APPLE-SA-2015-06-30-4 Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7
APPLE-SA-2015-06-30-3 Mac EFI Security Update 2015-001
APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005
APPLE-SA-2015-06-30-1 iOS 8.4
News, Infocus, Columns, Vulnerabilities, Bugtraq ...
Version:next-20150701 (linux-next) Released:2015-07-01
Posted by Apple Product Security on Jun 30APPLE-SA-2015-06-30-3 Mac EFI Security Update 2015-001
Mac EFI Security Update 2015-001 is now available and addresses the
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A malicious application with root privileges may be able to
modify EFI flash memory
Description: An insufficient locking issue existed with EFI flash
when resuming from sleep states. This issue was addressed through
Posted by Apple Product Security on Jun 30APPLE-SA-2015-06-30-4 Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7
Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7 are now available and
address the following:
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
and OS X Yosemite v10.10.3
Impact: A maliciously crafted website can access the WebSQL
databases of other websites
Description: An issue existed in the authorization checks for
renaming WebSQL tables. This could...
Posted by Apple Product Security on Jun 30APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update
OS X Yosemite v10.10.4 and Security Update 2015-005 are now available
and address the following:
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.3
Impact: A process may gain admin privileges without proper
Description: An issue existed when checking XPC entitlements. This
issue was addressed through improved...
Google Chrome Address Spoofing (Request For Comment)
CVE-2015-4674 - TimeDoctor autoupdate over plain-HTTP
[SECURITY] [DSA 3297-1] unattended-upgrades security update
[SECURITY] [DSA 3296-1] libcrypto++ security update
Posted by Apple Product Security on Jun 30APPLE-SA-2015-06-30-1 iOS 8.4
iOS 8.4 is now available and addresses the following:
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious universal provisioning profile app may prevent
apps from launching
Description: An issue existed in the install logic for universal
provisioning profile apps, which allowed a collision to occur with
existing bundle IDs. This issue...
novius-os.5.0.1 Persistent XSS, LFI & Open Redirect Vulnerabilities
Posted by David Leo on Jun 30Impact:
The "click to verify" thing is completely broken...
Anyone can be "BBB Accredited Business" etc.
You can make whitehouse.gov display "We love Islamic State" :-)
No user interaction on the fake page.
Posted by Fernando Muñoz on Jun 30TimeDoctor claims to be a software that helps to improve the
productivity of teams, reduce time spent on distractions 
TimeDoctor autoupdate feature downloads and executes files over plain
HTTP and doesn't perform any check with the files. An attacker with
MITM capabilities (i.e., when user connects to a public wifi) could
override the Timedoctor subdomain and then execute custom binaries on
the machine where the...
CollabNet Subversion Edge indes local file inclusion
Version:next-20150630 (linux-next) Released:2015-06-30