Lucene search
K

726 matches found

Tenable Nessus
Tenable Nessus
added 2019/05/15 12:0 a.m.45 views

macOS and Mac OS X Multiple Vulnerabilities (Security Update 2019-003)

The remote host is running Mac OS X 10.12.6 or Mac OS X 10.13.6 and is missing a security update. It is, therefore, affected by multiple vulnerabilities : - An application may be able to read restricted memory CVE-2019-8603, CVE-2019-8560 - An application may be able to execute arbitrary code wit...

9.8CVSS8.3AI score0.19963EPSS
Exploits12References45
CNVD
CNVD
added 2019/03/28 12:0 a.m.4 views

Apple macOS Mojave Bom Security Bypass Vulnerability

Apple macOS Mojave is a specialized operating system developed by Apple for Mac computers.Bom is a Byte Order Mark component. A security vulnerability exists in the Bom component of Apple macOS Mojave versions prior to 10.14.4. An attacker can exploit this vulnerability with a malicious applicati...

7.8CVSS6.5AI score0.00297EPSS
Exploits0References1
Malwarebytes
Malwarebytes
added 2019/02/21 4:0 p.m.153 views

How does macOS protect against malware?

Mac users often are told that "Macs don't get viruses." This is not really true, of course. Macs can and do get infected. However, it is true that macOS provides some basic protection against malware. This protection can be quite effective in some ways, but, unfortunately, quite ineffective in...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2019/02/12 7:8 a.m.187 views

Beware!! New Windows .exe Malware Found Targeting macOS Computers

A malicious Windows EXE file can even infect your Mac computer as well. Yes, you heard me right — a .exe malware on macOS. Security researchers at antivirus firm Trend Micro have discovered a novel way hackers are using in the wild to bypass Apple's macOS security protection and infect Mac...

1.3AI score
Exploits0
The Hacker News
The Hacker News
added 2019/02/12 7:8 a.m.2 views

Beware!! New Windows .exe Malware Found Targeting macOS Computers

A malicious Windows EXE file can even infect your Mac computer as well. Yes, you heard me right — a .exe malware on macOS. Security researchers at antivirus firm Trend Micro have discovered a novel way hackers are using in the wild to bypass Apple's macOS security protection and infect Mac...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2019/01/23 2:8 p.m.48 views

Mail.ru: ICQ for macOS: lack of `com.apple.quarantine` meta-attribute on downloaded files leads to GateKeeper/Quarantine bypass for downloaded executables

Summary Quarantine & GateKeeper are important macOS security mechanisms, which prevent user/device from running unsigned executables and warn users about executables downloaded from the remote. Conceptually, Quarantine & GateKeeper are similar to MOTW on Windows. Applications that could download...

1.7AI score
Exploits0
Hacker One
Hacker One
added 2018/12/21 4:40 p.m.37 views

Slack: User-assisted RCE in Slack for macOS (from official site) due to improper quarantine meta-attribute handling for downloaded files

Summary GateKeeper/Quarantine bypass for downloaded files Lack of com.apple.quarantine meta-attribute for downloaded files allows a remote attacker to send an executable file that won't be checked by Gatekeeper . File opening doesn't trigger native alerts from GateKeeper/Quarantine Downloaded...

2.6AI score
Exploits0
Into the symmetry
Into the symmetry
added 2018/12/11 1:58 p.m.136 views

Persistent XSRF on Kubernetes Dashboard using Redhat Keycloak Gatekeeper on Microsof Azure

tl;dr I found an XSRF in the OAuth implementation of Redhat Keycloak Gatekeeper. This would be a bit worse for people using Gatekeeper to protect their Kubernetes Dashboard especially in Microsof Azure. The Issue in Keycloak Gatekeeper Keycloak Gatekeeper is an OpenID Proxy service for Keycloak, ...

7.2AI score
Exploits0
Hacker One
Hacker One
added 2018/10/29 9:4 p.m.24 views

Keybase: Keybase client: downloaded executables lack "com.apple.quarantine" meta-attribute [macOS]

Summary 1. Missing quarantine attribute for downloaded files allows remote attacker to send executable file that won't be checked by Gatekeeper codesign bypass. 2. Since sent executable files lack com.apple.quarantine meta-attribute, no alert about launching executable file from the web will be...

2.2AI score
Exploits0
Hacker One
Hacker One
added 2018/06/30 1:4 a.m.23 views

Brave Software: Lack of quarantine meta-attribute for downloaded files leads to GateKeeper bypass

Summary: Executable files downloaded through Brave don't have quarantine attribute. That means it's possible to launch any executable bypassing codesigning + quarantine. However, later I found that Brave has already tracked similar report but only in the context of .pkg files. Additionally, Brave...

0.8AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2018/06/18 9:29 p.m.39 views

Is My Mac Secure from Malware and Viruses?

Do you own a Mac? If so, you might have the common perception that they’re more secure from internet threats than Windows PCs. Unfortunately, this isn’t the case. The truth is that Macs have historically not been targeted by hackers as frequently as Windows systems, simply because there were fewe...

6.7AI score
Exploits0
CNVD
CNVD
added 2018/06/08 12:0 a.m.2 views

Multiple F-Secure Internet Gatekeeper Products Information Disclosure Vulnerabilities

F-Secure Internet Gatekeeper is an antivirus product released by a Finnish antivirus vendor. An information disclosure vulnerability exists in several F-Secure Internet Gatekeeper products. An attacker could obtain sensitive information and launch other attacks...

6.2AI score
Exploits0References1
ThreatPost
ThreatPost
added 2017/09/29 9:0 a.m.16 views

On the macOS Keychain Attack, Signal’s New Contact Service, the Deloitte Hack, and More

Mike Mimoso and Chris Brook recap the news of the week, including the macOS Keychain attack, Signal’s new private contact discovery service, the Deloitte hack, and a handful of mobile stock trading app vulnerabilities. Download: ThreatpostNewsWrapSeptember292017.mp3 Music by Chris Gonsalves Show...

1.9AI score
Exploits0References8
ThreatPost
ThreatPost
added 2017/09/27 1:48 p.m.9 views

Gatekeeper Alone Won’t Mitigate Apple Keychain Attack

Apple’s advice to rely on Gatekeeper as a mitigation against a Keychain attack disclosed this week by researcher Patrick Wardle doesn’t fully address the risk. Experts, Wardle included, said that while Gatekeeper is a solid measure in preventing unsigned code from executing on a macOS machine, it...

6.9AI score
Exploits0References4
ThreatPost
ThreatPost
added 2017/09/26 2:0 p.m.9 views

macOS High Sierra Available—And Vulnerable to Keychain Attack

Apple made its latest OS update available Monday, but the release of High Sierra was tainted somewhat by the fact it comes replete with a critical vulnerability that allows an attacker to dump plaintext passwords from the macOS Keychain. Researcher Patrick Wardle, chief security researcher at...

0.1AI score
Exploits0References4
ThreatPost
ThreatPost
added 2017/08/09 2:25 p.m.25 views

Signed Mughthesec Adware Hijacking Macs for Profit

A variant of an older piece of adware built for Macs called OperatorMac has been seen in the wild, and while like most adware it tries to turn a profit, it also illustrates some defensive shortcomings native to Apple’s ecosystem and the industry. Components of the new strain, which is called...

7.5AI score
Exploits0References4
ThreatPost
ThreatPost
added 2017/05/01 5:57 p.m.11 views

Apple Revokes Certificate Used By OSX/Dok Malware

Apple revoked a legitimate developer certificate used by hackers behind malware dubbed OSX/Dok, which was able to eavesdrop on secure HTTPS traffic of infected systems. On Sunday, Apple also rolled out an update to its XProtect built-in antimalware software to fend off existing and upcoming...

0.5AI score
Exploits0References2
The Hacker News
The Hacker News
added 2017/04/27 9:57 p.m.16 views

New MacOS Malware, Signed With Legit Apple ID, Found Spying On HTTPS Traffic

Many people believe that they are much less likely to be bothered by malware if they use a Mac computer, but is it really true? Unfortunately, No. According to the McAfee Labs, malware attacks on Apple's Mac computers were up 744% in 2016, and its researchers have discovered nearly 460,000 Mac...

7AI score
Exploits0
Symantec
Symantec
added 2016/09/29 12:0 a.m.202 views

Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability

Description Apache MyFaces Trinidad is prone to a security vulnerability. Successfully exploiting this issue allows attackers to obtain sensitive information or execute arbitrary code in the context of the affected application. Apache MyFaces Trinidad 1.2.14-core , 1.0.13-core , 2.0.1-core and...

7.5CVSS1AI score0.07958EPSS
Exploits1References4Affected Software7
ThreatPost
ThreatPost
added 2016/06/20 9:0 a.m.13 views

Patrick Wardle on macOS Gatekeeper, Crypto Enhancements

At last week’s Apple Worldwide Developer Conference, Apple announced some security upgrades around Gatekeeper and a new filesystem that includes native support for encryption. Mac hacker Patrick Wardle, director of research at Synack, explains whether this a big deal and how the upgrades address...

0.4AI score
Exploits0References2
Rows per page
Query Builder