88 matches found
(Pwn2Own) Apple OS X IntelAccelerator Out-Of-Bounds Indexing Privilege Escalation Vulnerability
This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the...
CVE-2015-7052
CVE-2015-7052 affects Apple OS X before 10.11.2 where kext tools mishandle kernel-extension loading, enabling local users to gain privileges via unspecified vectors. The vulnerability stems from the kernel-extension loading path, with an update shipped in OS X 10.11.2 to mitigate. Practical impac...
Mac OS X Multiple Vulnerabilities (Security Updates 2015-005 / 2015-008)
The remote host is running a version of Mac OS X 10.9.5 or 10.10.5 that is missing Security Update 2015-005 or 2015-008. It is, therefore, affected by multiple vulnerabilities in the following components : - apachemodphp - AppSandbox - Bluetooth - CFNetwork HTTPProtocol - Compression -...
Mac OS X 10.11.x < 10.11.2 Multiple Vulnerabilities
The remote host is running a version of Mac OS X that is 10.11.x prior to 10.11.2. It is, therefore, affected by multiple vulnerabilities in the following components : - apachemodphp - AppSandbox - Bluetooth - CFNetwork HTTPProtocol - Compression - Configuration Profiles - CoreGraphics - CoreMedi...
Mac OS X < 10.10.4 Multiple Vulnerabilities
Binary data 8801.prm...
OS X 10.10 - DYLD_PRINT_TO_FILE Local Privilege Escalation
DYLDPRINTTOFILE local privilege escalation vulnerability in OS X 10.10 - 10.10.4 !/bin/sh Simple Proof of Concept Exploit for the DYLDPRINTTOFILE local privilege escalation vulnerability in OS X 10.10 - 10.10.4 C Copyright 2015 Stefan Esser Wait months for a fix from Apple or install the followin...
Apple OSX 10.10 DYLD_PRINT_TO_FILE Local Privilege Escalation Exploit
Exploit for macOS platform in category local exploits !/bin/sh Simple Proof of Concept Exploit for the DYLDPRINTTOFILE local privilege escalation vulnerability in OS X 10.10 - 10.10.4 C Copyright 2015 Stefan Esser Wait months for a fix from Apple or install the following KEXT as protection...
Race condition
Race condition in kext tools in Apple OS X before 10.10.4 allows local users to bypass intended signature requirements for kernel extensions by leveraging improper pathname validation...
CVE-2015-3709
CVE-2015-3709 refers to a TOCTOU race condition in Apple’s kext tools on macOS OS X Yosemite prior to 10.10.4. The flaw occurs during kernel-extension path validation, allowing a local user to bypass signature checks and load unsigned kernel extensions. Public details in connected docs indicate t...
CVE-2015-3708
kextd in kext tools in Apple OS X before 10.10.4 allows attackers to write to arbitrary files via a crafted app that conducts a symlink attack...
Mac OS X 10.10.x < 10.10.4 Multiple Vulnerabilities (GHOST) (Logjam)
The remote host is running a version of Mac OS X 10.10.x that is prior to 10.10.4. It is, therefore, affected multiple vulnerabilities in the following components : - Admin Framework - afpserver - apache - AppleFSCompression - AppleGraphicsControl - AppleThunderboltEDMService - ATS - Bluetooth -...
Mac OS X Multiple Vulnerabilities (Security Update 2015-005) (GHOST) (Logjam)
The remote host is running a version of Mac OS X 10.8.5 or 10.9.5 that is missing Security Update 2015-005. It is, therefore, affected multiple vulnerabilities in the following components : - Admin Framework - afpserver - apache - AppleFSCompression - AppleGraphicsControl -...
Apple Mac OSX 10.9.5 - IOKit IntelAccelerator Null Pointer Dereference
Apple Mac OSX 10.9.5 - IOKit IntelAccelerator Null Pointer Dereference // clang -o ig23exploit ig23exploit.c -framework IOKit -framework CoreFoundation -m32 -DFORTIFYSOURCE=0 // ianbeer include include include include include include include include uint64t kernelsymbolchar sym char cmd1024;...
OS X 10.9.5 IOKit IntelAccelerator NULL Pointer Dereference
Exploit for iOS platform in category local exploits // clang -o ig23exploit ig23exploit.c -framework IOKit -framework CoreFoundation -m32 -DFORTIFYSOURCE=0 // ianbeer include include include include include include include include uint64t kernelsymbolchar sym char cmd1024; strcpycmd, "nm -g...
Apple Mac OSX 10.9.5 - IOKit IntelAccelerator Null Pointer Dereference
// clang -o ig23exploit ig23exploit.c -framework IOKit -framework CoreFoundation -m32 -DFORTIFYSOURCE=0 // ianbeer include include include include include include include include uint64t kernelsymbolchar sym char cmd1024; strcpycmd, "nm -g /machkernel | grep "; strcatcmd, sym; strcatcmd, " | cut...
VMWare Fusion <= 2.0.5 vmx86 kext local PoC
No description provided by source. / vmware-pop.c Copyright c 2009 by [email protected] VMware Fusion = 2.0.5 vmx86 kext local denial of service POC by mu-b - Mon 22 June 2009 - Tested on: VMware Fusion 2.0.4 10.5.x VMware Fusion 2.0.5 10.5.x http://seclists.org/fulldisclosure/2009/Oct/29...
VMWare Fusion <= 2.0.5 vmx86 kext local kernel root exploit
No description provided by source. / vmware-fission.c Copyright c 2009 by [email protected] VMware Fusion = 2.0.5 vmx86 kext local kernel root exploit by mu-b - Tue 23 June 2009 - Tested on: VMware Fusion 2.0.4 10.5.x VMware Fusion 2.0.5 10.5.x http://seclists.org/fulldisclosure/2009/Oct/29...
Mac OS X 10.x < 10.9 Multiple Vulnerabilities (BEAST)
The remote host is running a version of Mac OS X 10.x that is prior to version 10.9. The newer version contains multiple security-related fixes for the following components : - Application Firewall - App Sandbox - Bluetooth - CFNetwork - CFNetwork SSL - Console - CoreGraphics - curl - dyld -...
Authorization
kextd in Kext Management in Apple iOS before 7 does not properly verify authorization for IPC messages, which allows local users to 1 load or 2 unload kernel extensions via a crafted message...
CVE-2013-5145
kextd in Kext Management in Apple iOS before 7 does not properly verify authorization for IPC messages, which allows local users to 1 load or 2 unload kernel extensions via a crafted message...