Lucene search
K

726 matches found

CVE
CVE
added 2019/12/18 5:33 p.m.66 views

CVE-2019-8589

CVE-2019-8589 concerns the macOS DesktopServices component. The issue could allow a malicious application to bypass Gatekeeper checks, as described in the CVE entry. Explicit details from connected sources show the vulnerability affects macOS Mojave deployments and is addressed by the macOS Mojav...

5.5CVSS5.7AI score0.00735EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/12/18 5:33 p.m.18 views

CVE-2019-8589

This issue was addressed with improved checks. This issue is fixed in macOS Mojave 10.14.5. A malicious application may bypass Gatekeeper checks...

5.5AI score0.00735EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/12/18 5:33 p.m.17 views

CVE-2019-6239

This issue was addressed with improved handling of file metadata. This issue is fixed in macOS Mojave 10.14.4. A malicious application may bypass Gatekeeper checks...

7.2AI score0.00297EPSS
Exploits0References2
CVE
CVE
added 2019/12/18 5:33 p.m.74 views

CVE-2019-6239

CVE-2019-6239 concerns a security bypass in macOS Mojave prior to 10.14.4. The issue, tracked in the Bom component, stems from how file metadata is handled, allowing a malicious application to bypass Gatekeeper checks. Apple’s Security Update 2019-002 (macOS Mojave 10.14.4) addresses this by impr...

7.8CVSS7.2AI score0.00297EPSS
Exploits0References2Affected Software1
Hacker One
Hacker One
added 2019/11/02 2:32 a.m.19 views

LY Corporation: Path traversal in filename in LINE Mac client

Initially, @hackerontwowheels and @renekroka discovered that by using a path traversal payload combined with to block out the file extension, arbitrary, pre-installed applications could be executed. It was not possible to provide additional arguments to these applications, however. The payload us...

8AI score
Exploits0
NVD
NVD
added 2019/09/05 10:15 p.m.21 views

CVE-2019-2115

In GateKeeper::MintAuthToken of gatekeeper.cpp in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS7.9AI score0.00269EPSS
Exploits0References1
OSV
OSV
added 2019/09/05 10:15 p.m.3 views

CVE-2019-2115

In GateKeeper::MintAuthToken of gatekeeper.cpp in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS7.2AI score0.00269EPSS
Exploits0References1
Prion
Prion
added 2019/09/05 10:15 p.m.19 views

Double free

In GateKeeper::MintAuthToken of gatekeeper.cpp in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...

7.2CVSS7.8AI score0.00269EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/09/05 9:38 p.m.17 views

CVE-2019-2115

In GateKeeper::MintAuthToken of gatekeeper.cpp in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...

7.9AI score0.00269EPSS
Exploits0References1
CVE
CVE
added 2019/09/05 9:38 p.m.151 views

CVE-2019-2115

CVE-2019-2115 affects Google Android GateKeeper:MintAuthToken in gatekeeper.cpp across Android 7.1.1–9. The issue is memory corruption due to a double free, enabling local privilege escalation to the System level without user interaction. Affected component: GateKeeper/auth token generation path....

7.8CVSS7.8AI score0.00269EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/07/26 12:0 a.m.72 views

macOS Sierra / High Sierra Multiple Vulnerabilities (Security Update 2019-004)

The remote host is running Mac OS X 10.12.6 or Mac OS X 10.13.6 and is missing a security update. It is, therefore, affected by multiple vulnerabilities : - An application may be able to read restricted memory CVE-2019-8691, CVE-2019-8692, CVE-2019-8693 - Extracting a zip file containing a symbol...

9.8CVSS7.7AI score0.17444EPSS
Exploits15References43
Tenable Nessus
Tenable Nessus
added 2019/07/26 12:0 a.m.69 views

macOS 10.14.x < 10.14.6 Multiple Vulnerabilities

The remote host is running a version of macOS / Mac OS X that is 10.14.x prior to 10.14.6. It is, therefore, affected by multiple vulnerabilities : - An application may be able to read restricted memory CVE-2019-8691, CVE-2019-8692, CVE-2019-8693 - Extracting a zip file containing a symbolic link...

9.8CVSS7.6AI score0.17444EPSS
Exploits15References43
CNVD
CNVD
added 2019/07/25 12:0 a.m.4 views

Unspecified vulnerability in Apple macOS Mojave autofs component

Apple macOS Mojave is a specialized operating system developed by Apple for Mac computers. autofs is a file system automount component. A security vulnerability exists in the autofs component of Apple macOS Mojave versions prior to 10.14.6. An attacker could exploit this vulnerability to bypass...

5.5CVSS6.5AI score0.0149EPSS
Exploits0References1
Wired Threat Level
Wired Threat Level
added 2019/06/26 9:16 p.m.87 views

Hackers Are Poking at a MacOS Gatekeeper Flaw Apple Left Unfixed

The clock's ticking to fix a Gatekeeper bug that would let hackers slip malware onto your computer undetected...

2.7AI score
Exploits0
ThreatPost
ThreatPost
added 2019/06/25 6:34 p.m.105 views

Newly-Discovered Malware Targets Unpatched MacOS Flaw

Researchers have discovered never-before-seen Mac malware samples, which they believe are being developed to target a recently-disclosed vulnerability in the MacOS operating system. The vulnerability, a bypass that was disclosed in May and has yet to be patched by Apple, exists in the MacOS...

Exploits0References6
The Hacker News
The Hacker News
added 2019/06/25 12:30 p.m.1 views

New Mac Malware Exploits GateKeeper Bypass Bug that Apple Left Unpatched

Cybersecurity researchers from Intego are warning about possible active exploitation of an unpatched security vulnerability in Apple's macOS Gatekeeper security feature details and PoC for which were publicly disclosed late last month. Intego team last week discovered four samples of new macOS...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2019/06/25 12:30 p.m.96 views

New Mac Malware Exploits GateKeeper Bypass Bug that Apple Left Unpatched

Cybersecurity researchers from Intego are warning about possible active exploitation of an unpatched security vulnerability in Apple's macOS Gatekeeper security feature details and PoC for which were publicly disclosed late last month. Intego team last week discovered four samples of new macOS...

1.3AI score
Exploits0
ThreatPost
ThreatPost
added 2019/05/28 5:5 p.m.91 views

Gatekeeper Bug in MacOS Mojave Allows Malware to Execute

Researcher Filippo Cavallarin disclosed a bug in the macOS security feature Gatekeeper that allows malicious code execution on systems running the most recent version of Mojave 10.14.0. MacOS Gatekeeper is an Apple security feature that enforces code signing and verifies downloads and apps before...

7.6AI score
Exploits0References4
0day.today
0day.today
added 2019/05/28 12:0 a.m.67 views

MacOS X 10.14.5 Gatekeeper Bypass Vulnerability

Exploit for macOS platform in category local exploits MacOS X 10.14.5 Gatekeeper Bypass OVERVIEW On MacOS X version = 10.14.5 at time of writing it is possible to easily bypass Gatekeeper in order to execute untrusted code without any warning or user's explicit permission. Gatekeeper is a mechani...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2019/05/27 12:0 a.m.62 views

MacOS X 10.14.5 Gatekeeper Bypass

OVERVIEW On MacOS X version = 10.14.5 at time of writing it is possible to easily bypass Gatekeeper in order to execute untrusted code without any warning or user's explicit permission. Gatekeeper is a mechanism developed by Apple and included in MacOS X since 2012 that enforces code signing and...

Exploits0
Rows per page
Query Builder