Directus 访问控制错误漏洞

Directus is a real-time Api and application dashboard from Directus Open Source. It is used to manage Sql database content. An Access Control Error vulnerability exists in Directus versions prior to 10.13.2, which stems from the fact that when relying on the use of a default filter to block acces...

CVE-2017-13905

A race condition was addressed with additional validation. This issue is fixed in tvOS 11.2, iOS 11.2, macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan, watchOS 4.2. An application may be able to gain elevated privileges...

Race condition

A race condition was addressed with additional validation. This issue is fixed in tvOS 11.2, iOS 11.2, macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan, watchOS 4.2. An application may be able to gain elevated privileges...

Race condition

A race condition was addressed with additional validation. This issue affected versions prior to iOS 11.2, macOS High Sierra 10.13.2, tvOS 11.2, watchOS 4.2, iTunes 12.7.2 for Windows, macOS High Sierra 10.13.4...

CVE-2017-13911

A configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS X El Capitan 10.11.6 Security Update 2018-002, macOS Sierra 10.12.6 Security Update 2018-002, macOS High Sierra 10.13.2...

CVE-2017-7151

A race condition was addressed with additional validation. This issue affected versions prior to iOS 11.2, macOS High Sierra 10.13.2, tvOS 11.2, watchOS 4.2, iTunes 12.7.2 for Windows, macOS High Sierra 10.13.4...

CVE-2017-13887

In macOS High Sierra before 10.13.2, a logic issue existed in APFS when deleting keys during hibernation. This was addressed with improved state management...

CVE-2017-13887

CVE-2017-13887 affects macOS High Sierra (before 10.13.2) in APFS. A logic issue when deleting encryption keys during hibernation could cause keys to not be securely deleted. The issue is addressed in the macOS High Sierra 10.13.2 security update with improved state management. Public reference c...

macOS 10.13.2 - Double mach_port_deallocate in kextd due to Failure to Comply with MIG Ownership Rul

Exploit for macOS platform in category dos / poc Here's a kextd method exposed via MIG com.apple.KernelExtensionServer kernreturnt kextmanagerunlockkextload machportt server, machportt client kernreturnt migresult = KERNFAILURE; if gClientUID != 0 OSKextLog/ kext / NULL, kOSKextLogErrorLevel |...

Apple macOS 10.13.2 - Double mach_port_deallocate in kextd due to Failure to Comply with MIG Ownership Rules

Here's a kextd method exposed via MIG com.apple.KernelExtensionServer kernreturnt kextmanagerunlockkextload machportt server, machportt client kernreturnt migresult = KERNFAILURE; if gClientUID != 0 OSKextLog/ kext / NULL, kOSKextLogErrorLevel | kOSKextLogIPCFlag, "Non-root kextutil doesn't need ...

CVE-2017-7173

An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app...

Apple macOS - IOHIDSystem Kernel Read/Write

Sources: https://siguza.github.io/IOHIDeous/ https://github.com/Siguza/IOHIDeous/ IOHIDeous A macOS kernel exploit based on an IOHIDFamily 0day. Write-up here: https://siguza.github.io/IOHIDeous/ Notice The prefetch timing attack I'm using for hid for some reason doesn't work on High Sierra 10.13...

Design/Logic Flaw

An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. The issue involves the "Kernel" component. It allows local users to bypass intended memory-read restrictions or cause a denial of service system crash...

Memory corruption

An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context or cause ...

CVE-2017-13848

An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app...

Memory corruption

An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service memory corruption via a crafted app...

Code injection

An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app...

Apple macOS High Sierra Intel Graphics Driver Memory Corruption Vulnerability

Apple macOS High Sierra is a dedicated operating system developed by Apple for Mac computers.Intel Graphics Driver is one of the drivers for the graphics card. A security vulnerability exists in the Intel Graphics Driver component of Apple macOS High Sierra versions prior to 10.13.2. The...

Apple macOS High Sierra Intel Graphics Driver Out-of-Bounds Read Vulnerability

Apple macOS High Sierra is a dedicated operating system developed by Apple for Mac computers.Intel Graphics Driver is one of the drivers for the graphics card. A security vulnerability exists in the Intel Graphics Driver component of Apple macOS High Sierra versions prior to 10.13.2. The...