Apple macOS PackageKit PKCoreShove Link Following System Integrity Protection Bypass Vulnerability

This vulnerability allows local attackers to bypass System Integrity Protection on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within PackageKi...

MEGA claims it can’t decrypt your files. But someone’s managed to…

MEGA, the cloud storage provider and file hosting service, is very proud of its end-to-end encryption. It says it couldnt decrypt your stored files, even if it wanted to. “All your data on MEGA is encrypted with a key derived from your password; in other words, your password is your main encrypti...

Improper Authentication in Apache Tomcat

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability th...

CVE-2021-46559

The firmware on Moxa TN-5900 devices through 3.1 has a weak algorithm that allows an attacker to defeat an inspection mechanism for integrity protection...

CVE-2021-46559

The firmware on Moxa TN-5900 devices through 3.1 has a weak algorithm that allows an attacker to defeat an inspection mechanism for integrity protection...

CVE-2021-46559

The firmware on Moxa TN-5900 devices through 3.1 has a weak algorithm that allows an attacker to defeat an inspection mechanism for integrity protection...

Information disclosure

The firmware on Moxa TN-5900 devices through 3.1 has a weak algorithm that allows an attacker to defeat an inspection mechanism for integrity protection...

Moxa Tn-5900 数据伪造问题漏洞

MOXA Moxa Tn-5900 is a series of En50155 wall mount routers from China-based Moxa MOXA. The Moxa TN-5900 is vulnerable to a data forgery issue, which stems from a weak algorithm in the firmware on Moxa TN-5900 devices via 3.1. An attacker could exploit this vulnerability to corrupt the integrity...

PT-2022-15540 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to Monterey 12.2 macOS versions prior to Big Sur 11.6.3 macOS Catalina versions prior to Security Update 2022-001 Description: A permissions issue was addressed with improved validation, allowing an application to...

New macOS vulnerability, “powerdir,” could lead to unauthorized user data access

Following our discovery of the “Shrootless” vulnerability, Microsoft uncovered a new macOS vulnerability, “powerdir,” that could allow an attacker to bypass the operating system’s Transparency, Consent, and Control TCC technology, thereby gaining unauthorized access to a user’s protected data. We...

PT-2021-6068 · Moxa · Moxa Tn-5900

Name of the Vulnerable Software and Affected Versions: Moxa TN-5900 devices through 3.1 Description: The issue is related to a weak algorithm used in the firmware of Moxa TN-5900 devices, which can be exploited by an attacker to defeat an inspection mechanism for integrity protection. This weakne...

macOS flaw allowed attackers to install persistent, undetectable malware

By Deeba Ahmed The vulnerability was identified in System Integrity Protection SIP within the macOS ecosystem. This is a post from HackRead.com Read the original post: macOS flaw allowed attackers to install persistent, undetectable malware...

New 'Shrootless' Bug Could Let Attackers Install Rootkit on macOS Systems

Microsoft on Thursday disclosed details of a new vulnerability that could allow an attacker to bypass security restrictions in macOS and take complete control of the device to perform arbitrary operations on the device without getting flagged by traditional security solutions. Dubbed "Shrootless"...

Microsoft finds new macOS vulnerability, Shrootless, that could bypass System Integrity Protection

Microsoft has discovered a vulnerability that could allow an attacker to bypass System Integrity Protection SIP in macOS and perform arbitrary operations on a device. We also found a similar technique that could allow an attacker to elevate their privileges to root an affected device. We shared...

Microsoft finds new macOS vulnerability, Shrootless, that could bypass System Integrity Protection

Microsoft has discovered a vulnerability that could allow an attacker to bypass System Integrity Protection SIP in macOS and perform arbitrary operations on a device. We also found a similar technique that could allow an attacker to elevate their privileges to root an affected device. We shared...

CVE-2021-30826

A logic issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15. In certain situations, the baseband would fail to enable integrity and ciphering protection...

CVE-2021-30826

A logic issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15. In certain situations, the baseband would fail to enable integrity and ciphering protection...

Code injection

A logic issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15. In certain situations, the baseband would fail to enable integrity and ciphering protection...

CVE-2021-30826

A logic issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15. In certain situations, the baseband would fail to enable integrity and ciphering protection...

CVE-2021-30826

A logic issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15. In certain situations, the baseband would fail to enable integrity and ciphering protection...