169 matches found
ChromeLoader Browser Hijacker Provides Gateway to Bigger Threats
ChromeLoader may seem on the surface like a run-of-the-mill browser hijacker that merely redirects victims to advertisement websites. However, its use of PowerShell could pose a greater risk by leading to further and advanced malicious activity, such as the propagation of ransomware or spyware or...
UpdateAgent Returns with New macOS Malware Dropper Written in Swift
A new variant of the macOS malware tracked as UpdateAgent has been spotted in the wild, indicating ongoing attempts on the part of its authors to upgrade its functionalities. "Perhaps one of the most identifiable features of the malware is that it relies on the AWS infrastructure to host its...
Shlayer and Bundlore MacOS Malware Strains – How Uptycs EDR Detection Can Help
Adware strains Shlayer and Bundlore are the most common malware in macOS – although they have slight variations, they have long invaded and bypassed Xprotect, Notarization, Gatekeeper, and File Quarantine, all security features pre-built into macOS. The Uptycs threat research team has tracked the...
CVE-2021-21871
A memory corruption vulnerability exists in the DMG File Format Handler functionality of PowerISO 7.9. A specially crafted DMG file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. The vendor fixed it in a bug-release of the current versi...
Memory corruption
A memory corruption vulnerability exists in the DMG File Format Handler functionality of PowerISO 7.9. A specially crafted DMG file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. The vendor fixed it in a bug-release of the current versi...
CVE-2021-21871
A memory corruption vulnerability exists in the DMG File Format Handler functionality of PowerISO 7.9. A specially crafted DMG file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. The vendor fixed it in a bug-release of the current versi...
CVE-2021-21871
PowerISO 7.9 DMG File Format Handler memory corruption (CVE-2021-21871) results from improper boundary checks during DMG decompression. The PoC/malformed ZLIB handling can cause an out-of-bounds write, leading to a crash or potential code execution as described by TALOS. Affected component: Power...
Vulnerability Spotlight: Memory corruption vulnerability in PowerISO’s DMG handler
Piotr Bania of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered a memory corruption vulnerability in PowerISO’s handler that deals with DMG files. PowerISO is a CD/DVD/BD image file processing tool, which allows users to open, extract,... This is onl...
PowerISO DMG File Format Handler memory corruption vulnerability
Summary A memory corruption vulnerability exists in the DMG File Format Handler functionality of PowerISO 7.9. A specially crafted DMG file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. The vendor fixed it in a bug-release of the curre...
dmg2img 缓冲区错误漏洞
dmg2img is a software application. Provides a function to convert Apple compressed dmg archives into standard hfsplus image disk files. A security vulnerability exists in Dmg2img prior to version 20170502, which stems from the program's mishblk function not checking the length of the read buffer...
Convuster: macOS adware now in Rust
Introduction Traditionally, most malicious objects detected on the macOS platform are adware: besides the already familiar Shlayer family, the TOP 10 includes Bnodlero, Cimpli, Adload and Pirrit adware. As a rule, most tend to be written in C, Objective-C or Swift. Recently, however, cybercrimina...
Exploit for Improper Input Validation in Apple Mac_Os_X
CVE-2019-8561 Proof of concept exploit for CVE-2019-8561 disc...
TAU Threat Intelligence Notification: New macOS Malware Variant of Shlayer (OSX) Discovered
Carbon Black’s Threat Analysis Unit TAU recently discovered a new variant of a family of macOS malware which was first discovered in February of 2018 by researchers from Intego. TAU has obtained new samples of this malware and observed downloads of the malware from multiple sites, primarily...
Beware!! New Windows .exe Malware Found Targeting macOS Computers
A malicious Windows EXE file can even infect your Mac computer as well. Yes, you heard me right — a .exe malware on macOS. Security researchers at antivirus firm Trend Micro have discovered a novel way hackers are using in the wild to bypass Apple's macOS security protection and infect Mac...
Darling - Darwin/macOS Emulation Layer For Linux
Darling is a runtime environment for OS X applications. Please note that no GUI applications are supported at the moment. Download Darling uses many Git submodules, so a plain clone will not do. git clone --recurse-submodules https://github.com/darlinghq/darling.git Updating sources: git pull git...
Google Chrome < 68.0.3440.75 Multiple Vulnerabilities
Binary data 700361.pasl...
Calisto Trojan for macOS
An interesting aspect of studying a particular piece of malware is tracing its evolution and observing how the creators gradually add new monetization or entrenchment techniques. Also of interest are developmental prototypes that have had limited distribution or not even occurred in the wild. We...
Cisco Advanced Malware Protection for Endpoints macOS Connector Input Validation Vulnerability
Cisco Advanced Malware Protection AMP for Endpoints macOS Connector is an endpoint security solution that prevents, monitors, and responds to advanced threats for macOS devices from Cisco. An input validation vulnerability exists in the file type detection mechanism in Cisco AMP for Endpoints mac...
Design/Logic Flaw
A vulnerability in the file type detection mechanism of the Cisco Advanced Malware Protection AMP for Endpoints macOS Connector could allow an unauthenticated, remote attacker to bypass malware detection. The vulnerability occurs because the software relies on only the file extension for detectin...
CVE-2018-0237
A vulnerability in the file type detection mechanism of the Cisco Advanced Malware Protection AMP for Endpoints macOS Connector could allow an unauthenticated, remote attacker to bypass malware detection. The vulnerability occurs because the software relies on only the file extension for detectin...