This week's update brings a fun user-assisted code execution bug in Safari. It works by opening up an "applescript://" URL, which pops an Applescript editor, and then getting the user to hit Command-R (normally the keybinding for reloading the page). The key combo will pass down to the editor and run the script.

There is a mitigating factor here in the form of Gatekeeper, part of Apple's "walled garden" architecture, designed to protect users from people who haven't given Apple $99. In it's default setting on Mountain Lion and newer, Gatekeeper will pop up a couple of "Are you sure?"s before letting the user give you a shell. But hey, signed Java applets are still moderately effective at getting shells in phishing campaigns in spite of click-to-play, so chances are still pretty good.

You can see all the changes since the last wrapup on github: 4.11.4-2015101401...4.11.4-2015102801

Exploit modules

Auxiliary and post modules