CVE-2016-1738

CVE-2016-1738 affects OS X El Capitan prior to 10.11.4 (dyld). The vulnerability allows code-signing verification to be bypassed via a modified app, enabling arbitrary code execution in the context of the affected process. Apple’s advisory for 10.11.4/Security Update 2016-002 documents dyld as fi...

CVE-2016-1773

The code-signing subsystem in Apple OS X before 10.11.4 does not properly verify file ownership, which allows local users to determine the existence of arbitrary files via unspecified vectors...

CVE-2016-1738

dyld in Apple OS X before 10.11.4 allows attackers to bypass a code-signing protection mechanism via a modified app...

CVE-2016-1751

The kernel in Apple iOS before 9.3, tvOS before 9.2, and watchOS before 2.2 does not properly restrict the execute permission, which allows attackers to bypass a code-signing protection mechanism via a crafted app...

CVE-2016-1773

CVE-2016-1773 affects Apple OS X before 10.11.4, where the code-signing subsystem fails to properly verify file ownership. This enables local attackers to determine the existence of arbitrary files via unspecified vectors (information disclosure). The issue is documented in multiple sources and p...

Citrix Known Issues - Hotfixes with SHA-1 Code Sign

This article describes an issue that no longer applies. As a courtesy, Citrix is keeping the article online to prevent broken links for customer who might have bookmarked it. Citrix is committed to complying with the Security Advisories published by Microsoft. Effective January 1, 2016, Microsoft...

Apple iOS < 8.4.1 Multiple Vulnerabilities

Binary data 8978.prm...

Microsoft Trusted Boot Security Feature Bypass

Vulnerability title Microsoft: Trusted Boot Security Feature Bypass Vulnerability CVE: CVE-2015-2552 Vendor: Microsoft Product: Windows NT series 8.0+ Affected versions: See "systems affected". Reported by: "Myria" Vulnerability Summary: ===================== An attacker with administrative acces...

'The Hacker News' Weekly Roundup — 14 Most Popular Stories

To make the last week’s top cyber security threats and challenges available to you in one shot, we are once again here with our weekly round up. Last week, we came across lots of cyber security threats like the XCodeGhost malware in Apple’s App Store and lockscreen bypass bug in iOS 9 and iOS 9.0...

Microsoft Revokes Leaked D-Link Certificates

Microsoft today revoked trust for the four digital certificates inadvertently leaked last week by networking gear manufacturer D-Link. Microsoft said it has modified its Certificate Trust List removing trust for the four certs, which could have been used to sign malicious code used in attacks. Th...

CVE-2015-5839

dyld in Apple iOS before 9 allows attackers to bypass a code-signing protection mechanism via an app that places a crafted signature in an executable file...

Design/Logic Flaw

dyld in Apple iOS before 9 allows attackers to bypass a code-signing protection mechanism via an app that places a crafted signature in an executable file...

D-Link Private Code-Signing Keys Leaked

A simple mistake by networking gear manufacturer D-Link could have opened the door for costly damage. Private keys used to sign software published by D-Link were found in the company’s open source firmware packages. While it’s unknown whether the keys were used by malicious third parties, the...

CVE-2015-5839

dyld in Apple iOS before 9 allows attackers to bypass a code-signing protection mechanism via an app that places a crafted signature in an executable file...

CVE-2015-5839

CVE-2015-5839 : In Apple iOS, pre-9.0 dyld can bypass code-signing protection by an app that places a crafted signature into an executable. The issue arises from how dyld validates the code signature of executables, enabling bypass of the protection under crafted conditions. Affected software: iO...

D-Link Accidentally Publishes Its Private Code-Signing Keys on the Internet

It's not every time malware creators have to steal or buy a valid code-signing certificate to sign their malware – Sometimes the manufacturers unknowingly provide themselves. This is what exactly done by a Taiwan-based networking equipment manufacturer D-Link, which accidently published its Priva...

AirDrop vulnerability: millions of Apple devices can be silently installed malicious application-vulnerability warning-the black bar safety net

AirDrop file transfer feature on a vulnerability exists, a malicious application may be silently installed on millions of Apple device, and replace the legitimate app. AirDrop is Apple developed for inter-device direct technology to transfer files, but security researchers Mark Dowd was in iOS an...

Apple iOS Code Signing Bypass Vulnerability

Apple iOS is the latest operating system that runs on Apple's iPhone and iPod touch devices. A security vulnerability exists in Apple iOS that allows a local attacker to execute unsigned code by exploiting a code signing flaw...

Apple iOS code signature bypass vulnerability (CNVD-2015-05542)

Apple iOS is the latest operating system that runs on Apple's iPhone and iPod touch devices. Apple iOS suffers from a security vulnerability that allows malicious applications to execute unsigned code by exploiting a code signing flaw...

Apple iOS code signature bypass vulnerability (CNVD-2015-05544)

Apple iOS is the latest operating system that runs on Apple's iPhone and iPod touch devices. Apple iOS suffers from a security vulnerability that allows malicious applications to execute unsigned code by exploiting a code signing flaw...