4 matches found
Apple iOS / MacOS NSKeyedArchiver Heap Corruption(CVE-2017-2524)
Using lldb inside a simple helloworld app for iOS we can see that there are over 600 classes which we could get deserialized for persistance for example. The TextInput framework which is loaded has a class TIKeyboardLayout. The initWithCoder: implementation has this code: this is the x86 code, th...
CVE-2017-2524
creationtimestamp| type| source ---|---|--- 2017-05-23 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/42051...
CVE-2017-2524
CVE-2017-2524 affects Apple platforms due to a TextInput heap/memory corruption path exposed during NSKeyedArchiver deserialization in TIKeyboardLayout (TextInput). Apple docs and security updates (tvOS 10.2.1, iOS 10.3.2, macOS 10.12.5, watchOS 3.2.2) describe memory corruption that can lead to ...
Apple Mac OS X Multiple Vulnerabilities - 01 - (HT207797)
Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...