CVE-2016-1738

dyld in Apple OS X before 10.11.4 allows attackers to bypass a code-signing protection mechanism via a modified app...

Design/Logic Flaw

dyld in Apple OS X before 10.11.4 allows attackers to bypass a code-signing protection mechanism via a modified app...

Design/Logic Flaw

The kernel in Apple iOS before 9.3, tvOS before 9.2, and watchOS before 2.2 does not properly restrict the execute permission, which allows attackers to bypass a code-signing protection mechanism via a crafted app...

CVE-2016-1738

CVE-2016-1738 affects OS X El Capitan prior to 10.11.4 (dyld). The vulnerability allows code-signing verification to be bypassed via a modified app, enabling arbitrary code execution in the context of the affected process. Apple’s advisory for 10.11.4/Security Update 2016-002 documents dyld as fi...

CVE-2016-1773

CVE-2016-1773 affects Apple OS X before 10.11.4, where the code-signing subsystem fails to properly verify file ownership. This enables local attackers to determine the existence of arbitrary files via unspecified vectors (information disclosure). The issue is documented in multiple sources and p...

CVE-2016-1751

CVE-2016-1751 affects Apple kernels on iOS pre-9.3, tvOS pre-9.2 and watchOS pre-2.2. The issue is failure to properly restrict execute permissions, enabling a crafted app to bypass code-signing protection. In practice, this can allow an attacker to gain kernel-level execution by loading a malici...

CVE-2016-1738

dyld in Apple OS X before 10.11.4 allows attackers to bypass a code-signing protection mechanism via a modified app...

CVE-2016-1751

The kernel in Apple iOS before 9.3, tvOS before 9.2, and watchOS before 2.2 does not properly restrict the execute permission, which allows attackers to bypass a code-signing protection mechanism via a crafted app...

CVE-2016-1773

The code-signing subsystem in Apple OS X before 10.11.4 does not properly verify file ownership, which allows local users to determine the existence of arbitrary files via unspecified vectors...

Citrix Known Issues - Hotfixes with SHA-1 Code Sign

This article describes an issue that no longer applies. As a courtesy, Citrix is keeping the article online to prevent broken links for customer who might have bookmarked it. Citrix is committed to complying with the Security Advisories published by Microsoft. Effective January 1, 2016, Microsoft...

Apple iOS < 8.4.1 Multiple Vulnerabilities

Binary data 8978.prm...

Microsoft Trusted Boot Security Feature Bypass

Vulnerability title Microsoft: Trusted Boot Security Feature Bypass Vulnerability CVE: CVE-2015-2552 Vendor: Microsoft Product: Windows NT series 8.0+ Affected versions: See "systems affected". Reported by: "Myria" Vulnerability Summary: ===================== An attacker with administrative acces...

The vulnerability of the iOS operating system, which allows a hacker to bypass the signature verification mechanism for security checks

The vulnerability of the dyld component in the iOS operating system is related to security configuration errors. Exploiting this vulnerability allows a malicious actor to bypass the code signing verification mechanism by using a specially crafted application that embeds the signature within the...

'The Hacker News' Weekly Roundup — 14 Most Popular Stories

To make the last week’s top cyber security threats and challenges available to you in one shot, we are once again here with our weekly round up. Last week, we came across lots of cyber security threats like the XCodeGhost malware in Apple’s App Store and lockscreen bypass bug in iOS 9 and iOS 9.0...

Microsoft Revokes Leaked D-Link Certificates

Microsoft today revoked trust for the four digital certificates inadvertently leaked last week by networking gear manufacturer D-Link. Microsoft said it has modified its Certificate Trust List removing trust for the four certs, which could have been used to sign malicious code used in attacks. Th...

CVE-2015-5839

dyld in Apple iOS before 9 allows attackers to bypass a code-signing protection mechanism via an app that places a crafted signature in an executable file...

Design/Logic Flaw

dyld in Apple iOS before 9 allows attackers to bypass a code-signing protection mechanism via an app that places a crafted signature in an executable file...

D-Link Private Code-Signing Keys Leaked

A simple mistake by networking gear manufacturer D-Link could have opened the door for costly damage. Private keys used to sign software published by D-Link were found in the company’s open source firmware packages. While it’s unknown whether the keys were used by malicious third parties, the...

CVE-2015-5839

CVE-2015-5839 : In Apple iOS, pre-9.0 dyld can bypass code-signing protection by an app that places a crafted signature into an executable. The issue arises from how dyld validates the code signature of executables, enabling bypass of the protection under crafted conditions. Affected software: iO...

CVE-2015-5839

dyld in Apple iOS before 9 allows attackers to bypass a code-signing protection mechanism via an app that places a crafted signature in an executable file...