Lucene search
K

47 matches found

OSV
OSV
added 2021/04/02 6:15 p.m.3 views

CVE-2020-9975

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute...

7.8CVSS7.1AI score0.01119EPSS
Exploits0References5
CVE
CVE
added 2021/04/02 5:19 p.m.92 views

CVE-2020-9955

CVE-2020-9955 is an ImageIO out-of-bounds write vulnerability in Apple platforms. Apple reports that processing a maliciously crafted image may lead to arbitrary code execution. Concrete details across connected sources show the issue affecting ImageIO on iOS 14.0 / iPadOS 14.0, tvOS 14.0, watchO...

7.8CVSS7.4AI score0.01015EPSS
Exploits0References4Affected Software5
Wired Threat Level
Wired Threat Level
added 2021/03/06 2:5 p.m.83 views

Utah's ‘Porn Filter’ Law Passes the State Legislature

Plus: An iOS 14 jailbreak is out, Solarwinds details emerge, and more of the week's top security news...

1.5AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2021/01/30 12:0 p.m.56 views

Apple Fixes One of the iPhone's Most Pressing Security Risks

By hardening iMessage in iOS 14, the company has effectively cut off what had been an increasingly popular line of attack...

1.6AI score
Exploits0
ThreatPost
ThreatPost
added 2021/01/29 4:52 p.m.162 views

Apple iOS 14 Thwarts iMessage Attacks With BlastDoor System

In an effort to prevent attacks from being launched via its iMessage feature, Apple has debuted a security service called BlastDoor in iOS 14, its current mobile operating system version. First detailed in an analysis this week by Google Project Zero’s Samuel Groß, BlastDoor acts as a “tightly...

7.2AI score
Exploits0References13
Schneier on Security
Schneier on Security
added 2021/01/29 3:20 p.m.27 views

New iMessage Security Features

Apple has added added security features to mitigate the risk of zero-click iMessage attacks. Apple did not document the changes but Groß said he fiddled around with the newest iOS 14 and found that Apple shipped a "significant refactoring of iMessage processing" that severely cripples the usual...

1.3AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/29 2:59 p.m.39 views

Google uncovers new iOS security feature Apple quietly added after zero-day attacks

Google Project Zero on Thursday disclosed details of a new security mechanism that Apple quietly added to iOS 14 as a countermeasure to prevent attacks that were recently found to leverage zero-days in its messaging app. Dubbed "BlastDoor," the improved sandbox system for iMessage data was...

0.2AI score
Exploits0
GoogleProjectZero
GoogleProjectZero
added 2021/01/28 12:0 a.m.106 views

A Look at iMessage in iOS 14

Posted By Samuel Groß, Project Zero On December 20, Citizenlab published “The Great iPwn”, detailing how “Journalists were Hacked with Suspected NSO Group iMessage ‘Zero-Click’ Exploit”. Of particular interest is the following note: “We do not believe that the exploit works against iOS 14 and...

8.3AI score
Exploits0
NVD
NVD
added 2020/12/08 8:15 p.m.16 views

CVE-2020-9996

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A malicious application may be able to elevate privileges...

7.8CVSS6.5AI score0.00889EPSS
Exploits0References3
OSV
OSV
added 2020/12/08 8:15 p.m.3 views

CVE-2020-9963

The issue was addressed with improved handling of icon caches. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A malicious app may be able to determine the existence of files on the computer...

5.5CVSS7.1AI score0.00986EPSS
Exploits0References3
OSV
OSV
added 2020/12/08 8:15 p.m.5 views

CVE-2020-9969

An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. A local user may be able to view senstive user information...

5.5CVSS6.7AI score
Exploits0References5
OSV
OSV
added 2020/12/08 8:15 p.m.2 views

CVE-2020-9944

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may be able to read restricted memory...

5.5CVSS6.7AI score0.01136EPSS
Exploits0References7
Prion
Prion
added 2020/12/08 8:15 p.m.18 views

Input validation

A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A malicious application may be able to determine a user's open tabs in Safari...

4.3CVSS5.2AI score0.00914EPSS
Exploits0References3Affected Software3
CVE
CVE
added 2020/12/08 7:30 p.m.91 views

CVE-2020-9969

CVE-2020-9969 affects macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. Description from Apple Security Advisories shows an access issue that allowed a local user to view sensitive information, addressed by applying additional sandbox restrictions. The remediation is upgradi...

5.5CVSS5.1AI score0.00336EPSS
Exploits0References5Affected Software5
Positive Technologies
Positive Technologies
added 2020/11/12 12:0 a.m.2 views

PT-2020-20913 · Apple · Macos Big Sur +4

Name of the Vulnerable Software and Affected Versions: macOS Big Sur version 11.0.1 and earlier iOS versions prior to 14.0 iPadOS versions prior to 14.0 Description: A validation issue existed in the entitlement verification, which was addressed with improved validation of the process entitlement...

5.5CVSS5.4AI score0.00914EPSS
Exploits0References10
Prion
Prion
added 2020/10/16 5:15 p.m.26 views

Design/Logic Flaw

This issue was addressed by encrypting communications over the network to devices running iOS 14, iPadOS 14, tvOS 14, and watchOS 7. This issue is fixed in iOS 14.0 and iPadOS 14.0, Xcode 12.0. An attacker in a privileged network position may be able to execute arbitrary code on a paired device...

9.3CVSS7.5AI score0.02986EPSS
Exploits1References3Affected Software3
CVE
CVE
added 2020/10/16 4:56 p.m.125 views

CVE-2020-9992

CVE-2020-9992 affects Apple's IDE Device Support in Xcode 12.0 and iOS/iPadOS 14 (paired-device remote debugging). The vulnerability allows an attacker in a privileged network position to execute arbitrary code on a paired device during a debug session over the network. Apple addressed this by en...

9.3CVSS7.5AI score0.02986EPSS
Exploits1References3Affected Software3
Cvelist
Cvelist
added 2020/10/16 4:56 p.m.37 views

CVE-2020-9992

This issue was addressed by encrypting communications over the network to devices running iOS 14, iPadOS 14, tvOS 14, and watchOS 7. This issue is fixed in iOS 14.0 and iPadOS 14.0, Xcode 12.0. An attacker in a privileged network position may be able to execute arbitrary code on a paired device...

7.5AI score0.02986EPSS
Exploits1References3
Schneier on Security
Schneier on Security
added 2020/10/07 11:5 a.m.21 views

New Privacy Features in iOS 14

A good rundown...

3.6AI score
Exploits0
Citrix
Citrix
added 2020/09/17 12:0 a.m.6 views

MDM Enrollment Fails Consistently On iOS 14 Devices On Citrix Endpoint Management (On-Prem)

MDM Enrollment Fails Consistently On iOS 14 Devices On Citrix Endpoint Management Server On-Prem...

6.8AI score
Exploits0
Rows per page
Query Builder