86 matches found
CVE-2017-2537
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "WindowServer" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service memory corruption via a crafted app...
CVE-2017-2541
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "WindowServer" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service memory corruption via a crafted app...
Design/Logic Flaw
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "WindowServer" component. It allows attackers to bypass intended memory-read restrictions via a crafted app...
Memory corruption
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "WindowServer" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service memory corruption via a crafted app...
Memory corruption
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "WindowServer" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service memory corruption via a crafted app...
Memory corruption
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "WindowServer" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service memory corruption via a crafted app...
CVE-2017-2541
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "WindowServer" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service memory corruption via a crafted app...
CVE-2017-2541
CVE-2017-2541 affects macOS Sierra WindowServer. The issue is a stack-based buffer overflow in WindowServer’s _XGetWindowMovementGroup() path, enabling a local attacker to execute arbitrary code with WindowServer/kernel-level privileges. Affected products: macOS Sierra 10.12.x before 10.12.5. Mit...
CVE-2017-2540
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "WindowServer" component. It allows attackers to bypass intended memory-read restrictions via a crafted app...
CVE-2017-2537
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "WindowServer" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service memory corruption via a crafted app...
CVE-2017-2548
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "WindowServer" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service memory corruption via a crafted app...
macOS 10.12.x < 10.12.5 Multiple Vulnerabilities
The remote host is running a version of macOS that is 10.12.x prior to 10.12.5. It is, therefore, affected by multiple vulnerabilities : - Multiple memory corruption issues exist in the Kernel component that allow a local attacker to gain kernel-level privileges. CVE-2017-2494, CVE-2017-2546 - A...
Mac OS X Multiple Vulnerabilities (Security Update 2017-002)
The remote host is running a version of Mac OS X 10.10.5 or 10.11.6 that is missing a security update. It is therefore, affected by multiple vulnerabilities : - A memory corruption issue exists in the Sandbox component that allows an unauthenticated, remote attacker to escape an application...
(Pwn2Own) Apple macOS WindowServer XSetWindowListBrightness Out-Of-Bounds Access Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the WindowServer...
(Pwn2Own) Apple macOS WindowServer Dragging Space Use-After-Free Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the WindowServer. The...
Mac OS X 10.x < 10.12.5 Multiple Vulnerabilities
Binary data 700119.prm...
Apple Patches Pwn2Own Vulnerabilities in Safari, macOS, iOS
Apple fixed 66 vulnerabilities across seven product lines, including Safari, iTunes, macOS, and iOS, on Monday. Many of the fixes – especially in macOS and Safari – resolve vulnerabilities uncovered at Pwn2Own, the hacking contest held at CanSecWest each year. Contestants collectively earned...
(Pwn2Own) Apple macOS WindowServer _XGetWindowMovementGroup Stack-based Buffer Overflow Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the WindowServer...
(Pwn2Own) Apple macOS WindowServer _XGetConnectionPSN Information Disclosure Vulnerability
This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...
Apple OS X WindowServer _XSetDictionaryForCurrentSession Type Confusion Privilege Escalation Vulnerability
This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the CoreGraphics...