Clint Ruoho

**Name of the Vulnerable Software and Affected Versions** Asterisk versions prior to 16.25.2 Asterisk versions prior to 18.11.2 Asterisk versions prior to 19.3.2 **Description** An issue was discovered in Asterisk. When using STIR/SHAKEN, it's possible to send arbitrary requests, such as GET, to interfaces like localhost by using the `Identity` header. **Recommendations** For versions prior to 16.25.2, update to version 16.25.2 or later. For versions prior to 18.11.2, update to version 18.11.2 or later. For versions prior to 19.3.2, update to version 19.3.2 or later. As a temporary workaround, consider restricting the use of the `Identity` header when using STIR/SHAKEN until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Apple Mac OS X versions prior to 10.8.3 **Description** The issue concerns the Apple mod hfs apple module for the Apache HTTP Server, which does not properly handle ignorable Unicode characters. This allows remote attackers to bypass intended directory authentication requirements by crafting a pathname in a URI. **Recommendations** For versions prior to 10.8.3, update to version 10.8.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple iTunes versions prior to 9.2.1 **Description** A buffer overflow issue allows remote attackers to execute arbitrary code or cause a denial of service via a crafted itpc: URL. **Recommendations** For versions prior to 9.2.1, update to version 9.2.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple Mac OS X versions prior to 10.6.4 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via a crafted help: URL. This is related to URL parameters in HTML content. **Recommendations** For versions prior to 10.6.4, update to version 10.6.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the Help Viewer until a patch is applied. Avoid using crafted help: URLs in the affected system until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Apple Mac OS X versions prior to 10.6.3 **Description** The issue allows user-assisted remote attackers to execute arbitrary JavaScript via a web page, making it easier to exploit. This is due to an incomplete blacklist vulnerability in CoreTypes, which does not properly handle certain Content-Type values for Safari. Specifically, the values for the `.ibplugin` and `.url` extensions are not on the list of possibly unsafe content types. **Recommendations** For Apple Mac OS X versions prior to 10.6.3, update to version 10.6.3 or later to resolve the issue. As a temporary workaround, consider restricting the handling of downloads with Content-Type values that are not explicitly marked as safe in Safari. Avoid using Safari to download files with potentially unsafe content types, such as `.ibplugin` and `.url` extensions, until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Apple Mac OS X versions 10.5 through 10.5.7 Description: The issue allows user-assisted remote attackers to execute arbitrary JavaScript via a web page, making it easier to exploit. This occurs because of an incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X. The vulnerability is exploited when a web page offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari. Recommendations: For Apple Mac OS X versions 10.5 through 10.5.7, update to version 10.5.8 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Apple Safari version 3.x and earlier on Windows Description: The issue is related to the CoreGraphics component in Apple Safari, which does not properly handle arithmetic during automatic hinting of TrueType fonts. This can be exploited by remote attackers using crafted font data, potentially leading to the execution of arbitrary code or causing a denial of service due to memory corruption and application crash. Recommendations: For Apple Safari version 3.x and earlier on Windows, update to version 4.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Safari versions in Apple Mac OS X 10.4.11 and 10.5.6 Safari versions in Windows XP and Vista **Description** The issue is related to input validation problems, allowing remote attackers to execute arbitrary JavaScript in the local security zone via a crafted feed URL. **Recommendations** For Safari versions in Apple Mac OS X 10.4.11 and 10.5.6: update to a version with improved input validation. For Safari versions in Windows XP and Vista: update to a version with improved input validation. As a temporary workaround, consider restricting the use of feed URLs to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apple Mac OS X version 10.5.2 Digital Camera RAW Compatibility versions prior to Update 2.0 for Aperture 2 and iPhoto 7.1.2 **Description** A stack-based buffer overflow issue in Image Raw allows remote attackers to execute arbitrary code via a crafted Adobe Digital Negative (DNG) image. **Recommendations** For Apple Mac OS X version 10.5.2, update to a newer version to mitigate the risk. For Digital Camera RAW Compatibility versions prior to Update 2.0 for Aperture 2 and iPhoto 7.1.2, apply Update 2.0 to resolve the issue.