298 matches found
Apple IntelHD5000 Graphics Delete Resource Privilege Escalation Vulnerability
Summary A memory corruption vulnerability exists in the IntelHD5000 kernel extension when dealing with graphics resources inside of OSX 10.13.4. A library inserted into the VLC media application can cause an out-of-bounds access inside of the KEXT leading to a use after free and invalid memory...
Apple tvOS IOKit Memory Corruption Vulnerability
Apple tvOS is an operating system for Smart TVs from Apple Inc. in the U.S. IOKit is one of the components that reads system information. A security vulnerability exists in the IOKit component of Apple tvOS prior to version 12. An attacker can exploit this vulnerability to execute arbitrary code...
Apple macOS memory corruption vulnerability (CNVD-2018-22954)
macOS is Apple's proprietary operating system for the Mac line of products. A memory corruption vulnerability exists in the IOKit component in Apple macOS Sierra 10.12.6, macOS High Sierra 10.13.6. The vulnerability can be exploited by malicious applications to break out of sandboxing restriction...
Apple macOS memory corruption vulnerability (CNVD-2018-22953)
macOS is Apple's proprietary operating system for the Mac line of products. A memory corruption vulnerability exists in the IOKit component in Apple macOS Sierra 10.12.6, macOS High Sierra 10.13.6. The vulnerability can be exploited by malicious applications to break out of sandboxing restriction...
macOS and Mac OS X Multiple Vulnerabilities (Security Update 2018-005)
The remote host is running Mac OS X 10.12.6 and is missing a security update. It is therefore, affected by multiple vulnerabilities affecting the following components : - afpserver - AppleGraphicsControl - APR - ATS - CFNetwork - CoreAnimation - CoreCrypto - CoreFoundation - CUPS - Dictionary -...
macOS 10.14.x < 10.14.1 Multiple Vulnerabilities
The remote host is running a version of macOS / Mac OS X that is 10.14.x prior to 10.14.1. It is, therefore, affected by multiple vulnerabilities related to the following components : -AppleGraphicsControl -CoreAnimation -CoreCrypto -Dock -dyld -EFI -ICU -IOGraphics -IOKit -IPSec -Kernel -Mail...
Apple macOS mDNSOffloadUserClient Race Condition Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the...
About the security content of tvOS 11.2 - Apple Support
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...
macOS < 10.14 Multiple Vulnerabilities
The remote host is running a version of Mac OS X that is prior to 10.13.6 or is not macOS 10.14. It is, therefore, affected by multiple vulnerabilities in the following components : - afpserver - AppleGraphicsControl - Application Firewall - App Store - APR - ATS - Auto Unlock - Bluetooth -...
Deja-XNU
Posted by Ian Beer, Google Project Zero This blog post revisits an old bug found by Pangu Team and combines it with a new, albeit very similar issue I recently found to try to build a "perfect" exploit for iOS 7.1.2. State of the art An idea I've wanted to play with for a while is to revisit old...
CVE-2017-7162
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context or cause ...
CVE-2017-7162
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context or cause ...
Memory corruption
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context or cause ...
CVE-2017-13858
An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app...
CVE-2017-13858
An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app...
CVE-2017-13848
An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app...
CVE-2017-13847
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service memory corruption via a crafted app...
CVE-2017-13847
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service memory corruption via a crafted app...
Code injection
An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app...
Code injection
An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app...