10 matches found
EUVD-2014-4388
Malware in sbrugna...
Apple iOS/macOS - Kernel Memory Corruption due to Integer Overflow in IOHIDResourceQueue::enqueueReport
/ IOHIDResourceQueue inherits from IOSharedDataQueue and adds its own ::enqueueReport method, which seems to be mostly copy-pasted from IOSharedDataQueue and IODataQueue's ::enqueue methods. I reported a bunch of integer overflows in IODataQueue over four years ago CVE-2014-4389, apple issue...
Apple iOSmacOS - Kernel Memory Corruption due to Integer Overflow in IOHIDResourceQueue::enqueueReport
Apple iOSmacOS - Kernel Memory Corruption due to Integer Overflow in IOHIDResourceQueue::enqueueReport / IOHIDResourceQueue inherits from IOSharedDataQueue and adds its own ::enqueueReport method, which seems to be mostly copy-pasted from IOSharedDataQueue and IODataQueue's ::enqueue methods. I...
Apple Mac OSX iOS - Double-Delete IOHIDEventQueue::start Code Execution
Apple Mac OSX iOS - Double-Delete IOHIDEventQueue::start Code Execution Source: https://code.google.com/p/google-security-research/issues/detail?id=542 The IOHIDLibUserClient allows us to create and manage IOHIDEventQueues corresponding to available HID devices. Here is the ::start method, which...
Apple Mac OSX / iOS - Double-Delete IOHIDEventQueue::start Code Execution
Source: https://code.google.com/p/google-security-research/issues/detail?id=542 The IOHIDLibUserClient allows us to create and manage IOHIDEventQueues corresponding to available HID devices. Here is the ::start method, which can be reached via the IOHIDLibUserClient::startQueue external method:...
Apple TV < 7.0.2 Multiple Vulnerabilities
Binary data 8939.prm...
Apple iOS 8.x < 8.1.1 Multiple Vulnerabilities.
Binary data 8940.prm...
APPLE-SA-2014-11-17-3 Apple TV 7.0.2
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-11-17-3 Apple TV 7.0.2 Apple TV 7.0.2 is now available and addresses the following: Apple TV Available for: Apple TV 3rd generation and later Impact: An attacker with a privileged network position may cause an unexpected application...
Apple TV < 7.0.2 Multiple Vulnerabilities
According to its banner, the remote Apple TV device is a version prior to 7.0.2. It is, therefore, affected by the following vulnerabilities : - Multiple memory corruption issues exist related to the included version of WebKit that allow application crashes or arbitrary code execution...
Code injection
The kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly validate IOSharedDataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted application...