About the security content of iOS 9.2.1 - Apple Support

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website. For information about...

Apple iOS < 10.2 Multiple Vulnerabilities

Binary data 9847.prm...

MacOS Kernel 10.12.1 - Writable Privileged IOKit Registry Properties Code Execution Exploit

Exploit for macOS platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=974 There are two ways for IOServices to define their IOUserClient classes: they can override IOService::newUserClient and allocate the correct type themselves or they can set the...

Apple macOS 10.12.1 Kernel - Writable Privileged IOKit Registry Properties Code Execution

Apple macOS 10.12.1 Kernel - Writable Privileged IOKit Registry Properties Code Execution / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=974 There are two ways for IOServices to define their IOUserClient classes: they can override IOService::newUserClient and allocate the...

Apple macOS 10.12.1 Kernel - Writable Privileged IOKit Registry Properties Code Execution

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=974 There are two ways for IOServices to define their IOUserClient classes: they can override IOService::newUserClient and allocate the correct type themselves or they can set the IOUserClientClass key in their registry entry. Th...

MacOS Kernel 10.12.1 - Writable Privileged IOKit Registry Properties Code Execution Exploit

Exploit for macOS platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=974 There are two ways for IOServices to define their IOUserClient classes: they can override IOService::newUserClient and allocate the correct type themselves or they can set the...

Multiple Apple Products IOKit Component Memory Leak Vulnerability

Apple iOS, watchOS, macOS, and tvOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices; watchOS is a smartwatch operating system; and IOKit is a component that reads system information. A security vulnerability exists in the IOKit component of several Apple...

Mac OS X 10.x < 10.12.2 Multiple Vulnerabilities

Binary data 9840.prm...

Apple macOS Sierra IOKit Component Memory Corruption Vulnerability

Apple macOS Sierra is a specialized operating system developed by Apple for Mac computers.IOKit is one of the components that reads system information. A security vulnerability exists in the IOKit component in Apple macOS Sierra versions prior to 10.12.2. An attacker could exploit the vulnerabili...

Apple iOS < 10.2 Multiple Vulnerabilities

Binary data appleios102check.nbin...

Apple OS X IOKit Privilege Escalation Vulnerability

This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within of the...

Apple Mac OS X Multiple Vulnerabilities-02 (Nov 2016)

Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apple TV < 10.0.1 Multiple Vulnerabilities

Binary data 9757.prm...

Apple OS X Kernel - IOBluetoothFamily.kext Use-After-Free Exploit

Exploit for macOS platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=830 When you create a new IOKit user client from userspace you call: kernreturnt IOServiceOpen ioservicet service, taskportt owningTask, uint32t type, ioconnectt connect ; The...

MacOS 10.12 - 'task_t' Privilege Escalation Exploit

Exploit for macOS platform in category local exploits Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=837 TL;DR you cannot hold or use a task struct pointer and expect the euid of that task to stay the same. Many many places in the kernel do this and there are a great many very...

Apple OS X Kernel - IOBluetoothFamily.kext Use-After-Free

Apple OS X Kernel - IOBluetoothFamily.kext Use-After-Free / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=830 When you create a new IOKit user client from userspace you call: kernreturnt IOServiceOpen ioservicet service, taskportt owningTask, uint32t type, ioconnectt connect ;...

Apple OS X Kernel - IOBluetoothFamily.kext Use-After-Free

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=830 When you create a new IOKit user client from userspace you call: kernreturnt IOServiceOpen ioservicet service, taskportt owningTask, uint32t type, ioconnectt connect ; The owningTask mach port gets converted into a task struc...

Apple macOS 10.12 - task_t Local Privilege Escalation

Apple macOS 10.12 - taskt Local Privilege Escalation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=837 TL;DR you cannot hold or use a task struct pointer and expect the euid of that task to stay the same. Many many places in the kernel do this and there are a great many very...

Apple macOS 10.12 - &#039;task_t&#039; Local Privilege Escalation

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=837 TL;DR you cannot hold or use a task struct pointer and expect the euid of that task to stay the same. Many many places in the kernel do this and there are a great many very exploitable bugs as a result. taskt is just a typedef...

Apple TV < 10.0.1 Multiple Vulnerabilities

According to its banner, the version of Apple TV on the remote device is prior to 10.0.1. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in WebKit when handling the location attribute that allows an unauthenticated, remote attacker to bypass the cross-origin policies and...