Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Apple update summary - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Apple update summary

Those folks over at Apple Inc have been churning out the patches recently, so to keep them all together, here is a little summary:

Apple ID : APPLE-SA-2011-11-14-1 iTunes 10.5.1 

Impact:  A man-in-the-middle attacker may offer software that appears to originate from Apple

CVE : CVE-2008-3434


Apple ID: APPLE-SA-2011-11-10-2 Time Capsule and AirPort Base Station (802.11n) Firmware 7.6

Impact:  An attacker in a privileged network position may be able to cause arbitrary command execution via malicious DHCP responses

CVE: CVE-2011-0997


Apple ID: APPLE-SA-2011-11-10-1 iOS 5.0.1 Software Update

Impact:  Visiting a maliciously crafted website may lead to the disclosure of sensitive information

CVE: CVE-2011-3246

Impact:  Viewing a document containing a maliciously crafted font may lead to arbitrary code execution

CVE : CVE-2011-3439

Impact:  An attacker with a privileged network position may intercept user credentials or other sensitive information

CVE : Non-provided

Impact:  An application may execute unsigned code

CVE: CVE-2011-3442

Impact:  Visiting a maliciously crafted website may lead to the
disclosure of sensitive information

CVE: CVE-2011-3441

Impact:  A person with physical access to a locked iPad 2 may be able to access some of the user's data

CVE: CVE-2011-3440

None of these would appear to address the Core Security announced Sandbox vulnerability (CVE-2011-1516) referenced here.

Also note Swa's earlier diary on recent updates to the Java distribution.


ISC Handler





89 Posts
Nov 14th 2011
One more to add for the day...
> iTunes v10.5.1 released
Nov 14 2011

Sign Up for Free or Log In to start participating in the conversation!