-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2015-06-30-3 Mac EFI Security Update 2015-001
Mac EFI Security Update 2015-001 is now available and addresses the
following:
EFI
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A malicious application with root
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2015-06-30-4 Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7
Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7 are now available and
address the following:
WebKit
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
and OS X Yosemit
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update
2015-005
OS X Yosemite v10.10.4 and Security Update 2015-005 are now available
and address the following:
Admin Framework
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2015-06-30-1 iOS 8.4
iOS 8.4 is now available and addresses the following:
Application Store
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious universal provisioning profile a
Impact:
The "click to verify" thing is completely broken...
Anyone can be "BBB Accredited Business" etc.
You can make whitehouse.gov display "We love Islamic State" :-)
Note:
No user interaction on the fake page.
Code:
* index.html
function next()
{
w.location.replace('CVE-2015-4674 - TimeDoctor autoupdate over plain-HTTP
TimeDoctor claims to be a software that helps to improve the
productivity of teams, reduce time spent on distractions [1]
Vulnerability:
TimeDoctor autoupdate feature downloads and executes files over plain
HTTP and doesn't perform any check with the files. An attacker with
MITM capabilities (i.e.