[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: Re: [Full-disclosure] NGS00254 Patch Notification: Apple Mac OS X Lion USB Hub Class Hub Descriptor
From: Jeffrey Walton <noloader () gmail ! com>
Date: 2012-09-27 19:40:59
Message-ID: CAH8yC8=g1+XiwrJwTsrkEHC5obs0qqcEmUDD31AyNYdep==5Zw () mail ! gmail ! com
[Download RAW message or body]
> An updated version of the software has been released to address the vulnerability:
> http://support.apple.com/kb/HT1222
Unfortunately, Apple makes no mention of patches for USB device in
this support article.
> NCC Group is going to withhold details of this flaw for three months.
As you probably know, Apple is not responsible actor in this arena.
Confer: the number of vulnerabilities left to rot and fester while
waiting for the iOS 6/iPhone 5 press release
(http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html),
the removal of the toxic Dignotar certificates from the root CA list,
etc.
Jeff
On Thu, Sep 27, 2012 at 4:22 AM, NCC Group Research
<research@nccgroup.com> wrote:
> High Risk Vulnerability in Apple Mac OS X Lion
>
> 27 September 2012
>
> Andy Davis of NCC Group has discovered a High risk vulnerability in Apple OS X Lion v10.7 to \
> v10.7.4, OS X Lion Server v10.7 to v10.7.4.
> Impact: Arbitrary Code Execution (bug triggered by USB device insertion)
>
> Versions affected:
> Mac OS X Lion v10.7 to v10.7.4, Mac OS X Lion Server v10.7 to v10.7.4
>
> An updated version of the software has been released to address the vulnerability:
> http://support.apple.com/kb/HT1222
>
> NCC Group is going to withhold details of this flaw for three months. This three month window \
> will allow users the time needed to apply the patch before the details are released to the \
> general public. This reflects the NCC Group approach to responsible disclosure.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic