266 matches found
CVE-2018-4317
CVE-2018-4317 is a use-after-free vulnerability in WebKit-related code that was fixed by Apple through memory-management improvements. Affected products/versions include iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, and iCloud for Windows 7.7. Patches were released as part of Apple securit...
CVE-2018-4322
CVE-2018-4322 is an iOS vulnerability in the Accounts component affecting versions prior to iOS 12. It concerns an entitlement-related issue that could allow a local app to read a persistent account identifier. Apple’s security content notes that the flaw was addressed with improved entitlements ...
CVE-2018-4305
CVE-2018-4305 is an Apple security issue described as an input validation problem, addressed by improved input validation. The initial document notes the vulnerability affects versions prior to iOS 12, tvOS 12, and watchOS 5. Connected Apple advisories (HT209106/HT209107/HT209108) corroborate mul...
CVE-2018-4197
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7...
CVE-2018-4191
A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7...
CVE-2018-4197
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7...
CVE-2018-4191
A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7...
CVE-2018-4191
CVE-2018-4191 is a memory corruption issue that Apple fixed by improving input/memory validation. Affects older releases prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, and iCloud for Windows 7.7. Apple security notes enumerate multiple components (CFNetwork, CoreFoundati...
CVE-2018-4197
CVE-2018-4197 is a WebKit/use-after-free vulnerability that was addressed by Apple through memory-management fixes. It affected multiple Apple platforms and products, specifically iOS versions prior to 12, tvOS prior to 12, Safari prior to 12, and Windows components (iTunes 12.9 for Windows and i...
CVE-2018-4344
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2018-4407
A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5...
voucher_swap: Exploiting MIG reference counting in iOS 12
Posted by Brandon Azad, Project Zero In this post I'll describe how I discovered and exploited CVE-2019-6225, a MIG reference counting vulnerability in XNU's taskswapmachvoucher function. We'll see how to exploit this bug on iOS 12.1.2 to build a fake kernel task port, giving us the ability to re...
Chinese Hacker Publishes PoC for Remote iOS 12 Jailbreak On iPhone X
Here we have great news for all iPhone Jailbreak lovers and concerning one for the rest of iPhone users. A Chinese cybersecurity researcher has today revealed technical details of critical vulnerabilities in Apple Safari web browser and iOS that could allow a remote attacker to jailbreak and...
CVE-2018-4345
A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7...
Apple iOS 11.x & 12.x - Authentication Bypass Vulnerability
Document Title: =============== Apple iOS 11.x & 12.x - Authentication Bypass Vulnerability References: =========== https://www.vulnerability-lab.com/getcontent.php?id=2161 View Video: https://www.youtube.com/watch?v=m9VMidADJcc Release Date: ============= 2018-10-26 Vulnerability Laboratory ID...
iOS 12 adoption and performance - what it means for your business's app
On September 17th, Apple released iOS 12. And while many innovative new features were announced, the very first feature listed in the release notes was "Performance." Earlier this year, Apple was heavily criticized for throttling CPU speeds on mobile devices, which drastically affected their...
Apple iOS 11.x & 12.x - Authentication Bypass Vulnerability
Document Title: =============== Apple iOS 11.x & 12.x - Authentication Bypass Vulnerability References: =========== https://www.vulnerability-lab.com/getcontent.php?id=2161 View Video: https://www.youtube.com/watch?v=m9VMidADJcc Release Date: ============= 2018-10-25 Vulnerability Laboratory ID...
Apple iOS - Kernel Stack Memory Disclosure due to Failure to Check copyin Return Value
Apple iOS - Kernel Stack Memory Disclosure due to Failure to Check copyin Return Value Here's a code snippet from sleh.c with the second level exception handler for undefined instruction exceptions: static void handleuncategorizedarmsavedstatet state, booleant instrLen2 exceptiontypet exception =...
Apple iOS - Kernel Stack Memory Disclosure due to Failure to Check copyin Return Value
Here's a code snippet from sleh.c with the second level exception handler for undefined instruction exceptions: static void handleuncategorizedarmsavedstatet state, booleant instrLen2 exceptiontypet exception = EXCBADINSTRUCTION; machexceptiondatatypet codes2 = EXCARMUNDEFINED; machmsgtypenumbert...
New iPhone Bug Gives Anyone Access to Your Private Photos
A security enthusiast who discovered a passcode bypass vulnerability in Apple's iOS 12 late last month has now dropped another passcode bypass bug that works on the latest iOS 12.0.1 that was released last week. Jose Rodriguez, a Spanish amateur security researcher, discovered a bug in iOS 12 in...