26 matches found
CVE-2019-8605
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A malicious application may be able to execute arbitrary code with system privileges...
CISA Warns of Active Exploitation of 'PwnKit' Linux Vulnerability in the Wild
The U.S. Cybersecurity and Infrastructure Security Agency CISA this week moved to add a Linux vulnerability dubbed PwnKit to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. The issue, tracked as CVE-2021-4034 CVSS score: 7.8, came to light in January 2022 and...
VulnCheck KEV: CVE-2019-8605
A use-after-free vulnerability in Apple iOS, macOS, tvOS, and watchOS could allow a malicious application to execute code with system privileges...
Designing sockfuzzer, a network syscall fuzzer for XNU
Posted by Ned Williamson, Project Zero Introduction When I started my 20% project – an initiative where employees are allocated twenty-percent of their paid work time to pursue personal projects – with Project Zero, I wanted to see if I could apply the techniques I had learned fuzzing Chrome to...
About the security content of watchOS 5.2.1 - Apple Support
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...
CVE-2019-8605
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A malicious application may be able to execute arbitrary code with system privileges...
CVE-2019-8605
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A malicious application may be able to execute arbitrary code with system privileges...
CVE-2019-8605
CVE-2019-8605 is a use-after-free vulnerability in Apple’s XNU kernel (iOS, macOS, tvOS, watchOS) that could allow a malicious app to execute arbitrary code with system privileges. The initial description notes a use-after-free that was fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, and watc...
CVE-2019-8605
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A malicious application may be able to execute arbitrary code with system privileges. Recent assessments: Assessed Attacker Value: 0 Assessed...
SockPuppet: A Walkthrough of a Kernel Exploit for iOS 12.4
Posted by Ned Williamson, 20% on Project Zero Introduction I have a somewhat unique opportunity in this writeup to highlight my experience as an iOS research newcomer. Many high quality iOS kernel exploitation writeups have been published, but those often feature weaker initial primitives combine...
Apple TV < 12.4.1 A Use-After-Free Vulnerability
According to its banner, the version of Apple TV on the remote device is prior to 12.4.1. It is therefore affected by a use-after-free vulnerability as described in the HT210550 C Tenable Network Security, Inc. include'compat.inc'; if description scriptid131702; scriptversion"1.6";...
iOS < 12.4.1 - 'Jailbreak' Local Privilege Escalation
Exploit Title: SockPuppet 3 Date: September 8, 2019 Exploit Author: Umang Raghuvanshi Vendor Homepage: https://apple.com Software Link: https://ipsw.me/ Version: iOS 11.0—12.2, iOS 12.4 Tested on: iOS 11.0—12.2, iOS 12.4 CVE: CVE-2019-8605 This is an alternative and complete exploit for...
About the security content of iOS 12.4.1 - Apple Support
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...
About the security content of macOS Mojave 10.14.6 Supplemental Update - Apple Support
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...
About the security content of tvOS 12.4.1 - Apple Support
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...
About the security content of iOS 12.4.1
About the security content of iOS 12.4.1 This document describes the security content of iOS 12.4.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...
About the security content of tvOS 12.4.1
About the security content of tvOS 12.4.1 This document describes the security content of tvOS 12.4.1 About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...
About the security content of macOS Mojave 10.14.6 Supplemental Update
About the security content of macOS Mojave 10.14.6 Supplemental Update This document describes the security content of macOS Mojave 10.14.6 Supplemental Update. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an...
iOS 12.4 jailbreak released after Apple 'accidentally un-patches' an old flaw
A fully functional jailbreak has been released for the latest iOS 12.4 on the Internet, making it the first public jailbreak in a long time—thanks to Apple. Dubbed "unc0ver 3.5.0 ," the jailbreak works with the updated iPhones, iPads and iPod Touches by leveraging a vulnerability that Apple...
Apple TV 12.0.0 and < 12.3 Multiple Vulnerabilities
Binary data 700719.prm...