Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Apple pentesting

from [sam f. stover] Network Security [Permanent Link]
Subject: Re: Apple pentesting
Date: Tue, 5 Apr 2005 14:44:09 -0400 

On Apr 5, 2005, at 1:47 PM, Todd Towles wrote:

Nessus does work against Macs, the problem with testing Macs is they
never released vulnerability statements..never. If a hole is found,
Apple releases a patch and no ones says anything. If Microsoft did
this..everyone would go crazy.

Hrm - I'm a Mac owner, and subscribe to security-announce@lists.apple.com. Here is a link to their Apple Product Security web site for a specific notification that I received:

http://docs.info.apple.com/article.html?artnum=61798

Clicking on one of the Security Update links given, will take you to here:

http://docs.info.apple.com/article.html?artnum=301061

Which goes into detail (i.e. CVE, Impact, Credit, etc.) for each issue addressed in this particular update. All of this information is in the mailing, which I've included also:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2005-03-24 Java Web Start

Sun has published "Security Vulnerability With Java Web Start" which
is fixed for Mac OS X in Security Update 2005-002.

Systems that have already installed Security Update 2005-002 do not
need to re-install it.

Available for:  Java 1.4.2
CVE-ID:  CAN-2005-0418
Impact:  Updates Java to address an issue in Java Web Start that
allows an untrusted application to elevate its privileges
Description:  A vulnerability in Java Web Start allows an untrusted
application to elevate its privileges. For example an application may
grant itself permissions to read and write local files or execute
local applications that are accessible to the user running the Java
Web Start application. Releases prior to Java 1.4.2 are not affected
by this vulnerability. Further information is available in Document
ID 57740 from Sun's security web site at http://sunsolve.sun.com/

Security Update 2005-002 may be obtained from the Software Update
pane in System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/

The download file is named: "SecUpd2005-002Pan.dmg"
Its SHA-1 digest is: a97552dcd6ad73c573154e2a310f09595db4fb4c

Information will also be posted to the Apple Product Security
web site:
http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/security_pgp.html

-----BEGIN PGP SIGNATURE-----



--
S.f. Stover
sstover@atrc.sytexinc.com

Mind the gap.
-- English proverb

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Apple pentesting, Daniel
Next by Date:  RE: Apple pentesting, Altheide, Cory B. (IARC)
Previous by Thread:  Re: Apple pentesting, Daniel
Next by Thread:  Re: Apple pentesting, Thomas Stromberg
Indexes:  [Date] [Thread] [Top] [All Lists]