Apple Security Advisory 2021-04-26-10 - Xcode 12.5 addresses an arbitrary code execution vulnerability.
39bca81a5aa62d2d72980d7d122769fc684d6c93ebeed0118673d5f8efea0142
Apple Security Advisory 2011-11-10-2 - Time Capsule and AirPort Base Station (802.11n) Firmware 7.6 is now available and addresses a security vulnerability. dhclient allowed remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message. This issue is addressed by stripping shell meta-characters in dhclient-script.
6e8e307de2ea87a65b2fbe4858a5cdefa741c0cb65ec28c910798ebd7cbf3bd9
Apple Security Advisory 2011-11-10-1 - The new iOS 5.0.1 software update addresses multiple vulnerabilities. An issue existed in CFNetwork's handling of maliciously crafted URLs. When accessing a maliciously crafted HTTP or HTTPS URL, CFNetwork could navigate to an incorrect server. Multiple memory corruption issues existed in FreeType, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. Various other issues were also addressed.
c5ad70f72b84c35966e527860253ce728ad2709579ac1a8c20b59fc7ddb03f11
Apple Security Advisory 2011-11-08-1 - Multiple vulnerabilities exist in Java 1.6.0_26, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_29.
7891543823b833ae64a36fc0bb4cf85c02278847d9d14c98f62da407a82c2326
Apple Security Advisory 2011-10-26-1 - QuickTime 7.7.1 is now available and addresses memory disclosure, arbitrary code execution, script injection, and various other vulnerabilities.
151e9a6bdb019b931ecf77d87bbf59eb16ed9d92b2e975ee1c0e5a7b931ccf76
Apple Security Advisory 2011-10-12-6 - Numbers for iOS version 1.5 is now available and addresses multiple arbitrary code execution vulnerabilities.
20c88767fd92fafa245efd1b1fcfe2636e7206dff1dc34b8383101e56e63013a
Apple Security Advisory 2011-10-12-5 - Pages for iOS version 1.5 is now available and addresses an arbitrary code execution vulnerability.
266ef02de7f6041b775e847d47f1381e09f83e7fc41a3cf6e1d001241a8a0efb
Apple Security Advisory 2011-10-12-4 - Safari version 5.1.1 is now available and addresses a directory traversal issue, a policy issue, various arbitrary code execution issues, and 40+ other vulnerabilities.
67fb47bed169689d2b56f0956e295eec800ece4bedcb461b75b4e8685088f651
Apple Security Advisory 2011-10-12-3 - OS X Lion has a security update available that addresses findings in Apache, a format string vulnerability in the Application Firewall, an arbitrary code execution vulnerability when viewing a malicious font via ATS, and 60+ other issues.
4d539896720bca2e48b218929a6c10484c83d72ac4b634adbd7f33f680f59ede
Apple Security Advisory 2011-10-12-2 - An Apple TV software update is now available and addresses credential interception, spoofing, information disclosure, and various other vulnerabilities.
af6991e6da4da4c4159318f8e75e42e744f9f6316d984aa5a8dddf7761727af1
Apple Security Advisory 2011-10-12-1 - An iOS 5 software update is now available. It addresses an SSL check in CalDAV, a script injection issue in Calendar, issues in CFNetwork, and 90+ other security issues.
a8ca21bf61323da2e049fe8c2ba65cc9cae5928af38fbf284248eee54695f428
Apple Security Advisory 2011-10-11-1 - iTunes 10.5 has been released and addresses CoreFoundation, ColorSync, CoreAudio, CoreMedia, ImageIO, WebKit, and various other vulnerabilities.
d0a286d451ab2c0a3000ad357ce8ad5ae2a9909ab9c359f0f3163cd19b82dcb8
Apple Security Advisory 2011-09-09-1 - Fraudulent certificates were issued by multiple certificate authorities operated by DigiNotar. This issue is addressed by removing DigiNotar from the list of trusted root certificates, from the list of Extended Validation (EV) certificate authorities, and by configuring default system trust settings so that DigiNotar's certificates, including those issued by other authorities, are not trusted.
4b23e06a150fdfebfa9872b6529d7802ca8c1ad2a3e14612808b8924eae7cc5a
Apple Security Advisory 2011-08-03-1 - QuickTime version 7.7 has been made available to address multiple code execution, cross-origin, integer overflow, memory corruption, and other vulnerabilities.
08c8a33c814803db93ff4136d87bacc64dfe68c5d11475ce6a6bccf0835835c9
Apple Security Advisory 2011-07-25-1 - A certificate chain validation issue existed in the handling of X.509 certificates. An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS. Other attacks involving X.509 certificate validation may also be possible. This issue is addressed through improved validation of X.509 certificate chains. The iOS 4.3.5 software update addresses this issue.
f271d72e253f45b8bffad97ab4c2940113b5aed5d35f40980c0aa9611dd0e416
Apple Security Advisory 2011-07-25-2 - The iOS 4.2.10 software update addresses a certificate chain validation issue. The issue existed in the handling of X.509 certificates where an attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS. Other attacks involving X.509 certificate validation may also be possible. This issue is addressed through improved validation of X.509 certificate chains.
a9341b8d975d38e6fee68438897e57464648354bf839acda89e25f93a633a05b
Apple Security Advisory 2011-07-20-2 - An iWork 9.1 update addresses multiple security issues. A buffer overflow existed in the handling of Excel files. Opening a maliciously crafted Excel file in Numbers may lead to an unexpected application termination or arbitrary code execution. A memory corruption issue existed in the handling of Excel files. Opening a maliciously crafted Excel file in Numbers may lead to an unexpected application termination or arbitrary code execution. A memory corruption issue existed in the handling of Microsoft Word documents. Opening a maliciously crafted Microsoft Word document in Pages may lead to an unexpected application termination or arbitrary code execution.
a73deccbc64afb80a87bd72b01aefd8124e910e61fa03497792581196667db65
Apple Security Advisory 2011-07-20-1 - A large amount of security issues have been addressed in Safari versions 5.1 and 5.0.6. These range from cross site scripting, possible arbitrary code execution, accidental trust in a disable root certificate, buffer and integer overflows, and more.
18e59c77cc0413cb743f20824342290a19494abc0b06081605af3c271b193543
Apple Security Advisory 2011-07-15-2 - A buffer overflow exists in FreeType's handling of TrueType font files. Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. A signedness issue exists in FreeType's handling of Type 1 fonts. Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. An invalid type conversion issue exists in the use of IOMobileFrameBuffer queueing primitives, which may allow malicious code running as the user to gain system privileges.
edfe889bbf74860d0bd555d71b0a140df267165c93e7e961078574b86529708e
Apple Security Advisory 2011-07-15-1 - A buffer overflow exists in FreeType's handling of TrueType fonts. Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. An invalid type conversion issue exists in the use of IOMobileFrameBuffer queueing primitives, which may allow malicious code running as the user to gain system privileges.
fb3abe5ba5b621345286bb52a22fda5559249d340aebb02783a5f461bb3105c4
Apple Security Advisory 2011-06-28-2 - Multiple vulnerabilities exist in Java 1.6.0_24, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user.
ac17f9a66569c15aa5a3005b935ebd8f244216344adfa4e88ff8858841e3d68b
Apple Security Advisory 2011-06-28-1 - Multiple vulnerabilities exist in Java 1.6.0_24, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_26.
0cbd37e1f00e4df6e9895014ed523a4c02dbce839c04d6b2f4228337951bdb22
Apple Security Advisory 2010-12-16-1 - Multiple vulnerabilities have been addressed in Time Capsule and the Airport Base Station.
19e1b60ec22923c32fb00988fef5c6e725dba382d2956765668f49e98ef707a3
Apple Security Advisory - Apple has released a security update which addresses over a dozen vulnerabilities.
e7bb6ec0504327630e33ae50f3e506dd37e28fb70583d43167e478159852984a
Apple Security Advisory - Due to the way iTunes 5 for Windows launches its helper application, multiple system paths are searched to determine which program to run. This may allow a malicious user on the local system to create an environment where an alternate program will be executed by iTunes.
1ed058151d4f2e99d893d269007cc9a8a01e6bb7a95d98624cc109014b637794
Apple security advisory APPLE-SA-2002-09-19 - Apple QuickTime ActiveX v5.0.2 has a buffer overrun conditions that can result in execution of arbitrary code. To exploit this vulnerability an attacker would need to get his or her target to open a malicious HTML file as an attachment to an email message, as a file on the local or network file system, or as a file via HTTP.
5907e5ca8b939567f596c5abdbc0ead1070c8160b0c2423fbea33fdb62a333be