Memory corruption

An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service memory corruption via a crafted app...

CVE-2017-13848

CVE-2017-13848 affects macOS before 10.13.2, via IOKit, allowing an attacker to run arbitrary code in a privileged context with a crafted app. Connected sources confirm IOKit is the vulnerable component and that Apple released 10.13.2 Security Update to address multiple issues; remediation is to ...

CVE-2017-7162

An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context or cause ...

CVE-2017-13858

An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app...

CVE-2017-13847

An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service memory corruption via a crafted app...

CVE-2017-13847

CVE-2017-13847 is a memory corruption/privilege escalation issue in Apple’s IOKit affecting iOS <11.2 and macOS

CVE-2017-13848

An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app...

CVE-2017-7162

CVE-2017-7162 is an IOKit memory-corruption vulnerability affecting Apple devices (iOS before 11.2, macOS before 10.13.2, tvOS before 11.2, watchOS before 4.2) that could allow a crafted app to execute arbitrary code with kernel/privileged privileges or cause a denial of service. The Apple securi...

CVE-2017-13858

CVE-2017-13858 affects macOS High Sierra (macOS before 10.13.2) with an input validation issue in IOKit that could allow an attacker with local access to execute arbitrary code in a privileged context via a crafted app. Connected sources (Apple security content HT208331, and OpenVAS/Nessus listin...

PT-2017-13147

Name of the Vulnerable Software and Affected Versions iOS versions prior to 11.2 macOS versions prior to 10.13.2 Description The issue involves the IOKit component and allows attackers to execute arbitrary code in a privileged context or cause a denial of service memory corruption via a crafted...

iOS/MacOS kernel double free due to IOSurfaceRootUserClient not respecting MIG ownership rules(CVE-2017-13861)

I have previously detailed the lifetime management paradigms in MIG in the writeups for: CVE-2016-7612 https://bugs.chromium.org/p/project-zero/issues/detail?id=926 and CVE-2016-7633 https://bugs.chromium.org/p/project-zero/issues/detail?id=954 If a MIG method returns KERNSUCCESS it means that th...

MacOS/iOS multiple kernel UAFs due to incorrect IOKit object lifetime management in IOTimeSyncClockManagerUserClient(CVE-2017-13847)

IOTimeSyncClockManagerUserClient provides the userspace interface for the IOTimeSyncClockManager IOService. IOTimeSyncClockManagerUserClient overrides the IOUserClient::clientClose method but it treats it like a destructor. IOUserClient::clientClose is not a destructor and plays no role in the...

Apple macOS/iOS - Multiple Kernel Use-After-Frees due to Incorrect IOKit Object Lifetime Management in IOTimeSyncClockManagerUserClient

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1377 IOTimeSyncClockManagerUserClient provides the userspace interface for the IOTimeSyncClockManager IOService. IOTimeSyncClockManagerUserClient overrides the IOUserClient::clientClose method but it treats it like a destructor...

Apple macOSiOS - Multiple Kernel Use-After-Frees due to Incorrect IOKit Object Lifetime Management in IOTimeSyncClockManagerUserClient

Apple macOSiOS - Multiple Kernel Use-After-Frees due to Incorrect IOKit Object Lifetime Management in IOTimeSyncClockManagerUserClient / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1377 IOTimeSyncClockManagerUserClient provides the userspace interface for the...

macOS / iOS - Multiple Kernel Use-After-Frees due to Incorrect IOKit Object Lifetime Management in I

Exploit for multiple platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1377 IOTimeSyncClockManagerUserClient provides the userspace interface for the IOTimeSyncClockManager IOService. IOTimeSyncClockManagerUserClient overrides the...

Apple macOS/iOS - Kernel Double Free due to IOSurfaceRootUserClient not Respecting MIG Ownership Rules

I have previously detailed the lifetime management paradigms in MIG in the writeups for: CVE-2016-7612 https://bugs.chromium.org/p/project-zero/issues/detail?id=926 and CVE-2016-7633 https://bugs.chromium.org/p/project-zero/issues/detail?id=954 If a MIG method returns KERNSUCCESS it means that th...

Apple macOSiOS - Kernel Double Free due to IOSurfaceRootUserClient not Respecting MIG Ownership Rules

Apple macOSiOS - Kernel Double Free due to IOSurfaceRootUserClient not Respecting MIG Ownership Rules I have previously detailed the lifetime management paradigms in MIG in the writeups for: CVE-2016-7612 https://bugs.chromium.org/p/project-zero/issues/detail?id=926 and CVE-2016-7633...

Apple macOS High Sierra IOKit component input validation vulnerability (CNVD-2018-00184)

Apple macOS High Sierra is a specialized operating system developed by Apple for Mac computers.IOKit is one of the components that reads system information. An input validation vulnerability exists in the IOKit component in Apple macOS High Sierra versions prior to 10.13.2. An attacker can exploi...

macOS and Mac OS X Multiple Vulnerabilities (Security Update 2017-002 and 2017-005)

The remote host is running Mac OS X 10.11.6 or Mac OS X 10.12.6 and is missing a security update. It is therefore, affected by multiple vulnerabilities affecting the following components : - apache - curl - IOAcceleratorFamily - IOKit - Kernel - OpenSSL - Screen Sharing Server C Tenable Network...

macOS 10.13.x < 10.13.2 Multiple Vulnerabilities (Meltdown)

The remote host is running a version of Mac OS X that is 10.13.x prior to 10.13.2. It is, therefore, affected by multiple vulnerabilities in the following components : - apache - curl - Directory Utility - IOAcceleratorFamily - IOKit - Intel Graphics Driver - Kernel - Mail - Mail Drafts - OpenSSL...