Apple macOS Big Sur缓冲区错误漏洞

Apple macOS Big Sur is a mobile application app from Apple USA. A buffer error vulnerability exists in multiple Apple products that stems from an out-of-bounds read issue. An attacker could cause an unexpected application termination or process memory leak via a maliciously crafted AppleScript...

Apple macOS Big Sur缓冲区错误漏洞

Apple macOS Big Sur is a mobile application app from Apple USA. A buffer error vulnerability exists in multiple Apple products that stems from an out-of-bounds read issue. An attacker could cause an unexpected application termination or process memory leak via a maliciously crafted AppleScript...

Apple macOS Big Sur 缓冲区错误漏洞

Apple macOS Big Sur is a mobile application app from Apple USA. A buffer error vulnerability exists in multiple Apple products that stems from an out-of-bounds read issue. An attacker could cause an unexpected application termination or process memory leak via a maliciously crafted AppleScript...

Apple macOS Big Sur 缓冲区错误漏洞

Apple macOS Big Sur is a mobile application app from Apple USA. A buffer error vulnerability exists in multiple Apple products that stems from an out-of-bounds read issue. An attacker could cause an unexpected application termination or process memory leak via a maliciously crafted AppleScript...

Apple Patches Zero-Day Flaw in MacOS that Allows for Sneaky Screenshots

Apple has patched a critical bug in macOS that could be exploited to take screenshots of someone’s computer and capture images of their activity within applications or on video conferences without that person knowing. Apple addressed the vulnerability—discovered by researchers at enterprise...

About the security content of Security Update 2021-004 Mojave

About the security content of Security Update 2021-004 Mojave This document describes the security content of Security Update 2021-004 Mojave. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurre...

About the security content of Security Update 2021-003 Catalina

About the security content of Security Update 2021-003 Catalina This document describes the security content of Security Update 2021-003 Catalina. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has...

Mac Users Targeted by Spyware Spreading via Xcode Projects

A campaign aimed at Mac users is spreading the XCSSET suite of malware, which has the capability to hijack the Safari web browser and inject various JavaScript payloads that can steal passwords, financial data and personal information, deploy ransomware and more. Infections are propagating via...

About the security content of macOS High Sierra 10.13 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...

macOS < 10.13 Multiple Vulnerabilities

Binary data 700511.prm...

About the security content of macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...

rootOS - macOS Root Helper

Tries to use various CVEs to gain sudo or root access. All exploits have an end goal of adding ALL ALL=ALL NOPASSWD: ALL to /etc/sudoers allowing any user to run sudo commands. Exploits CVE-2008-2830 CVE-2015-3760 CVE-2015-5889 CVE-2017-13872 AppleScript Dynamic Phishing Sudo Piggyback Link Run...

Automattic: Remote Code Execution in Wordpress Desktop

An attacker can create a malicious page that when viewed or edited in Wordpress Desktop App will results in remote code execution. This issue looks to be around this line of code: https://github.com/Automattic/wp-desktop/blob/develop/desktop/window-handlers/external-links/index.jsL38 If...

CVE-2017-13809

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "AppleScript" component. It allows remote attackers to execute arbitrary code via a crafted AppleScript file that is mishandled by osadecompile...

CVE-2017-13809

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "AppleScript" component. It allows remote attackers to execute arbitrary code via a crafted AppleScript file that is mishandled by osadecompile...

Memory corruption

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Open Scripting Architecture" component. It allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted AppleScript file that is mishandle...

Design/Logic Flaw

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "AppleScript" component. It allows remote attackers to execute arbitrary code via a crafted AppleScript file that is mishandled by osadecompile...

CVE-2017-13824

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Open Scripting Architecture" component. It allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted AppleScript file that is mishandle...

CVE-2017-13809

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "AppleScript" component. It allows remote attackers to execute arbitrary code via a crafted AppleScript file that is mishandled by osadecompile...

macOS and Mac OS X Multiple Vulnerabilities (Security Update 2017-001 and 2017-004)

The remote host is running Mac OS X 10.11.6 or Mac OS X 10.12.6 and is missing a security update. It is therefore, affected by multiple vulnerabilities affecting the following components : - 802.1X - apache - AppleScript - ATS - Audio - CFString - CoreText - curl - Dictionary Widget - file - Font...