APPLE-SA-2015-10-21-7 Xcode 7.1

APPLE-SA-2015-10-21-7 Xcode 7.1 Xcode 7.1 is now available and addresses the following: Swift Available for: OS X Yosemite v10.10.5 or later Impact: Swift programs performing certain type conversions may receive unexpected values Description: A type conversion issue existed that could lead to...

Apple Xcode multiple security vulnerabilities

Restrictions bypass, weak encryption, information discosure, multiple svn vulnerabilities...

CVE-2015-7030

The Swift implementation in Apple Xcode before 7.1 mishandles type conversion, which has unspecified impact and attack vectors...

Type confusion

The Swift implementation in Apple Xcode before 7.1 mishandles type conversion, which has unspecified impact and attack vectors...

CVE-2015-7030

CVE-2015-7030 affects Apple Xcode before 7.1, where the Swift implementation mishandles certain type conversions. Multiple sources describe it as an information-disclosure/logic-conversion issue that could allow an attacker to obtain sensitive information or circumvent program logic; the vendor a...

CVE-2015-7030

The Swift implementation in Apple Xcode before 7.1 mishandles type conversion, which has unspecified impact and attack vectors...

Apple Xcode < 7.1 (Mac OS X)

The version of Apple Xcode installed on the remote Mac OS X host is prior to 7.1. It is, therefore, affected by a vulnerability in Swift-based programs due to unexpected values being returned for certain type conversions. An unauthenticated, remote attacker can exploit this, by manipulating retur...

Apple Releases Multiple Security Updates

Apple has released several security updates to address critical vulnerabilities in multiple Apple products. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Available updates include: OS X Server 5.0.15 for OS X Yosemite v10.10.5 and...

How to Protect Yourself against XcodeGhost like iOS Malware Attacks

Recently, Chinese iOS developers have discovered a new OS X and iOS malware dubbed XcodeGhost that has appeared in malicious versions of Xcode, Apple’s official toolkit for developing iOS and OS X apps. The hack of Apple’s Xcode involves infecting the compiler with malware and then passing that...

APPLE-SA-2015-09-16-2 Xcode 7.0

APPLE-SA-2015-09-16-2 Xcode 7.0 Xcode 7.0 is now available and addresses the following: DevTools Available for: OS X Yosemite v10.10.4 or later Impact: An attacker may be able to bypass access restrictions Description: An API issue existed in the apache configuration. This issue was addressed by...

Apple Xcode < 7.0 (Mac OS X) (POODLE)

The version of Apple Xcode installed on the remote Mac OS X host is prior to 7.0. It is, therefore, affected by the multiple vulnerabilities : - A memory leak issue exists in file d1srtp.c related to the DTLS SRTP extension handling and specially crafted handshake messages. An attacker can exploi...

Dropbox FinderLoadBundle OS X Local Root Exploit

!/bin/bash Dropbox FinderLoadBundle OS X local root exploit by cenobyte 2015 - vulnerability description: The setuid root FinderLoadBundle that was included in older DropboxHelperTools versions for OS X allows loading of dynamically linked shared libraries that are residing in the same directory...

Dropbox 3.3.x - OSX FinderLoadBundle Privilege Escalation

Dropbox 3.3.x - OSX FinderLoadBundle Privilege Escalation !/bin/bash Exploit Title: Dropbox FinderLoadBundle OS X local root exploit Google Dork: N/A Date: 29/09/15 Exploit Author: cenobyte Vendor Homepage: https://www.dropbox.com Software Link: N/A Version: Dropbox 1.5.6, 1.6-7., 2.1-11., 3.0.,...

Dropbox &lt; 3.3.x - OSX FinderLoadBundle Privilege Escalation

!/bin/bash Exploit Title: Dropbox FinderLoadBundle OS X local root exploit Google Dork: N/A Date: 29/09/15 Exploit Author: cenobyte Vendor Homepage: https://www.dropbox.com Software Link: N/A Version: Dropbox 1.5.6, 1.6-7., 2.1-11., 3.0., 3.1., 3.3. Tested on: OS X Yosemite 10.10.5 CVE: N/A Dropb...

XcodeGhost Apple AppStore Malware

As more eyes peer into XcodeGhost, the malware that managed to sneak into Apple’s App Store, more trouble bubbles to the surface. Researchers at Palo Alto Networks said in an updated report that the malware contains a vulnerability that allows an attacker in man-in-the-middle position to control...

使用非官方渠道 Unity 开发 App 造成的后门

除了 XCode，Unity 同样也受影响，同样的手段与方法。 在./Unity/Unity.app/Contents/PlaybackEngines/iossupport/Trampoline/Libraries/libiPhone-lib-il2cpp.a 中的libiPhone-lib-il2cpp.a--master.o ,恶意代码和 xcode中的逻辑一致，上线域名是init.icloud-diagnostics.com 来自 http://weibo.com/3802345927/CBCl1irIH 我们将持续关注具体情况...

使用非官方渠道 Cocos2d-x 开发 App 造成的后门

除了 XCode，部分 Cocos2d-x 可能同样受影响 我们将持续关注 http://weibo.com/5119199829/CBCsW3WK8...

XcodeGhost iOS App Malware Contained

Concern over the so-called XcodeGhost malware has put the security of Apple’s App Store on the front page. While the App Store was not hacked, attackers did manage to append malicious code to a number of popular apps—most of those developed in China—and find a loophole in Apple’s code-scanning to...

Warning! Popular Apple Store Apps Infected with Data-Theft Malware

Unlike Google Play Store, Apple App Store is well known for not allowing any malformed apps to enter its Apple ecosystem because of its tight security checks. But, not anymore. Hundreds of malicious apps managed to get hosted on Apple's official App store and subsequently downloaded by several...

Apple Xcode Server Information Disclosure Vulnerability

Apple Xcode Server is a development server. An access checksum vulnerability in the Apple Xcode Server Processing Repository email list could lead to sending build notification messages to other users...