Mac OS X 10.9.x < 10.9.4 Multiple Vulnerabilities

The remote host is running a version of Mac OS X 10.9.x that is prior to 10.9.4. This update contains several security-related fixes for the following components : - Certificate Trust Policy - copyfile - curl - Dock - Graphics Driver - iBooks Commerce - Intel Graphics Driver - Intel Compute -...

Volafox - Mac OS X & BSD Memory Analysis Toolkit

Volafox is an open source toolkit that you can use for Mac OS X and BSD forensics. The tool is a python based and allows investigating security incidents and finding information for malwares and any malicious program on the system. Security analyst can have the following information using this...

Apple Updates iOS Security Guide

Apple rarely offers anyone a glimpse inside its walled-off security garden. The last time it did was in the spring of 2012 when it released a detailed paper on the security of its iOS operating system for iPhones and iPads. The company also presented a much-anticipated if not anticlimactic...

[Pac4Mac] Forensics Framework for Mac OS X

Pac4Mac Plug And Check for Mac OS X is a portable Forensics framework to launch from USB storage allowing extraction and analysis session informations in highlighting the real risks in term of information leak history, passwords, technical secrets, business secrets, .... Pac4Mac can be used to...

Starbucks 2.6.1 Information Disclosure

Title: CVE-2014-0647 Insecure Data Storage of User Data Elements in Starbucks v2.6.1 iOS mobile application Published: January 13, 2014 Reported to Vendor: December 2013 no direct response CVE Reference: CVE-2014-0647 Credit: This issue was discovered by Daniel E. Wood...

[SECURITY] Fedora 20 Update: python-keyring-3.3-1.fc20

The Python keyring lib provides a easy way to access the system keyring service from python. It can be used in any application that needs safe password storage. The keyring services supported by the Python keyring lib: OSXKeychain: supports the Keychain service in Mac OS X. KDEKWallet: supports t...

OSX Gather Autologin Password as Root

This module will steal the plaintext password of any user on the machine with autologin enabled. Root access is required. When a user has autologin enabled System Preferences - Accounts, OSX stores their password with an XOR encoding in /private/etc/kcpassword. This module requires Metasploit:...

CVE-2013-5187

The Screen Lock implementation in Apple Mac OS X before 10.9 does not immediately accept Keychain Status menu Lock Screen commands, and instead incorrectly relies on a certain timeout setting, which allows physically proximate attackers to obtain sensitive information by reading a screen that...

Design/Logic Flaw

The Screen Lock implementation in Apple Mac OS X before 10.9 does not immediately accept Keychain Status menu Lock Screen commands, and instead incorrectly relies on a certain timeout setting, which allows physically proximate attackers to obtain sensitive information by reading a screen that...

CVE-2013-5187

The CVE-2013-5187 entry concerns Apple Mac OS X pre-10.9 where the Screen Lock implementation fails to immediately transition to a locked state. The issue stems from the system’s reliance on a timeout for Keychain Status menu lock commands, potentially allowing a physically proximate attacker to ...

CVE-2013-5187

The Screen Lock implementation in Apple Mac OS X before 10.9 does not immediately accept Keychain Status menu Lock Screen commands, and instead incorrectly relies on a certain timeout setting, which allows physically proximate attackers to obtain sensitive information by reading a screen that...

Apple Mac OS X Vulnerability enables Root User to Hackers by resetting the clock

Do you think, because you're using an Apple Mac, your data is safe from hackers ? Well, it is not true, there are dozens of security weaknesses and today Researchers have made it easier to exploit Apple Mac OS X, that allows penetration testers and hackers to gain root access. The flaw remained...

Apple Mac OS X Vulnerability enables Root User to Hackers by resetting the clock

Do you think, because you’re using an Apple Mac, your data is safe from hackers ? Well, it is not true, there are dozens of security weaknesses and today Researchers have made it easier to exploit Apple Mac OS X, that allows penetration testers and hackers to gain root access. The flaw remained...

iOS 7 Beta Vulnerable to Screen-Lock Bypass

An iPhone user in Spain who downloaded the beta version of Apple iOS 7, which was made available Monday, was able to bypass its screen-lock security feature. The revamped mobile operating system was unveiled by the Cupertino, California technology giant last week at its annual World Wide Develope...

OS X Gather Keychain Enumeration

This module presents a way to quickly go through the current user's keychains and collect data such as email accounts, servers, and other services. Please note: when using the GETPASS and GETPASSAUTOACCEPT option, the user may see an authentication alert flash briefly on their screen that gets...

Apple Xcode < 4.4 Multiple Vulnerabilities (Mac OS X) (BEAST)

The remote Mac OS X host has a version of Apple Xcode installed that is prior to 4.4. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability, known as BEAST, exists in the SSL 3.0 and TLS 1.0 protocols due to a flaw in the way the initialization vector ...

Apple XCode 4.x 信息泄露漏洞

BUGTRAQ ID: 54679 CVE ID: CVE-2012-3698,CVE-2011-3389 Xcode是苹果机器上所使用的开发工具。 Apple Xcode 4.4之前版本在实现上存在安全漏洞，可被恶意用户利用泄露敏感信息，劫持用户会话，绕过某些安全限制。 1） SSL 3.0和TLS 1.0协议的实现中存在设计错误。 2） DR实现中的错误可允许App Store应用访问用Xcode构建的Helper工具中的密钥链项目。 0 Apple XCode 4.x 厂商补丁： Apple ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

CVE-2012-3698

Apple Xcode before 4.4 does not properly compose a designated requirement DR during signing of programs that lack bundle identifiers, which allows remote attackers to read keychain entries via a crafted app, as demonstrated by the keychain entries of a 1 helper tool or 2 command-line tool...

Code injection

Apple Xcode before 4.4 does not properly compose a designated requirement DR during signing of programs that lack bundle identifiers, which allows remote attackers to read keychain entries via a crafted app, as demonstrated by the keychain entries of a 1 helper tool or 2 command-line tool...

CVE-2012-3698

Apple Xcode before 4.4 is affected by CVE-2012-3698 due to a design issue in composing a designated requirement (DR) during signing of programs without bundle identifiers. This allows remote attackers to read keychain entries via a crafted app, demonstrated with keychain data from a helper tool o...