Multiple Apple Products WebKit Component Security Bypass Vulnerability

Apple Safari is a web browser that is the default browser that comes with the Mac OS X and iOS operating systems.Apple iOS is an operating system developed for mobile devices.Apple tvOS is a smart TV operating system. A security vulnerability exists in the WebKit component of several Apple...

About the security content of macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra

About the security content of macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra This document describes the security content of macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. About Apple security updates F...

DEBIAN-CVE-2020-10702

A flaw was found in QEMU in the implementation of the Pointer Authentication PAuth support for ARM introduced in version 4.0 and fixed in version 5.0.0. A general failure of the signature generation process caused every PAuth-enforced pointer to be signed with the same signature. A local attacker...

CVE-2020-10702

A flaw was found in QEMU in the implementation of the Pointer Authentication PAuth support for ARM introduced in version 4.0 and fixed in version 5.0.0. A general failure of the signature generation process caused every PAuth-enforced pointer to be signed with the same signature. A local attacker...

USN-4372-1 qemu vulnerabilities

It was discovered that QEMU incorrectly handled bochs-display devices. A local attacker in a guest could use this to cause a denial of service or possibly execute arbitrary code in the host. This issue only affected Ubuntu 19.10. CVE-2019-15034 It was discovered that QEMU incorrectly handled memo...

UBUNTU-CVE-2020-10702

A flaw was found in QEMU in the implementation of the Pointer Authentication PAuth support for ARM introduced in version 4.0 and fixed in version 5.0.0. A general failure of the signature generation process caused every PAuth-enforced pointer to be signed with the same signature. A local attacker...

CVE-2020-10702

A flaw was found in QEMU in the implementation of the Pointer Authentication PAuth support for ARM. A general failure of the signature generation process caused every PAuth-enforced pointer to be signed with the same signature. A local attacker could obtain the signature of a protected pointer an...

Remote iPhone Exploitation Part 3: From Memory Corruption to JavaScript and Back -- Gaining Code Execution

Posted by Samuel Groß, Project Zero This is the third and last post in a series about a remote, interactionless iPhone exploit over iMessage. The first blog post introduced the exploited vulnerability, and the second blog post described a way to perform a heapspray, leaking the shared cache base...

Examining Pointer Authentication on the iPhone XS

Posted by Brandon Azad, Project Zero In this post I examine Apple's implementation of Pointer Authentication on the A12 SoC used in the iPhone XS, with a focus on how Apple has improved over the ARM standard. I then demonstrate a way to use an arbitrary kernel read/write primitive to forge kernel...

voucher_swap: Exploiting MIG reference counting in iOS 12

Posted by Brandon Azad, Project Zero In this post I'll describe how I discovered and exploited CVE-2019-6225, a MIG reference counting vulnerability in XNU's taskswapmachvoucher function. We'll see how to exploit this bug on iOS 12.1.2 to build a fake kernel task port, giving us the ability to re...

Microsoft Windows SMB Server NTLM Multiple Vulnerabilities (971468)

This host is missing a critical security update according to Microsoft Bulletin MS10-012. OpenVAS Vulnerability Test $Id: secpodms10-012-remote.nasl 11684 2010-10-15 16:45:43Z oct$ Microsoft Windows SMB Server NTLM Multiple Vulnerabilities 971468 Authors: Antu Sanadi Chandrashekhar B Copyright:...