So anyone who has some OS X 0-day and a ticket to CanSecWest this year
has a chance at a free MacBook Pro...

http://cansecwest.com/post/2007-03-21.15:10:00.PWN_to_OWN

Marc Fossi
Symantec Corp.
www.symantec.com

[ more ]  [ reply ]

Forwarded to me by Marc Fossi...

Title: New NSA Security Guidelines for Mac OS X Published
Source: National Security Agency
Date Published: March 2007

Excerpt:

The National Security Agency <http://www.nsa.gov> (NSA) has published
version 2 of its security guidelines for Mac OS X. The security
do

[ more ]  [ reply ]

The What's New section of the release page states that iTunes 7.1.1 addresses a stability issue and minor compatibility problems in iTunes 7.1 as well.

It appears that there are some problems with Vista still, however.

Download link (Mac OS version) is
http://www.apple.com/support/downloads/itunes

[ more ]  [ reply ]

Mac OS X 10.4.9 and Security Update 2007-003
http://docs.info.apple.com/article.html?artnum=305214

iPhoto 6.0.6
http://docs.info.apple.com/article.html?artnum=305215

____________
Todd D. Woodward
Technical Support Engineer
Security Response Researcher
Focus-Apple Moderator
Enterprise Macintosh P

[ more ]  [ reply ]

thomas.stridh (at) its.uu (dot) se [email concealed] at 2007-03-08 03:12 from thomas.stridh (at) its.uu (dot) se [email concealed]
wrote:

>I'm searching after forensics utility that can be used on Mac OS X
>Tiger.

www.SubRosaSoft.com/OSXSoftware/index.php?main_page=product_info&product
s_i
d=114

[ more ]  [ reply ]

Hello!

I'm searching after forensics utility that can be used on Mac OS X
Tiger.

I have looked through the Apple security documentation but found very
little about forensics investigation.

I hope someone on this list now where to find help.

thanks
--
Thomas Stridh, IT Support Department, Uppsa

[ more ]  [ reply ]

In case you haven't seen this release today, a big QuickTime update to resolve a number of potential multi-platform vulnerabilities. Please refer to Apple's Knowledge Base document for complete information:

http://docs.info.apple.com/article.html?artnum=305149

APPLE-SA-2007-03-05 QuickTime 7.1.5

[ more ]  [ reply ]

http://jobs.apple.com/index.ajs?
BID=1&method=mExternal.showJob&RID=959&CurrentPage=1

I'm only posting this because I like the spam that comes from posting
to security focus lists ;)

John

[ more ]  [ reply ]

Since this compares to OSX, and there are still many misconceptions of how
all this works, maybe the Apple mod will approve this (and I promise to take
anything else to Focus-MS after this for those who really care):

On 2/20/07 2:23 AM, "Michael Dalling" <mtdalling (at) gmail (dot) com [email concealed]> spoketh to all:

> I

[ more ]  [ reply ]

In the last couple of weeks there has been a number of news articles, reports and analysis regarding virtualization on the Mac platform, and virtualization in general.

Last week's InfoWorld focused several articles on virtualization of servers, storage and applications. Not specific to Mac, but fas

[ more ]  [ reply ]

On 2/19/07 6:55 AM, "Don Rhodes" <drhodes (at) mail.colgate (dot) edu [email concealed]> spoketh to all:

> You make valid points, and I do not disagree with them. What I wanted to
> convey is that the UAC in Vista is a leap forward for security but most
> users will just realize that all they need to do is click
> continue/al

[ more ]  [ reply ]

According to Internet Storm Center Diary report these update problems have been resolved now:
http://isc.sans.org/diary.html?storyid=2265

see 'UPDATE:' section.

There is no information about bogus updates, fake update servers etc.

- Juha-Matti

Simon Pride <simon.pride (at) gmail (dot) com [email concealed]> wrote:
> See th

[ more ]  [ reply ]

See thread at

http://discussions.apple.com/thread.jspa?threadID=857862&tstart=0

iTunes 7.0.2 and QuickTime, plus Security Update 2007-001 are being
offered as 'new' updates today. Most users will already have
installed these items last month.

If you accept the updates, the download of the upd

[ more ]  [ reply ]

On 2/16/07 7:53 AM, "Don Rhodes" <drhodes (at) mail.colgate (dot) edu [email concealed]> spoketh to all:

> However Vista UAC does not behave just like *nix based OSes. To make
> matter worse there are programs out that do not handle running in
> unprivileged mode very well. Firefox for one defaults to downloading
> files to t

[ more ]  [ reply ]

[quoted from MacDailyNews.com]

Apple today released Java for Mac OS X 10.4, Release 5 which adds support for the latest Daylight Saving Time (DST) and time zone information as of January 8, 2007, and delivers improved reliability and compatibility for Java 2 Platform Standard Edition 5.0 and Java 1

[ more ]  [ reply ]

Apple also release Daylight Savings Time patches for both Mac OS X 10.3 and
10.4, including Java updates. Some organizations are treating DST patches
as security issues. While 10.4 DST North America patches have been
available for a while, today's patches are the first from Apple for 10.3.

Daylig

[ more ]  [ reply ]

Information available at the following website:

http://docs.info.apple.com/article.html?artnum=305102

Addresses issues with the Finder, iChat and UserNotification.

All of the updates reference the "Month of Apple Bugs."

____________
Todd D. Woodward
Technical Support Engineer
Security Response R

[ more ]  [ reply ]

According to an Infinite Loop article on Ars Technica, the AirPort Extreme base station (AEBS) firewall can reject "incoming sessions over IPv4" but "lets incoming IPv6 sessions straight through."

http://arstechnica.com/journals/apple.ars/2007/2/14/7063

The article discusses the issue and provides

[ more ]  [ reply ]