Apple Security Advisory 2014-05-15-2 - iTunes 11.2 is now available and addresses a credential interception issue. Set-Cookie HTTP headers would be processed even if the connection closed before the header line was complete. An attacker could strip security settings from the cookie by forcing the connection to close before the security settings were sent, and then obtain the value of the unprotected cookie. This issue was addressed by ignoring incomplete HTTP header lines.
61a6ffe4d28038e15d2ed5fb6190c43e5f79c5aed85e8922f69a2ec5931e12cb
Apple Security Advisory 2014-04-22-3 - Apple TV 6.1.1 is now available and addresses vulnerabilities related to credential compromise, ASLR bypass, code execution, and more.
d81613426a53f674f7139c2f7f48ccd2a036e3b91520029902421cb35746ef3e
Apple Security Advisory 2014-04-22-2 - iOS 7.1.1 is now available and addresses vulnerabilities in IOKit Kernel, CFNetwork HTTPProtocol, Secure Transport, and WebKit.
f28da37ecb5c5cd5e4f54bd76a029ed17595e3d1258104a49dc05c23ee23660b
Apple Security Advisory 2014-04-22-1 - Security Update 2014-002 is now available and addresses vulnerabilities in CFNetwork HTTPProtocol, CoreServicesUIAgent, FontParser, Heimdal Kerberos, ImageIO, Intel Graphics Driver, IOKit Kernel, the kernel, power management, Ruby, and more.
9bfdfa84c349e009ae9cfd6999bec5ea1e79b30268900ea21bdf77c411c8ff36