726 matches found
CVE-2019-8589
CVE-2019-8589 concerns the macOS DesktopServices component. The issue could allow a malicious application to bypass Gatekeeper checks, as described in the CVE entry. Explicit details from connected sources show the vulnerability affects macOS Mojave deployments and is addressed by the macOS Mojav...
CVE-2019-8589
This issue was addressed with improved checks. This issue is fixed in macOS Mojave 10.14.5. A malicious application may bypass Gatekeeper checks...
CVE-2019-6239
This issue was addressed with improved handling of file metadata. This issue is fixed in macOS Mojave 10.14.4. A malicious application may bypass Gatekeeper checks...
CVE-2019-6239
CVE-2019-6239 concerns a security bypass in macOS Mojave prior to 10.14.4. The issue, tracked in the Bom component, stems from how file metadata is handled, allowing a malicious application to bypass Gatekeeper checks. Apple’s Security Update 2019-002 (macOS Mojave 10.14.4) addresses this by impr...
LY Corporation: Path traversal in filename in LINE Mac client
Initially, @hackerontwowheels and @renekroka discovered that by using a path traversal payload combined with to block out the file extension, arbitrary, pre-installed applications could be executed. It was not possible to provide additional arguments to these applications, however. The payload us...
CVE-2019-2115
In GateKeeper::MintAuthToken of gatekeeper.cpp in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...
CVE-2019-2115
In GateKeeper::MintAuthToken of gatekeeper.cpp in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...
Double free
In GateKeeper::MintAuthToken of gatekeeper.cpp in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...
CVE-2019-2115
In GateKeeper::MintAuthToken of gatekeeper.cpp in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...
CVE-2019-2115
CVE-2019-2115 affects Google Android GateKeeper:MintAuthToken in gatekeeper.cpp across Android 7.1.1–9. The issue is memory corruption due to a double free, enabling local privilege escalation to the System level without user interaction. Affected component: GateKeeper/auth token generation path....
macOS Sierra / High Sierra Multiple Vulnerabilities (Security Update 2019-004)
The remote host is running Mac OS X 10.12.6 or Mac OS X 10.13.6 and is missing a security update. It is, therefore, affected by multiple vulnerabilities : - An application may be able to read restricted memory CVE-2019-8691, CVE-2019-8692, CVE-2019-8693 - Extracting a zip file containing a symbol...
macOS 10.14.x < 10.14.6 Multiple Vulnerabilities
The remote host is running a version of macOS / Mac OS X that is 10.14.x prior to 10.14.6. It is, therefore, affected by multiple vulnerabilities : - An application may be able to read restricted memory CVE-2019-8691, CVE-2019-8692, CVE-2019-8693 - Extracting a zip file containing a symbolic link...
Unspecified vulnerability in Apple macOS Mojave autofs component
Apple macOS Mojave is a specialized operating system developed by Apple for Mac computers. autofs is a file system automount component. A security vulnerability exists in the autofs component of Apple macOS Mojave versions prior to 10.14.6. An attacker could exploit this vulnerability to bypass...
Hackers Are Poking at a MacOS Gatekeeper Flaw Apple Left Unfixed
The clock's ticking to fix a Gatekeeper bug that would let hackers slip malware onto your computer undetected...
Newly-Discovered Malware Targets Unpatched MacOS Flaw
Researchers have discovered never-before-seen Mac malware samples, which they believe are being developed to target a recently-disclosed vulnerability in the MacOS operating system. The vulnerability, a bypass that was disclosed in May and has yet to be patched by Apple, exists in the MacOS...
New Mac Malware Exploits GateKeeper Bypass Bug that Apple Left Unpatched
Cybersecurity researchers from Intego are warning about possible active exploitation of an unpatched security vulnerability in Apple's macOS Gatekeeper security feature details and PoC for which were publicly disclosed late last month. Intego team last week discovered four samples of new macOS...
New Mac Malware Exploits GateKeeper Bypass Bug that Apple Left Unpatched
Cybersecurity researchers from Intego are warning about possible active exploitation of an unpatched security vulnerability in Apple's macOS Gatekeeper security feature details and PoC for which were publicly disclosed late last month. Intego team last week discovered four samples of new macOS...
Gatekeeper Bug in MacOS Mojave Allows Malware to Execute
Researcher Filippo Cavallarin disclosed a bug in the macOS security feature Gatekeeper that allows malicious code execution on systems running the most recent version of Mojave 10.14.0. MacOS Gatekeeper is an Apple security feature that enforces code signing and verifies downloads and apps before...
MacOS X 10.14.5 Gatekeeper Bypass Vulnerability
Exploit for macOS platform in category local exploits MacOS X 10.14.5 Gatekeeper Bypass OVERVIEW On MacOS X version = 10.14.5 at time of writing it is possible to easily bypass Gatekeeper in order to execute untrusted code without any warning or user's explicit permission. Gatekeeper is a mechani...
MacOS X 10.14.5 Gatekeeper Bypass
OVERVIEW On MacOS X version = 10.14.5 at time of writing it is possible to easily bypass Gatekeeper in order to execute untrusted code without any warning or user's explicit permission. Gatekeeper is a mechanism developed by Apple and included in MacOS X since 2012 that enforces code signing and...