EUVD-2016-5701

Malware in sbrugna...

Exploit for Improper Handling of Insufficient Permissions or Privileges in Apple Macos

🇮🇱 BringThemHome NeverAgainIsNow 🇮🇱 We demand the...

PT-2023-28644 · Apple · Apple Macos +1

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 12.7.2 macOS versions prior to 13.6.3 macOS versions prior to 14.2 Description: A process may gain admin privileges without proper authentication. The issue was addressed with improved checks. Unprivileged users,...

7zip CVE-2016-2334 HFS+ Code Execution Vulnerability

INTRODUCTION In 2016 Talos released an advisory for CVE-2016-2334, which was a remote code execution vulnerability affecting certain versions of 7zip, a popular compression utility. In this blog post we will walk through the process of weaponizing this vulnerability and creating a fully working...

Vulnerability Walkthrough: 7zip CVE-2016-2334 HFS+ Code Execution Vulnerability

This blog post was authored by Marcin Noga of Cisco Talos.IntroductionIn 2016 Talos released an advisory for CVE-2016-2334, which was a remote code execution vulnerability affecting certain versions of 7zip, a popular compression utility. In this blog post we will walk through the process of...

Apple OS X DiskArbitration Arbitrary Code Execution Vulnerability

Apple OS X is a suite of operating systems developed by Apple for Mac computers.Address Book is an address book or contact framework.DiskArbitration is a component that handles disk mounting.... An arbitrary code execution vulnerability exists in diskutil in DiskArbitration in Apple OS X versions...

CVE-2016-4716

diskutil in DiskArbitration in Apple OS X before 10.12 allows local users to gain privileges via unspecified vectors...

CVE-2016-4716

DiskArbitration (diskutil) in Apple OS X prior to 10.12 is affected by CVE-2016-4716, allowing a local user to gain privileges via unspecified vectors. The issue is addressed in macOS Sierra 10.12; system owners should upgrade to macOS 10.12 or newer to remediate. The description does not specify...

CVE-2016-4716

diskutil in DiskArbitration in Apple OS X before 10.12 allows local users to gain privileges via unspecified vectors...

Apple Mac OS X HFS硬链接本地拒绝服务漏洞

BUGTRAQ ID: 39658 CVECAN ID: CVE-2010-0105 Mac OS X是苹果家族机器所使用的操作系统。 大多数现代的操作系统都不允许目录中存在硬链接以防范无限递归，但Mac操作系统的HFS文件系统实现的Time Machine备份机制在目录中使用了硬链接，本地用户可以通过执行恶意程序导致拒绝服务。 Apple Mac OS X 10.6.3 Apple Mac OS X 10.6.2 厂商补丁： Apple ----- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.apple.com...

MacOS X 10.6 HFS File System Attack (Denial of Service)

No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 / Proof of Concept for CVE-2010-0105 MacOS X 10.6 hfs file system attack Denial of Service by Maksymilian Arciemowicz from SecurityReason.com http://securityreason.com/achievementexploitalert/15 NOTE: This DoS will b...

Apple Mac OSX 10.6 - HFS FileSystem (Denial of Service)

// -----BEGIN PGP SIGNED MESSAGE----- // Hash: SHA1 / Proof of Concept for CVE-2010-0105 MacOS X 10.6 hfs file system attack Denial of Service by Maksymilian Arciemowicz from SecurityReason.com http://securityreason.com/achievementexploitalert/15 NOTE: This DoS will be localized in phase Checking...

Apple Mac OSX 10.6 - HFS FileSystem (Denial of Service)

Apple Mac OSX 10.6 - HFS FileSystem Denial of Service // -----BEGIN PGP SIGNED MESSAGE----- // Hash: SHA1 / Proof of Concept for CVE-2010-0105 MacOS X 10.6 hfs file system attack Denial of Service by Maksymilian Arciemowicz from SecurityReason.com...

CVE-2007-0023

The CFUserNotificationSendRequest function in UserNotificationCenter.app in Apple Mac OS X 10.4.8, when used in combination with diskutil, allows local users to gain privileges via a malicious InputManager in Library/InputManagers in a user's home directory, which is executed when Cocoa...

CVE-2007-0023

The CFUserNotificationSendRequest function in UserNotificationCenter.app in Apple Mac OS X 10.4.8, when used in combination with diskutil, allows local users to gain privileges via a malicious InputManager in Library/InputManagers in a user's home directory, which is executed when Cocoa...

CVE-2007-0345

The 1 Activity Monitor.app/Contents/Resources/pmTool, 2 Keychain Access.app/Contents/Resources/kcproxy, and 3 ODBC Administrator.app/Contents/Resources/iodbcadmintool programs in /Applications/Utilities/ in Mac OS X 10.4.8 have weak permissions writable by admin group, which allows local admin...

Code injection

The 1 Activity Monitor.app/Contents/Resources/pmTool, 2 Keychain Access.app/Contents/Resources/kcproxy, and 3 ODBC Administrator.app/Contents/Resources/iodbcadmintool programs in /Applications/Utilities/ in Mac OS X 10.4.8 have weak permissions writable by admin group, which allows local admin...

MOAB-05-01-2007: Apple DiskManagement BOM Local Privilege Escalation Vulnerability

Summary Apple DiskManagement.framework is the back-end for the ' diskutil' tool, used to perform disk/file system maintenance tasks. One of these tasks, permissions repair, involves the usage of BOM Bill Of Materials files, which declare the default file permissions and owner among other...

Apple Mac OSX 10.4.8 - DiskManagement BOM Privilege Escalation

!/usr/bin/ruby c 2006 LMH Kevin Finisterre Thanks to The French Connection for bringing this in-the-wild 0-day to our attention. If /tmp/ps2 exists on your system, you've been pwned already. Thanks to the original authors of the exploit 'meow'. You know who you are. "They did it for the lulz" - A...