Re: Apple pentesting
From: sam f. stover (sstover_at_atrc.sytexinc.com)
Date: 04/05/05
- Previous message: Daniel: "Re: Apple pentesting"
- In reply to: Todd Towles: "RE: Apple pentesting"
- Next in thread: Thomas Stromberg: "Re: Apple pentesting"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 5 Apr 2005 14:44:09 -0400 To: "'Pen-Test'" <pen-test@securityfocus.com>
On Apr 5, 2005, at 1:47 PM, Todd Towles wrote:
> Nessus does work against Macs, the problem with testing Macs is they
> never released vulnerability statements..never. If a hole is found,
> Apple releases a patch and no ones says anything. If Microsoft did
> this..everyone would go crazy.
Hrm - I'm a Mac owner, and subscribe to
security-announce@lists.apple.com. Here is a link to their Apple
Product Security web site for a specific notification that I received:
http://docs.info.apple.com/article.html?artnum=61798
Clicking on one of the Security Update links given, will take you to
here:
http://docs.info.apple.com/article.html?artnum=301061
Which goes into detail (i.e. CVE, Impact, Credit, etc.) for each issue
addressed in this particular update. All of this information is in the
mailing, which I've included also:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2005-03-24 Java Web Start
Sun has published "Security Vulnerability With Java Web Start" which
is fixed for Mac OS X in Security Update 2005-002.
Systems that have already installed Security Update 2005-002 do not
need to re-install it.
Available for: Java 1.4.2
CVE-ID: CAN-2005-0418
Impact: Updates Java to address an issue in Java Web Start that
allows an untrusted application to elevate its privileges
Description: A vulnerability in Java Web Start allows an untrusted
application to elevate its privileges. For example an application may
grant itself permissions to read and write local files or execute
local applications that are accessible to the user running the Java
Web Start application. Releases prior to Java 1.4.2 are not affected
by this vulnerability. Further information is available in Document
ID 57740 from Sun's security web site at http://sunsolve.sun.com/
Security Update 2005-002 may be obtained from the Software Update
pane in System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
The download file is named: "SecUpd2005-002Pan.dmg"
Its SHA-1 digest is: a97552dcd6ad73c573154e2a310f09595db4fb4c
Information will also be posted to the Apple Product Security
web site:
http://docs.info.apple.com/article.html?artnum=61798
This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/security_pgp.html
-----BEGIN PGP SIGNATURE-----
-- S.f. Stover sstover@atrc.sytexinc.com Mind the gap. -- English proverb
- Previous message: Daniel: "Re: Apple pentesting"
- In reply to: Todd Towles: "RE: Apple pentesting"
- Next in thread: Thomas Stromberg: "Re: Apple pentesting"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
