Integer overflow

An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.5.2, macOS Big Sur 11.7.8, iOS 15.7.7 and iPadOS 15.7.7, macOS Monterey 12.6.7, watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, macOS Ventura 13.4.1. An app may be able to execute arbitrary code with...

Zero-Day Alert: Apple Releases Patches for Actively Exploited Flaws in iOS, macOS, and Safari

Apple on Wednesday released a slew of updates for iOS, iPadOS, macOS, watchOS, and Safari browser to address a set of flaws it said were actively exploited in the wild. This includes a pair of zero-days that have been weaponized in a mobile surveillance campaign called Operation Triangulation tha...

Zero-Day Alert: Apple Releases Patches for Actively Exploited Flaws in iOS, macOS, and Safari

Apple on Wednesday released a slew of updates for iOS, iPadOS, macOS, watchOS, and Safari browser to address a set of flaws it said were actively exploited in the wild. This includes a pair of zero-days that have been weaponized in a mobile surveillance campaign called Operation Triangulation tha...

CVE-2020-36694

An issue was discovered in netfilter in the Linux kernel before 5.10. There can be a use-after-free in the packet processing context, because the per-CPU sequence count is mishandled during concurrent iptables rules replacement. This could be exploited with the CAPNETADMIN capability in an...

Vulnerabilities fixed in Apple macOS

Apple has fixed several vulnerabilities in macOS. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root rights Remote...

SUSE CVE-2021-3489

The eBPF RINGBUF bpfringbufreserve function in the Linux kernel did not check that the allocated size was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel and therefore, arbitrary code execution. This issue was fixed via commit 4b81ccebaeee "bp...

Exploit for Protection Mechanism Failure in Apple Ipados

WeightBufs: WeightBufs is a kernel r/w exploit for all Appl...

多款Apple产品 安全漏洞

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS version 15.6 and iPadOS version 15.6, where an application may be able to...

Exploring a New Class of Kernel Exploit Primitive

The security landscape is dynamic, changing often and as a result, attack surfaces evolve. MSRC receives a wide variety of cases spanning different products, bug types and exploit primitives. One particularly interesting primitive we see is an arbitrary kernel pointer read. These often happen whe...

Exploit for Improper Initialization in Linux Linux_Kernel

Dirty Pipe automatic root exploit CVE-2022-0847 !eaeasse...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Linux Linux_Kernel

CVE-2021-4204 Chinese writeup: https://tr3e.ee/posts/cve-2021...

An Azure Sphere kernel exploit — or how I learned to stop worrying and love the IoT

By Claudio Bozzato and Lilith ^.^;. As part of our continued research into Microsoft Azure Sphere, there are two vulnerabilities we discovered that we feel are particularly dangerous. For a full rundown of the 31 vulnerabilities we’ve discovered over the past year, check out our full recap... Thi...

Exploit for Exposed IOCTL with Insufficient Access Control in Dell Dbutil

DbUtilAx An extended proof-of-co...

PUB-A-110373476

In addrmatch of xfrm.h, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the kernel with System execution privileges needed. User interaction is not needed for exploitation...

An iOS hacker tries Android

Written by Brandon Azad, when working at Project Zero One of the amazing aspects of working at Project Zero is having the flexibility to direct my own research agenda. My prior work has almost exclusively focused on iOS exploitation, but back in August, I thought it could be interesting to try...

Exploit for CVE-2015-3636

PoC exploit for CVE-2015-3636, a vulnerability in the Linux kernel affecting 32-bit Android OS. The exploit targets the Linux kernel's socket timestamping functionality, specifically the SIOCGSTAMPNS ioctl command. The vulnerability allows an attacker to execute arbitrary code with elevated...

linuxkernel_pwn

It is an offensive tool for Linux kernel exploitation. The repository contains a Makefile that compiles and builds two exploits: expdoublefetch and expsidechannel. The primary CVE ID is not explicitly mentioned, but the exploits target Linux kernel vulnerabilities. The probable entry points are t...

Exploit for CVE-2016-2384

This repository contains a proof-of-concept exploit for the vulnerability in the usb-midi Linux kernel driver CVE-2016-2384. The exploit targets a use-after-free bug in the driver, which can be exploited to gain root privileges. The exploit consists of two parts: a userspace part poc.py and a...

CVE-2020-17396

CVE-2020-17396 affects Parallels Desktop (notably 15.1.4) via the prl_hypervisor module. The issue is an integer overflow caused by insufficient validation of user-supplied data, leading to a buffer allocation error and the possibility for a local attacker to escalate privileges and execute code ...

Safari Webkit JIT Exploit for iOS 7.1.2

This module exploits a JIT optimization bug in Safari Webkit. This allows us to write shellcode to an RWX memory section in JavaScriptCore and execute it. The shellcode contains a kernel exploit CVE-2016-4669 that obtains kernel rw, obtains root and disables code signing. Finally we download and...