Code injection

dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restrictions via a crafted file...

CVE-2014-4455

dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restrictions via a crafted file...

CVE-2014-4455

CVE-2014-4455 concerns a Mach-O segment overlap handling bug in dyld (iOS before 8.1.1 and Apple TV before 7.0.2) that lets a local user bypass code-signing restrictions via a crafted file. The root cause is improper validation of overlapping Mach-O segments, enabling unsigned code execution. The...

Apple Offers Lukewarm Response to Masque Vulnerability

Apple said it is not aware of any customers affected by the Masque vulnerability disclosed earlier this week, and made no mention of a timeline when it might release an update patching the security hole. Masque is a vulnerability in iOS 7.1.1 and up that puts Apple mobile devices at risk to malwa...

Mac OS X < 10.10 Multiple Vulnerabilities (APPLE-SA-2014-10-16-1 OS X Yosemite v10.10)

Binary data 8555.prm...

CVE-2014-4391

The Code Signing feature in Apple OS X before 10.10 does not properly handle incomplete resource envelopes in signed bundles, which allows remote attackers to bypass intended app-author restrictions by omitting an execution-related resource...

Design/Logic Flaw

The Code Signing feature in Apple OS X before 10.10 does not properly handle incomplete resource envelopes in signed bundles, which allows remote attackers to bypass intended app-author restrictions by omitting an execution-related resource...

CVE-2014-4391

The Code Signing feature in Apple OS X before 10.10 does not properly handle incomplete resource envelopes in signed bundles, which allows remote attackers to bypass intended app-author restrictions by omitting an execution-related resource...

CVE-2014-4391

Apple OS X before 10.10 is affected by CVE-2014-4391. The issue is in Code Signing where incomplete resource envelopes in signed bundles can bypass app-author restrictions by omitting an execution-related resource, enabling potential execution of tampered code. The vulnerability arises from how t...

Mac OS X < 10.10 Multiple Vulnerabilities (POODLE) (Shellshock)

The remote host is running a version of Mac OS X is prior to version 10.10. This update contains several security-related fixes for the following components : - 802.1X - AFP File Server - apache - App Sandbox - Bash - Bluetooth - Certificate Trust Policy - CFPreferences - CoreStorage - CUPS - Doc...

Karsten Nohl BadUSB Patch Fall Short of a Fix

Two researchers who released code that can be used to exploit a critical weakness in most USB drives followed that up Sunday with their version of a patch for the problem. The attack code and subsequent patch is a response to the BadUSB research released during Black Hat this summer, yet, the fix...

Microsoft Windows Kernel Intel x64 SYSRET PoC

No description provided by source. Source: http://packetstormsecurity.org/files/115908/sysret.rar This is proof of concept code that demonstrates the Microsoft Windows kernel Intel/x64 SYSRET vulnerability as described in MS12-042. The shellcode disables code signing and will grant NT SYSTEM...

OpenJDK: jarsigner does not detect unsigned bytecode injected into signed jars

jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation...

CVE-2014-1273

dyld in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass code-signing requirements by leveraging use of text-relocation instructions in a dynamic library...

Design/Logic Flaw

dyld in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass code-signing requirements by leveraging use of text-relocation instructions in a dynamic library...

CVE-2014-1273

dyld in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass code-signing requirements by leveraging use of text-relocation instructions in a dynamic library...

CVE-2014-1273

CVE-2014-1273 affects Apple iOS before 7.1 and Apple TV before 6.1. The issue in dyld arises from loading text relocation instructions in dynamic libraries, allowing bypass of code-signing requirements. Apple’s 7.1/6.1 updates address this by ignoring text relocation instructions during dynamic l...

APPLE-SA-2014-03-10-1 iOS 7.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-03-10-1 iOS 7.1 iOS 7.1 is now available and addresses the following: Backup Available for: iPhone 4 and later, iPod touch 5th generation and later, iPad 2 and later Impact: A maliciously crafted backup can alter the filesystem...

APPLE-SA-2014-03-10-2 Apple TV 6.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-03-10-2 Apple TV 6.1 Apple TV 6.1 is now available and addresses the following: Apple TV Available for: Apple TV 2nd generation and later Impact: An attacker with access to an Apple TV may access sensitive user information from logs...

OpenJDK: jarsigner does not detect unsigned bytecode injected into signed jars

jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation...