403 matches found
Password Stealing Vulnerabilities Outlined in iOS, OSX
A group of researchers from Indiana University say that they’ve found a handful of vulnerabilities in both Apple’s OS X and iOS, and perhaps more worrisome, cracked the Keychain service that the company uses for apps and their sandboxes on OS X. A series of weak app-to-app authentication...
Mac OS X < 10.10.3 Multiple Vulnerabilities
Binary data 8672.prm...
APPLE-SA-2015-03-19-1 Security Update 2015-003
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2015-03-19-1 Security Update 2015-003 Security Update 2015-003 is now available and addresses the following: iCloud Keychain Available for: OS X Yosemite v10.10.2 Impact: An attacker with a privileged network position may be able to execute...
Mac OS X Multiple Vulnerabilities (Security Update 2015-003)
The remote host is running a version of Mac OS X 10.10.2 that is missing Security Update 2015-003. It is, therefore, affected by the following vulnerabilities : - A type confusion flaw exists in how IOSurface handles serialized objects, which an attacker can use to execute arbitrary code with...
APPLE-SA-2015-03-09-1 iOS 8.2
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2015-03-09-1 iOS 8.2 iOS 8.2 is now available and addresses the following: CoreTelephony Available for: iPhone 4s and later, iPod touch 5th generation and later, iPad 2 and later Impact: A remote attacker can cause a device to unexpectedly...
APPLE-SA-2015-03-09-3 Security Update 2015-002
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2015-03-09-3 Security Update 2015-002 Security Update 2015-002 is now available and addresses the following: iCloud Keychain Available for: OS X Yosemite v10.10.2 Impact: An attacker with a privileged network position may be able to execute...
CVE-2015-1065
Multiple buffer overflows in iCloud Keychain in Apple iOS before 8.2 and Apple OS X through 10.10.2 allow man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream during keychain recovery...
Buffer overflow
Multiple buffer overflows in iCloud Keychain in Apple iOS before 8.2 and Apple OS X through 10.10.2 allow man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream during keychain recovery...
CVE-2015-1065
Multiple buffer overflows in iCloud Keychain in Apple iOS before 8.2 and Apple OS X through 10.10.2 allow man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream during keychain recovery...
CVE-2015-1065
CVE-2015-1065 affects iCloud Keychain handling in Apple iOS before 8.2 and OS X up to 10.10.2. Multiple buffer overflows in the data handling during keychain recovery allow a man‑in‑the‑middle attacker to execute arbitrary code by modifying the client–server data stream. Apple Security Update 201...
Apple iOS iCloud Keychain Buffer Overflow Vulnerability
Apple iOS is the latest operating system that runs on Apple's iPhone and iPod touch devices. Apple iOS suffers from a buffer overflow in processing data during iCloud Keychain recovery processing, which allows users who can conduct man-in-the-middle attacks to execute arbitrary code...
Apple Fixes FREAK Bug, iCloud Flaw in iOS 8.2
Apple has patched the FREAK SSL vulnerability, along with a nasty bug that could’ve allowed a remote attacker to restart a user’s iPhone via SMS, with the release of iOS 8.2. The new version of Apple’s mobile operating system contains a number of vulnerability fixes, with the FREAK patch being th...
Mac OS X Multiple Vulnerabilities (Security Update 2015-002)
The remote host is running a version of Mac OS X 10.8, 10.9, or 10.10 that does not have Security Update 2015-002 applied. This update contains several security-related fixes for the following components : - iCloud Keychain - IOAcceleratorFamily - IOSurface - machportkobject kernel interface -...
CVE-2014-8831
securitytaskgate in Apple OS X before 10.10.2 allows attackers to read group-ACL-restricted keychain items of arbitrary apps via a crafted app with a signature from a 1 self-signed certificate or 2 Developer ID certificate...
Code injection
securitytaskgate in Apple OS X before 10.10.2 allows attackers to read group-ACL-restricted keychain items of arbitrary apps via a crafted app with a signature from a 1 self-signed certificate or 2 Developer ID certificate...
CVE-2014-8831
securitytaskgate in Apple OS X before 10.10.2 allows attackers to read group-ACL-restricted keychain items of arbitrary apps via a crafted app with a signature from a 1 self-signed certificate or 2 Developer ID certificate...
CVE-2014-8831
CVE-2014-8831 affects Apple OS X prior to 10.10.2. The issue in security_taskgate allows reading group-ACL–restricted keychain items of arbitrary apps when a crafted app signs with a self-signed certificate or a Developer ID certificate. Impact is partial confidentiality. The vulnerability is add...
Apple MAC OS X Yosemite Access Control Vulnerability
Apple MAC OS X Yosemite is the latest operating system developed by Apple. An access control vulnerability exists in Apple MAC OS X Yosemite Keychain, which allows remote attackers to exploit the vulnerability to obtain sensitive information...
Input validation
The Security - Keychain component in Apple OS X before 10.9.4 does not properly implement keystroke observers, which allows physically proximate attackers to bypass the screen-lock protection mechanism, and enter characters into an arbitrary window under the lock window, via keyboard input...
CVE-2014-1380
CVE-2014-1380 concerns the Security - Keychain component in Apple OS X prior to 10.9.4. The root issue is improper keystroke observer handling, which can permit physically proximate attackers to bypass the screen lock and type into a window under the lock screen via keyboard input. The impact des...