98 matches found
Mac OS X Multiple Vulnerabilities (Security Update 2014-001) (BEAST)
The remote host is running a version of Mac OS X 10.7 or 10.8 that does not have Security Update 2014-001 applied. This update contains several security-related fixes for the following components : - Apache - App Sandbox - ATS - Certificate Trust Policy - CFNetwork Cookies - CoreAnimation - Date...
CVE-2013-5178
LaunchServices in Apple Mac OS X before 10.9 does not properly restrict Unicode characters in filenames, which allows context-dependent attackers to spoof file extensions via a crafted character sequence...
CVE-2013-5179
App Sandbox in Apple Mac OS X before 10.9 allows attackers to bypass intended sandbox restrictions via a crafted app that uses the LaunchServices interface to specify process arguments...
Design/Logic Flaw
LaunchServices in Apple Mac OS X before 10.9 does not properly restrict Unicode characters in filenames, which allows context-dependent attackers to spoof file extensions via a crafted character sequence...
Design/Logic Flaw
App Sandbox in Apple Mac OS X before 10.9 allows attackers to bypass intended sandbox restrictions via a crafted app that uses the LaunchServices interface to specify process arguments...
CVE-2013-5179
The CVE-2013-5179 entry concerns Apple Mac OS X sandbox bypass vulnerabilities described in the NVD entry: App Sandbox in OS X before 10.9 can be bypassed when a crafted app uses LaunchServices to specify process arguments, enabling sandbox evasion. Connected sources confirm the issue is tied to ...
CVE-2013-5178
LaunchServices in Apple Mac OS X before 10.9 does not properly restrict Unicode characters in filenames, which allows context-dependent attackers to spoof file extensions via a crafted character sequence...
CVE-2013-5178
CVE-2013-5178 : In Apple Mac OS X prior to 10.9, LaunchServices does not properly restrict Unicode characters in filenames, allowing context-dependent attackers to spoof file extensions via crafted character sequences. The underlying issue is the handling/filtering of Unicode characters in displa...
CVE-2013-5179
App Sandbox in Apple Mac OS X before 10.9 allows attackers to bypass intended sandbox restrictions via a crafted app that uses the LaunchServices interface to specify process arguments...
Mac OS X 10.x < 10.9 Multiple Vulnerabilities (BEAST)
The remote host is running a version of Mac OS X 10.x that is prior to version 10.9. The newer version contains multiple security-related fixes for the following components : - Application Firewall - App Sandbox - Bluetooth - CFNetwork - CFNetwork SSL - Console - CoreGraphics - curl - dyld -...
Apple Safari Arbitrary Code Execution
No description provided by source. CVE: CVE-2011-3230 Found By: Aaron Sigel of vtty.com There's not a ton to say about this bug aside from "Yikes"! I think the PoC speaks for itself. This allows you to send any "file:" url to LaunchServices, which will run binaries, launch applications, or open...
Apple Safari Arbitrary Code Execution
CVE: CVE-2011-3230 Found By: Aaron Sigel of vtty.com There's not a ton to say about this bug aside from "Yikes"! I think the PoC speaks for itself. This allows you to send any "file:" url to LaunchServices, which will run binaries, launch applications, or open content in the default application,...
CVE-2006-3504
The Download Validation in LaunchServices for Apple Mac OS X 10.4.7 can identify certain HTML as "safe", which could allow attackers to execute Javascript code in local context when the "Open 'safe' files after downloading" option is enabled in Safari...
CVE-2006-3504
CVE-2006-3504 affects Apple Mac OS X 10.4.7 where LaunchServices’ Download Validation can misclassify HTML as “safe.” If Safari’s “Open ‘safe’ files after downloading” is enabled, a downloaded HTML file could auto-open in a local context and allow embedded JavaScript to bypass local access restri...
CVE-2006-1447
LaunchServices in Apple Mac OS X 10.4.6 allows remote attackers to cause Safari to launch unsafe content via long file name extensions, which prevents Download Validation from determining which application will be used to open the file...
Open redirect
LaunchServices in Apple Mac OS X 10.4.6 allows remote attackers to cause Safari to launch unsafe content via long file name extensions, which prevents Download Validation from determining which application will be used to open the file...
CVE-2006-1447
LaunchServices in Apple Mac OS X 10.4.6 allows remote attackers to cause Safari to launch unsafe content via long file name extensions, which prevents Download Validation from determining which application will be used to open the file...
CVE-2006-1447
CVE-2006-1447 affects Apple Mac OS X 10.4.6 LaunchServices. The issue lets remote attackers cause Safari to launch unsafe content by exploiting long file name extensions, which prevents Download Validation from determining which application will be used. The provided documents do not include a co...
[SA20077] Mac OS X Security Update Fixes Multiple Vulnerabilities
TITLE: Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA20077 VERIFY ADVISORY: http://secunia.com/advisories/20077/ CRITICAL: Highly critical IMPACT: Security Bypass, Exposure of sensitive information, DoS, System access WHERE: From remote OPERATING SYSTEM: Apple...
CVE-2006-0397
Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is not clear how...