Aaron Sigel

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 8.4 Apple OS X versions prior to 10.10.4 **Description** The issue allows remote attackers to trigger a refresh operation and cause a visit to an arbitrary web site via a crafted HTML e-mail message. **Recommendations** For Apple iOS versions prior to 8.4, update to version 8.4 or later. For Apple OS X versions prior to 10.10.4, update to version 10.10.4 or later.

**Name of the Vulnerable Software and Affected Versions** Apple OS X versions prior to 10.10.4 **Description** A race condition in kext tools allows local users to bypass intended signature requirements for kernel extensions by leveraging improper pathname validation. **Recommendations** For Apple OS X versions prior to 10.10.4, update to version 10.10.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple Mac OS X versions prior to 10.9 **Description** The issue allows user-assisted remote attackers to execute arbitrary applications by triggering a log entry with a crafted attached URL. This is related to the Console in Apple Mac OS X. **Recommendations** For versions prior to 10.9, update to version 10.9 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple Mac OS X versions prior to 10.8.3 **Description** The issue allows remote attackers to bypass the FaceTime call-confirmation prompt via a crafted FaceTime: URL. This could potentially lead to unauthorized access to the device's camera and microphone. **Recommendations** For Apple Mac OS X versions prior to 10.8.3, update to version 10.8.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple Safari versions prior to 6.0.1 **Description** The issue arises from improper handling of the Quarantine attribute of HTML documents. This allows remote attackers to read arbitrary files on a user's system by leveraging the presence of a downloaded document, but it requires user assistance. **Recommendations** For versions prior to 6.0.1, update to version 6.0.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple Safari versions prior to 6.0 **Description** The issue allows user-assisted remote attackers to obtain sensitive information about full pathnames via a crafted web site, due to improper handling of drag-and-drop events by WebKit in Apple Safari. **Recommendations** For versions prior to 6.0, update to version 6.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple Safari versions prior to 6.0 **Description** The issue allows remote attackers to bypass intended sandbox restrictions and read arbitrary files by leveraging a WebProcess compromise. This is due to improper handling of file: URLs in WebKit. **Recommendations** For versions prior to 6.0, update to version 6.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple Safari versions prior to 6.0 **Description** The issue allows remote attackers to read arbitrary files via a feed:// URL. **Recommendations** For versions prior to 6.0, update to version 6.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple Mac OS X versions prior to 10.7.4 **Description** The issue allows physically proximate attackers to bypass screen locking and launch a Safari process when the RSS Visualizer screensaver is enabled. **Recommendations** For Apple Mac OS X versions prior to 10.7.4, update to version 10.7.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple Mac OS X versions prior to 10.7.4 **Description** A race condition exists in the initialization routine in blued in Bluetooth in Apple Mac OS X, allowing local users to gain privileges via vectors involving a temporary file. **Recommendations** For versions prior to 10.7.4, update to version 10.7.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple Mac OS X versions through 10.6.8 **Description** The issue allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks. This occurs when the "Save for Web" selection in QuickTime Player exports HTML documents containing an http link to a script file, which can be spoofed by an attacker during local viewing of an exported document. **Recommendations** For Apple Mac OS X versions through 10.6.8, consider disabling the "Save for Web" feature in QuickTime Player as a temporary workaround to minimize the risk of exploitation. Restrict access to http links in exported HTML documents to prevent cross-site scripting attacks.

**Name of the Vulnerable Software and Affected Versions** Apple Mac OS X versions through 10.6.8 **Description** The issue concerns the User Documentation component in Apple Mac OS X, which uses http sessions for updates to App Store help information. This allows man-in-the-middle attackers to execute arbitrary code by spoofing the http server. **Recommendations** For Apple Mac OS X versions through 10.6.8, consider disabling the use of http sessions for App Store help information updates until a secure alternative is implemented. Restrict access to the App Store help information to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apple Safari versions prior to 5.1.1 **Description** The issue allows remote attackers to execute arbitrary code via a crafted web site, due to the failure to enforce an intended policy for file: URLs. **Recommendations** For Apple Safari versions prior to 5.1.1, update to version 5.1.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 14.0.835.163 **Description** The issue is related to the installer in Google Chrome, which does not properly handle lock files. This has an unspecified impact and attack vectors. **Recommendations** For versions prior to 14.0.835.163, update to version 14.0.835.163 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** HP Photosmart D110 and B110 versions (affected versions not specified) HP Photosmart Plus B210 version (affected versions not specified) HP Photosmart Premium C310, Fax All-in-One, and C510 versions (affected versions not specified) HP ENVY 100 D410 version (affected versions not specified) **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. This could potentially lead to unauthorized access or control of the affected devices. **Recommendations** For HP Photosmart D110 and B110, update to a version that addresses the XSS issue. For HP Photosmart Plus B210, update to a version that addresses the XSS issue. For HP Photosmart Premium C310, Fax All-in-One, and C510, update to a version that addresses the XSS issue. For HP ENVY 100 D410, update to a version that addresses the XSS issue.

**Name of the Vulnerable Software and Affected Versions** HP Photosmart D110 version HP Photosmart B110 version HP Photosmart Plus B210 version HP Photosmart Premium C310 version HP Photosmart Premium Fax All-in-One version HP Photosmart Premium C510 version HP ENVY 100 D410 version **Description** The issue affects the SNMP component on certain HP printer models, allowing remote attackers to obtain sensitive information or modify data. This is related to vectors involving the Embedded Web Server (EWS). **Recommendations** For HP Photosmart D110, update the firmware to remove the vulnerable SNMP component. For HP Photosmart B110, update the firmware to remove the vulnerable SNMP component. For HP Photosmart Plus B210, update the firmware to remove the vulnerable SNMP component. For HP Photosmart Premium C310, update the firmware to remove the vulnerable SNMP component. For HP Photosmart Premium Fax All-in-One, update the firmware to remove the vulnerable SNMP component. For HP Photosmart Premium C510, update the firmware to remove the vulnerable SNMP component. For HP ENVY 100 D410, update the firmware to remove the vulnerable SNMP component.

**Name of the Vulnerable Software and Affected Versions** HP Photosmart D110 and B110 versions (affected versions not specified) HP Photosmart Plus B210 versions (affected versions not specified) HP Photosmart Premium C310, Fax All-in-One, and C510 versions (affected versions not specified) HP ENVY 100 D410 versions (affected versions not specified) **Description** The issue allows remote attackers to read documents on the scan surface of the affected printers via unspecified vectors. **Recommendations** For HP Photosmart D110 and B110, at the moment, there is no information about a newer version that contains a fix for this issue. For HP Photosmart Plus B210, at the moment, there is no information about a newer version that contains a fix for this issue. For HP Photosmart Premium C310, Fax All-in-One, and C510, at the moment, there is no information about a newer version that contains a fix for this issue. For HP ENVY 100 D410, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Mac OS X versions prior to 10.6.7 **Description** The issue is related to the Install Helper in the Installer component, which does not properly process an unspecified URL. This could allow remote attackers to track user logins by logging network traffic from an agent intended to send traffic to an Apple server. **Recommendations** For Mac OS X versions prior to 10.6.7, update to version 10.6.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** PackageKit in Apple Mac OS X versions prior to 10.6.6 **Description** The issue allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service, specifically an application crash, via vectors related to interaction between Software Update and distribution scripts. **Recommendations** For versions prior to 10.6.6, update to version 10.6.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 4.2 **Description** The issue allows man-in-the-middle attackers to make calls via a crafted URL in an ad, specifically affecting the iAd Content Display in Apple iOS. **Recommendations** For versions prior to 4.2, update to version 4.2 or later to resolve the issue.