Apple Security Advisory 2020-1-28-3 - watchOS 6.1.2 is now available and addresses code execution vulnerabilities.

Apple Security Advisory 2020-1-28-4 - tvOS 13.3.1 is now available and addresses code execution vulnerabilities.

Apple Security Advisory 2020-1-28-2 - macOS Catalina 10.15.3, Security Update 2020-001 Mojave, and Security Update 2020-001 High Sierra are now available and address buffer overflow, bypass, and code execution vulnerabilities.

Apple Security Advisory 2020-1-28-1 - iOS 13.3.1 and iPadOS 13.3.1 are now available and address code execution vulnerabilities.

Apple Security Advisory 2020-1-29-2 - iCloud for Windows 10.9.2 is now available and addresses buffer overflow, code execution, cross site scripting, and denial of service vulnerabilities.

Apple Security Advisory 2020-1-29-1 - iCloud for Windows 7.17 addresses buffer overflow, code execution, cross site scripting, and denial of service vulnerabilities.

Apple Security Advisory 2020-03-24-1 - iOS 13.4 and iPadOS 13.4 are now available and address buffer overflow, code execution, and cross site scripting vulnerabilities.

Apple Security Advisory 2020-03-24-2 - macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra are now available and address buffer overflow, bypass, code execution, and information leakage vulnerabilities.

Apple Security Advisory 2020-03-24-3 - tvOS 13.4 is now available and addresses buffer overflow, code execution, and cross site scripting vulnerabilities.

Apple Security Advisory 2020-03-24-4 - watchOS 6.2 is now available and addresses buffer overflow and code execution vulnerabilities.

Apple Security Advisory 2020-03-24-5 - Safari 13.1 is now available and addresses code execution and cross site scripting vulnerabilities.

Apple Security Advisory 2020-03-24-6 - iTunes for Windows 12.10.5 is now available and addresses buffer overflow, code execution, and cross site scripting vulnerabilities.

Apple Security Advisory 2020-03-24-7 - Xcode 11.4 is now available and contains security improvements.

Apple Security Advisory 2020-03-25-1 - iCloud for Windows 10.9.3 is now available and addresses buffer overflow, code execution, and cross site scripting vulnerabilities.

Apple Security Advisory 2020-03-25-2 - iCloud for Windows 7.18 is now available and addresses buffer overflow, code execution, and cross site scripting vulnerabilities.

Cisco M1070 Content Security Management Appliance IronPort remote host header injection exploit.

Cisco C170 Email Security Appliance version 10.0.3-003 IronPort remote host header injection exploit.

Cisco Email Security Virtual Appliance C100V IronPort remote host header injection exploit.

Cisco C690 Email Security Appliance version 11.0.2-044 IronPort remote host header injection exploit.

Cisco Email Security Virtual Appliance C600V IronPort remote host header injection exploit.

Cisco Email Security Virtual Appliance C370 IronPort remote host header injection exploit.

Cisco Content Security Management Virtual Appliance M600V IronPort remote host header injection exploit.

Cisco Email Security Virtual Appliance C300V IronPort remote host header injection exploit.

Cisco Email Security Virtual Appliance C380 IronPort remote host header injection exploit.

Cisco Content Security Virtual Appliance M380 IronPort remote cross site host modification demo exploit.

Apple Security Advisory 2019-9-26-9 - Safari 13.0.1 addresses user interface spoofing and browser history leakage vulnerabilities.

Apple Security Advisory 2020-1-28-5 - Safari 13.0.5 is now available and addresses address bar spoofing and password disclosure in transit issues.

Apple iPhone 4 with iOS 4.3 (8F190) suffers from a passphrase disclosure vulnerability that allows all local processes access to it.

This whitepaper details some of the vulnerabilities observed over the past year while performing regular security assessments of iPhone and iPad applications. MDSec documents some of the vulnerabilities identified as well as the methods to exploit them, and recommendations that developers can adopt to protect their iOS applications. It covers not only the security features of the platform, but provides in depth information on how to perform both black box and white box iOS penetration tests, along with suggested methodologies and compliance.

A heap memory buffer overflow vulnerability exists within the WebKit's JavaScriptCore JSArray::sort(...) method. The exploit for this vulnerability is javascript code which shows how to use it for memory corruption of internal JS objects (Unit32Array and etc.) and subsequent arbitrary code execution (custom ARM/x64 payloads can be pasted into the JS code). This exploit affects Apple Safari version 6.0.1 for iOS 6.0 and OS X 10.7/8. Earlier versions may also be affected. It was obtained through the Packet Storm Bug Bounty program.

A heap memory buffer overflow vulnerability exists within the WebKit's JavaScriptCore JSArray::sort(...) method. This method accepts the user-defined JavaScript function and calls it from the native code to compare array items. If this compare function reduces array length, then the trailing array items will be written outside the "m_storage->m_vector[]" buffer, which leads to the heap memory corruption. This finding was purchased through the Packet Storm Bug Bounty program.

Global manufacturer Apple today announced it has nearly doubled the number of suppliers that have committed to run their Apple production on 100 percent clean energy, bringing the total number to 44. Because of this partnership between Apple and its suppliers, Apple will exceed its goal of bringing 4 gigawatts of renewable energy into its supply chain by 2020, with over an additional gigawatt projected within that timeframe.

On Thursday, Puerto Rico’s Governor Ricardo Rosselló signed into law the Puerto Rico Energy Public Policy Act which lays the groundwork for the island’s transition to 100 percent clean energy by 2050.

Hydroelectric power developer Snowdonia Pumped Hydro has withdrawn its application for environmental permits for the 99.9-MW Glyn Rhonwy pumped-storage plant from Natural Resources Wales.

Global manufacturer Apple today announced it has nearly doubled the number of suppliers that have committed to run their Apple production on 100 percent clean energy, bringing the total number to 44. Because of this partnership between Apple and its suppliers, Apple will exceed its goal of bringing 4 gigawatts of renewable energy into its supply chain by 2020, with over an additional gigawatt projected within that timeframe.

On Thursday, Puerto Rico’s Governor Ricardo Rosselló signed into law the Puerto Rico Energy Public Policy Act which lays the groundwork for the island’s transition to 100 percent clean energy by 2050.

Presentation by Yash Sutariya of Saturn Electronics Corporation

Presentation by Tom Lantzer of DuPont Circuit and Packaging Materials