More Goodies in the Apple Security Update Basket!, (Wed, Sep 18th)

APPLE-SA-2013-09-18-3
An OSX update that fixes a situation where the hostname in a certificate is not checked against the actual hostname.  This vulnerability means that anyone with a valid certificate can impersonate any host – lots of attack applications in this, when combined with MITM or DNS hijack attacks

APPLE-SA-2013-09-18-2
An absolute TON of updates for IOS, which should be no surprise in a new version.  The highlights include updates to the Root Certificates, fixes for code exploit issues from malicious PDF and Movie files, and a bypass for the password retry limit, allowing a malicious app to brute force the device unlock code.
Also some fun fixes for several cross site scripting issues within Webkit (which is the provider for browser functions in IOS)

Attack vectors for these include buffer overflows, misses on bounds checking and some fun kernel mode attacks!

As always, watch for the full details on Apple's Security Update Page, found here ==> http://support.apple.com/kb/HT1222

===============
Rob VandenBrink
Metafore

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Reposted from SANS. View original.

CyberSafe-WP-Admin