can easily modify them or write their own. This is the Mac OS X 32-bit version.
-
16:25
»
Packet Storm Security Misc. Files
Vega is a GUI-based, multi-platform, free and open source web security scanner that can be used to find instances of SQL injection, cross-site scripting (XSS), and other vulnerabilities in your web applications. Vega also includes an intercepting proxy for interactive web application debugging. Vega attack modules are written in Javascript, users can easily modify them or write their own. This is the Mac OS X 32-bit version.
-
-
20:55
»
Packet Storm Security Advisories
Secunia Security Advisory - A weakness has been discovered in Apple Mac OS X, which can be exploited by malicious people to cause a DoS (Denial of Service).
-
-
12:35
»
Packet Storm Security Recent Files
Packet Storm Widget is a Mac OS X widget that allows users to see all latest news from packetstormsecurity.org. A user can choose between different kind of news to see: All of the Latest Content, Latest News, Latest Files, Latest 0 Days, Latest Vulnerabilities and Latest Exploits. This allows a user to always keep up to date on their favorite security topics. Please note that this was *not* created by Packet Storm Security and questions should be directed to the author. This should run on Leopard, Snow Leopard, Lion and Tiger.
-
12:35
»
Packet Storm Security Misc. Files
Packet Storm Widget is a Mac OS X widget that allows users to see all latest news from packetstormsecurity.org. A user can choose between different kind of news to see: All of the Latest Content, Latest News, Latest Files, Latest 0 Days, Latest Vulnerabilities and Latest Exploits. This allows a user to always keep up to date on their favorite security topics. Please note that this was *not* created by Packet Storm Security and questions should be directed to the author. This should run on Leopard, Snow Leopard, Lion and Tiger.
-
-
22:50
»
Packet Storm Security Advisories
Technical Cyber Security Alert 2011-286A - There are multiple vulnerabilities in Mac OS X 10.6.8, 10.7, and 10.7.1 and Mac OS X Server 10.6.8, 10.7, and 10.7.1. Apple has released updates to address these vulnerabilities.
-
22:50
»
Packet Storm Security Recent Files
Technical Cyber Security Alert 2011-286A - There are multiple vulnerabilities in Mac OS X 10.6.8, 10.7, and 10.7.1 and Mac OS X Server 10.6.8, 10.7, and 10.7.1. Apple has released updates to address these vulnerabilities.
-
22:50
»
Packet Storm Security Misc. Files
Technical Cyber Security Alert 2011-286A - There are multiple vulnerabilities in Mac OS X 10.6.8, 10.7, and 10.7.1 and Mac OS X Server 10.6.8, 10.7, and 10.7.1. Apple has released updates to address these vulnerabilities.
-
-
18:51
»
Packet Storm Security Advisories
A critical pointer vulnerability is located in the Mac OS X and Windows versions of Skype. The bug is located in 2 input forms of a unicode HTTP search request to the Skype search directory server. The vulnerability allows a local attacker to crash the complete Skype process via an unknown unhandled software exception. The bug allows a local attacker to overwrite or read a new address (skype_debug2_win7_x64x.png).
-
18:51
»
Packet Storm Security Recent Files
A critical pointer vulnerability is located in the Mac OS X and Windows versions of Skype. The bug is located in 2 input forms of a unicode HTTP search request to the Skype search directory server. The vulnerability allows a local attacker to crash the complete Skype process via an unknown unhandled software exception. The bug allows a local attacker to overwrite or read a new address (skype_debug2_win7_x64x.png).
-
18:51
»
Packet Storm Security Misc. Files
A critical pointer vulnerability is located in the Mac OS X and Windows versions of Skype. The bug is located in 2 input forms of a unicode HTTP search request to the Skype search directory server. The vulnerability allows a local attacker to crash the complete Skype process via an unknown unhandled software exception. The bug allows a local attacker to overwrite or read a new address (skype_debug2_win7_x64x.png).
-
-
23:28
»
Sophos product advisories
If you install SafeGuard Disk Encryption for Mac 5.50.1 on Mac OS X 10.7 (Lion), Mac OS X 10.7 will no longer start. Instead the computer boots up into the Mac OS X Recovery partition.
-
-
7:20
»
Packet Storm Security Advisories
A corrupt Canon Camera RAW file (.CR2) can cause a crash in the RawCamera library. This affects viewing files in both the Preview.app application or via Quick Look. Mac OS X 10.6.6 with RawCamera.bundle versions prior to 3.6 are affected.
-
7:20
»
Packet Storm Security Recent Files
A corrupt Canon Camera RAW file (.CR2) can cause a crash in the RawCamera library. This affects viewing files in both the Preview.app application or via Quick Look. Mac OS X 10.6.6 with RawCamera.bundle versions prior to 3.6 are affected.
-
7:20
»
Packet Storm Security Misc. Files
A corrupt Canon Camera RAW file (.CR2) can cause a crash in the RawCamera library. This affects viewing files in both the Preview.app application or via Quick Look. Mac OS X 10.6.6 with RawCamera.bundle versions prior to 3.6 are affected.
-
-
12:54
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mac OS X's CFF Decoder.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
2:00
»
Packet Storm Security Advisories
Secunia Security Advisory - Apple has issued an update for Java for Mac OS X. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
-
-
4:18
»
Packet Storm Security Advisories
Secunia Security Advisory - Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.
-
-
20:41
»
Packet Storm Security Exploits
Multiple vendors libc/fnmatch(3) suffer from a denial of service vulnerability. Affected software includes Apache 2.2.17, NetBSD 5.1, OpenBSD 4.8, FreeBSD, Mac OS X 10.6, and Sun Solaris 10. Apache proof of concept is included.
-
20:41
»
Packet Storm Security Recent Files
Multiple vendors libc/fnmatch(3) suffer from a denial of service vulnerability. Affected software includes Apache 2.2.17, NetBSD 5.1, OpenBSD 4.8, FreeBSD, Mac OS X 10.6, and Sun Solaris 10. Apache proof of concept is included.
-
20:41
»
Packet Storm Security Misc. Files
Multiple vendors libc/fnmatch(3) suffer from a denial of service vulnerability. Affected software includes Apache 2.2.17, NetBSD 5.1, OpenBSD 4.8, FreeBSD, Mac OS X 10.6, and Sun Solaris 10. Apache proof of concept is included.
-
18:45
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader on Mac OS X.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
14:29
»
Packet Storm Security Advisories
VSR identified a vulnerability in HFS+, a filesystem implemented in the OS X XNU kernel. HFS+ is the default filesystem in use on many installations of the Mac OS X operating system. By exploiting this vulnerability, an unprivileged user with local access to a machine using HFS+ may be able to read raw filesystem data, bypassing file permissions and resulting in information disclosure.
-
14:29
»
Packet Storm Security Recent Files
VSR identified a vulnerability in HFS+, a filesystem implemented in the OS X XNU kernel. HFS+ is the default filesystem in use on many installations of the Mac OS X operating system. By exploiting this vulnerability, an unprivileged user with local access to a machine using HFS+ may be able to read raw filesystem data, bypassing file permissions and resulting in information disclosure.
-
14:29
»
Packet Storm Security Misc. Files
VSR identified a vulnerability in HFS+, a filesystem implemented in the OS X XNU kernel. HFS+ is the default filesystem in use on many installations of the Mac OS X operating system. By exploiting this vulnerability, an unprivileged user with local access to a machine using HFS+ may be able to read raw filesystem data, bypassing file permissions and resulting in information disclosure.
-
13:32
»
Packet Storm Security Advisories
iDefense Security Advisory 03.21.11 -Remote exploitation of a memory corruption vulnerability in Apple Inc.'s OfficeImport framework could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing an Excel file with a certain maliciously constructed record. This record is used to describe a formula that is shared between multiple cells. In this record, the 'formula' field is used to specify the formula used. By corrupting certain opcodes within this formula it is possible to trigger a memory corruption vulnerability. This can lead to the execution of arbitrary code. Apple has reported Mac OS X and OS X Server 10.6 through 10.6.6 vulnerable.
-
13:32
»
Packet Storm Security Recent Files
iDefense Security Advisory 03.21.11 -Remote exploitation of a memory corruption vulnerability in Apple Inc.'s OfficeImport framework could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing an Excel file with a certain maliciously constructed record. This record is used to describe a formula that is shared between multiple cells. In this record, the 'formula' field is used to specify the formula used. By corrupting certain opcodes within this formula it is possible to trigger a memory corruption vulnerability. This can lead to the execution of arbitrary code. Apple has reported Mac OS X and OS X Server 10.6 through 10.6.6 vulnerable.
-
13:32
»
Packet Storm Security Misc. Files
iDefense Security Advisory 03.21.11 -Remote exploitation of a memory corruption vulnerability in Apple Inc.'s OfficeImport framework could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing an Excel file with a certain maliciously constructed record. This record is used to describe a formula that is shared between multiple cells. In this record, the 'formula' field is used to specify the formula used. By corrupting certain opcodes within this formula it is possible to trigger a memory corruption vulnerability. This can lead to the execution of arbitrary code. Apple has reported Mac OS X and OS X Server 10.6 through 10.6.6 vulnerable.
-
13:31
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-108 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mac OS X's CFF Decoder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the Type1Scaler library processes a specially formatted compact font file. When processing this file, the application will corrupt memory outside the bounds of an allocated buffer. This can lead to code execution under the context of the application that utilizes the library.
-
13:31
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-108 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mac OS X's CFF Decoder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the Type1Scaler library processes a specially formatted compact font file. When processing this file, the application will corrupt memory outside the bounds of an allocated buffer. This can lead to code execution under the context of the application that utilizes the library.
-
13:31
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-108 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mac OS X's CFF Decoder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the Type1Scaler library processes a specially formatted compact font file. When processing this file, the application will corrupt memory outside the bounds of an allocated buffer. This can lead to code execution under the context of the application that utilizes the library.
-
-
14:42
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-074 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader on Mac OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the U3D component distributed with the Reader. The application uses the Parent Node count to calculate the size of an allocation. This value is not properly validated and the result of this size calculation can be wrapped to an unexpectedly small and insufficient value. Writes to this newly allocated buffer can be outside the bounds of its allocation. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the application.
-
14:42
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-074 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader on Mac OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the U3D component distributed with the Reader. The application uses the Parent Node count to calculate the size of an allocation. This value is not properly validated and the result of this size calculation can be wrapped to an unexpectedly small and insufficient value. Writes to this newly allocated buffer can be outside the bounds of its allocation. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the application.
-
14:42
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-074 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader on Mac OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the U3D component distributed with the Reader. The application uses the Parent Node count to calculate the size of an allocation. This value is not properly validated and the result of this size calculation can be wrapped to an unexpectedly small and insufficient value. Writes to this newly allocated buffer can be outside the bounds of its allocation. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the application.
-
-
7:59
»
Packet Storm Security Recent Files
Kismet is an 802.11 layer 2 wireless network sniffer. It can sniff 802.11b, 802.11a, and 802.11g traffic. It is capable of sniffing using almost any wireless card supported in Linux, which currently divide into cards handled by libpcap and the Linux-Wireless extensions (such as Cisco Aironet), and cards supported by the Wlan-NG project which use the Prism/2 chipset (such as Linksys, Dlink, and Zoom). Besides Linux, Kismet also supports FreeBSD, OpenBSD and Mac OS X systems. Features Multiple packet capture sources, Runtime network sorting by AP MAC address (bssid), IP block detection via ARP and DHCP packet dissection, Cisco product detection via CDP, Ethereal and tcpdump compatible file logging, Airsnort-compatible "interesting" (cryptographically weak) logging, Secure SUID behavior, GPS devices and wireless devices fingerprinting. Kismet also includes a tool called gpsmap that can be used to create maps from logged GPS data.
-
7:59
»
Packet Storm Security Tools
Kismet is an 802.11 layer 2 wireless network sniffer. It can sniff 802.11b, 802.11a, and 802.11g traffic. It is capable of sniffing using almost any wireless card supported in Linux, which currently divide into cards handled by libpcap and the Linux-Wireless extensions (such as Cisco Aironet), and cards supported by the Wlan-NG project which use the Prism/2 chipset (such as Linksys, Dlink, and Zoom). Besides Linux, Kismet also supports FreeBSD, OpenBSD and Mac OS X systems. Features Multiple packet capture sources, Runtime network sorting by AP MAC address (bssid), IP block detection via ARP and DHCP packet dissection, Cisco product detection via CDP, Ethereal and tcpdump compatible file logging, Airsnort-compatible "interesting" (cryptographically weak) logging, Secure SUID behavior, GPS devices and wireless devices fingerprinting. Kismet also includes a tool called gpsmap that can be used to create maps from logged GPS data.
-
7:59
»
Packet Storm Security Misc. Files
Kismet is an 802.11 layer 2 wireless network sniffer. It can sniff 802.11b, 802.11a, and 802.11g traffic. It is capable of sniffing using almost any wireless card supported in Linux, which currently divide into cards handled by libpcap and the Linux-Wireless extensions (such as Cisco Aironet), and cards supported by the Wlan-NG project which use the Prism/2 chipset (such as Linksys, Dlink, and Zoom). Besides Linux, Kismet also supports FreeBSD, OpenBSD and Mac OS X systems. Features Multiple packet capture sources, Runtime network sorting by AP MAC address (bssid), IP block detection via ARP and DHCP packet dissection, Cisco product detection via CDP, Ethereal and tcpdump compatible file logging, Airsnort-compatible "interesting" (cryptographically weak) logging, Secure SUID behavior, GPS devices and wireless devices fingerprinting. Kismet also includes a tool called gpsmap that can be used to create maps from logged GPS data.
-
-
19:59
»
Packet Storm Security Recent Files
ZORG is an open source implementation of the ZRTP protocol implementation. ZRTP provides end-to-end key exchange with Elliptic Curve Diffie-Hellmann 384bit and AES-256 SRTP encryption. This particular archive is Zorg C++, which has been integrated with PJSIP open source VoIP SDK and it's provided as an integration patch against PJSIP 1.8.5. It has been tested on iPhone, Symbian, Windows, Linux and Mac OS X.
-
19:59
»
Packet Storm Security Misc. Files
ZORG is an open source implementation of the ZRTP protocol implementation. ZRTP provides end-to-end key exchange with Elliptic Curve Diffie-Hellmann 384bit and AES-256 SRTP encryption. This particular archive is Zorg C++, which has been integrated with PJSIP open source VoIP SDK and it's provided as an integration patch against PJSIP 1.8.5. It has been tested on iPhone, Symbian, Windows, Linux and Mac OS X.
-
-
4:03
»
Packet Storm Security Advisories
Secunia Security Advisory - A vulnerability has been reported in Mac OS X, which can be exploited by malicious people to potentially compromise a vulnerable system.
-
-
5:11
»
Packet Storm Security Recent Files
Honggfuzz is a general-purpose, easy-to-use fuzzer with interesting analysis options. Given a starting corpus of test files, Honggfuzz supplies and modifies input to a test program and utilizes the ptrace() API/POSIX signal interface to detect and log crashes. It works on Linux, FreeBSD and Mac OS X.
-
5:11
»
Packet Storm Security Misc. Files
Honggfuzz is a general-purpose, easy-to-use fuzzer with interesting analysis options. Given a starting corpus of test files, Honggfuzz supplies and modifies input to a test program and utilizes the ptrace() API/POSIX signal interface to detect and log crashes. It works on Linux, FreeBSD and Mac OS X.
-
-
11:22
»
Packet Storm Security Tools
Ostinato is an open-source, cross-platform packet/traffic generator and analyzer with a friendly GUI. It aims to be "Wireshark in Reverse" and thus become complementary to Wireshark. This is the Mac OS X release.
-
-
14:22
»
Packet Storm Security Recent Files
Aanval is the industry's most comprehensive snort and syslog intrusion detection, correlation and management console. Aanval is designed specifically to scale from small single sensor installations to global enterprise deployments. Aanval is browser based and designed to work on all current variants of UNIX, Linux and Mac OS X.
-
14:22
»
Packet Storm Security Tools
Aanval is the industry's most comprehensive snort and syslog intrusion detection, correlation and management console. Aanval is designed specifically to scale from small single sensor installations to global enterprise deployments. Aanval is browser based and designed to work on all current variants of UNIX, Linux and Mac OS X.
-
14:22
»
Packet Storm Security Misc. Files
Aanval is the industry's most comprehensive snort and syslog intrusion detection, correlation and management console. Aanval is designed specifically to scale from small single sensor installations to global enterprise deployments. Aanval is browser based and designed to work on all current variants of UNIX, Linux and Mac OS X.
-
-
13:50
»
Packet Storm Security Recent Files
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Mac OS X, Windows and Cross Platform releases are all included in this file.
-
13:50
»
Packet Storm Security Misc. Files
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Mac OS X, Windows and Cross Platform releases are all included in this file.
-
-
4:19
»
Packet Storm Security Advisories
Secunia Security Advisory - A security issue has been reported in Mac OS X Server, which can be exploited by malicious users to gain knowledge of sensitive information.
-
-
19:02
»
Packet Storm Security Recent Files
Core Security Technologies Advisory - The Apple Type Services is prone to memory corruption due a sign mismatch vulnerability when handling the last offset value of the CharStrings INDEX structure. This vulnerability could be used by a remote attacker to execute arbitrary code, by enticing the user of Mac OS X v10.5.x to view or download a PDF document containing a embedded malicious CFF font.
-
19:01
»
Packet Storm Security Advisories
Core Security Technologies Advisory - The Apple Type Services is prone to memory corruption due a sign mismatch vulnerability when handling the last offset value of the CharStrings INDEX structure. This vulnerability could be used by a remote attacker to execute arbitrary code, by enticing the user of Mac OS X v10.5.x to view or download a PDF document containing a embedded malicious CFF font.
-
-
17:15
»
Packet Storm Security Tools
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Mac OS X, Windows and Cross Platform releases are all included in this file.
-
17:14
»
Packet Storm Security Recent Files
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Mac OS X, Windows and Cross Platform releases are all included in this file.
-
-
14:00
»
Packet Storm Security Advisories
The parental controls built into the Mac OS X Mail client can be easily bypassed by anyone who knows the email address of the child and his/her parent.
-
-
16:31
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Mac OS X.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
0:01
»
Packet Storm Security Tools
Aanval is the industry's most comprehensive snort and syslog intrusion detection, correlation and management console. Aanval is designed specifically to scale from small single sensor installations to global enterprise deployments. Aanval is browser based and designed to work on all current variants of UNIX, Linux and Mac OS X.
-
0:01
»
Packet Storm Security Recent Files
Aanval is the industry's most comprehensive snort and syslog intrusion detection, correlation and management console. Aanval is designed specifically to scale from small single sensor installations to global enterprise deployments. Aanval is browser based and designed to work on all current variants of UNIX, Linux and Mac OS X.
-
-
20:34
»
Packet Storm Security Recent Files
The Mac OS X WebDAV kernel extension is vulnerable to a denial of service issue that allows a local unprivileged user to trigger a kernel panic due to a memory overallocation.
-
20:33
»
Packet Storm Security Advisories
The Mac OS X WebDAV kernel extension is vulnerable to a denial of service issue that allows a local unprivileged user to trigger a kernel panic due to a memory overallocation.
-
-
22:51
»
Packet Storm Security Tools
Kismet is an 802.11 layer 2 wireless network sniffer. It can sniff 802.11b, 802.11a, and 802.11g traffic. It is capable of sniffing using almost any wireless card supported in Linux, which currently divide into cards handled by libpcap and the Linux-Wireless extensions (such as Cisco Aironet), and cards supported by the Wlan-NG project which use the Prism/2 chipset (such as Linksys, Dlink, and Zoom). Besides Linux, Kismet also supports FreeBSD, OpenBSD and Mac OS X systems. Features Multiple packet capture sources, Runtime network sorting by AP MAC address (bssid), IP block detection via ARP and DHCP packet dissection, Cisco product detection via CDP, Ethereal and tcpdump compatible file logging, Airsnort-compatible interesting (cryptographically weak) logging, Secure SUID behavior, GPS devices and wireless devices fingerprinting. Kismet also includes a tool called gpsmap that can be used to create maps from logged GPS data.
-
-
0:31
»
SecuriTeam
A vulnerability was discovered in Apple Safari for Windows, Mac OS X and iPhone.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
21:02
»
SecDocs
Authors:
Matthieu Suiche Tags:
forensic Mac OS X Event:
Black Hat DC 2010 Abstract: In 2008 and 2009, companies and governments interests for Microsoft Windows physical memory growled significantly. Now it is time to talk about Mac OS X. This talk will describe basis of Mac OS X Kernel Internals (and not a XNU kernel creation timeline) and how to retrieve various information like machine information, mounted file systems, processes listing and extraction and threads, kernel extensions listing and extraction and Rootkit detection.
-
21:02
»
SecDocs
Authors:
Matthieu Suiche Tags:
forensic Mac OS X Event:
Black Hat DC 2010 Abstract: In 2008 and 2009, companies and governments interests for Microsoft Windows physical memory growled significantly. Now it is time to talk about Mac OS X. This talk will describe basis of Mac OS X Kernel Internals (and not a XNU kernel creation timeline) and how to retrieve various information like machine information, mounted file systems, processes listing and extraction and threads, kernel extensions listing and extraction and Rootkit detection.
-
-
10:42
»
Hack a Day
A new beta build of VirtualBox, Sun’s Oracle’s free x86 virtualization software, makes it possible to run Mac OS X as a guest operating system…no shenanigans or flaming hoops to jump through, just pop in the $30 retail Snow Leopard upgrade disc and go. This had previously only been possible with some awkward Hackintosh-style maneuvering, or [...]
-
-
14:13
»
Carnal0wnage
I wanted to be able to view/sniff some traffic from my android phone. Mostly to see how "closed" the gowalla checkin api was (not very).
The first couple suggestions were to connect the phone to wifi and checkin. To do this from the comfort of my own home meant checking in from home and I didn't really want to do that.
Installing the android emulator is pretty straightforward, the only problem is that it doesnt come with the android market or the ability to easily(?) download apps to mess with.
After some googling I found this post:
http://tech-droid.blogspot.com/2009/11/android-market-on-emulator.htmlThis enabled me to get a working android emulator with android market place.
Go
here and download the sdk for whatever system you are using, I'm on ubuntu...
You'll need to download some platforms as the sdk doesnt come with much of anyting by default.
To launch the Android SDK and AVD Manager on Windows, execute
SDK Setup.exe, at the root of the SDK directory. On Mac OS X or Linux, execute the
android tool in the
/tools/ folder. This will start the GUI (least on linux --I dont care about windows)
Go to available packages and download sdk package for Android 1.5 or 1.6. I used 1.5
over in installed packages you should see the sdk when its all done.
Go
here and download the system image for 1.5 or 1.6
Create an AVD (1.5 or 1.6). populate it how you want, I gave it one of everything on the hardware.
After you create the avd, you should have an avd folder in your .android folder. Something like .android/avd/[avdname]
Copy the system.img file you downloaded from HTC in there.
start that puppy up
If you went the 1.5 route you are probably getting a slide keyboard to open thing. Hit CTRL+F11 to change the orientation of the phone to "slide it open"
You now have a pretty much fully functional android to muck around with and now any communications with any apps should be sniffable in wireshark.
What about the GPS? The debugger gives you the ability to set the GPS manually so you can be anywhere you want to be :-)
additional reading:
https://www.isecpartners.com/files/iSEC_Android_Exploratory_Blackhat_2009.pdf-CG
-
-
23:00
»
Packet Storm Security Tools
Aanval is the industry's most comprehensive snort and syslog intrusion detection, correlation and management console. Aanval is designed specifically to scale from small single sensor installations to global enterprise deployments. Aanval is browser based and designed to work on all current variants of UNIX, Linux and Mac OS X.
-
23:00
»
Packet Storm Security Recent Files
Aanval is the industry's most comprehensive snort and syslog intrusion detection, correlation and management console. Aanval is designed specifically to scale from small single sensor installations to global enterprise deployments. Aanval is browser based and designed to work on all current variants of UNIX, Linux and Mac OS X.
0day.today (was: 1337day, Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Penetration Testing
BackTrack Linux Forums
Threatpost
carnal0wnage.attackresearch.com
Darknet
The Exploitant
Wirevolution
