169 matches found
CVE-2020-17391
This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.3-47255. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...
CVE-2020-17390
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.2-47123. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...
Parallels Desktop Out-of-Bounds Read Elevation of Privilege Vulnerability
Parallels Desktop is a virtual machine software that runs on Mac computers. An out-of-bounds read elevation of privilege vulnerability exists in prlhypervisor kext in versions prior to Parallels Desktop 16.0.0 48916. The vulnerability stems from a lack of proper validation of user-supplied data. ...
Parallels Desktop hypervisor Out-Of-Bounds Read Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the hypervisor...
Apple macOS Catalina Sandbox Component Command Injection Vulnerability
Apple macOS Catalina is a specialized operating system developed by Apple for Mac computers, of which Sandbox is a sandbox component. A command injection vulnerability exists in the Sandbox component in Apple macOS Catalina versions prior to 10.15.6, which stems from the program failing to proper...
Santa - A Binary Whitelisting/Blacklisting System For macOS
Santa is a binary whitelisting/blacklisting system for macOS. It consists of a kernel extension or a system extension on macOS 10.15+ that monitors for executions, a userland daemon that makes execution decisions based on the contents of a SQLite database, a GUI agent that notifies the user in ca...
Multiple Apple Products IOHIDFamily Component Buffer Overflow Vulnerability
Apple iOS is an operating system for mobile devices. apple watchOS is an operating system for smartwatches. apple iPadOS is an operating system for iPad tablets. iOHIDFamily is one of the kernel extensions abstract interfaces to human interface devices components. Abstract Interface for Human...
Crescendo: Real Time Event Viewer for macOS
Prior to 2017, researchers couldn’t easily monitor actions performed by a process on macOS and had to resort to coding scripts that produced low level system call data. FireEye released Monitor.app in 2017 that enabled collection of information on macOS at a higher level; at a simplified data set...
Apple macOS IO80211Family Stack-based Buffer Overflow Information Disclosure Vulnerability
This vulnerability allows local attackers to disclose sensitive information on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...
Apple macOS Mojave IOKit Component Authentication Issue Vulnerability
Apple macOS Mojave is a specialized operating system developed by Apple for Mac computers.IOKit is one of the components that reads system information. A security vulnerability exists in the IOKit component in Apple macOS Mojave versions prior to 10.14.5. A local attacker could exploit this...
Apple macOS apfs Use-After-Free Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the apfs kernel extensio...
Apple iOS AppleFirmwareUpdateKext Arbitrary Code Execution Vulnerability
Apple iOS is an operating system on Apple smart devices. Apple iOS AppleFirmwareUpdateKext arbitrary code execution vulnerability can be exploited by a local attacker to execute arbitrary code...
MacOS Zero Day Allows Trusted Apps to Run Malicious Code
A researcher has revealed a zero-day flaw in Apple’s Mojave operating system tied to the way the OS verifies apps. The bug allows attackers to sneak past macOS security measures and run whitelisted apps that have been manipulated to run malicious code. macOS researcher Patrick Wardle revealed the...
MacPaw CleanMyMac X removeKextAtPath Elevation of Privilege Vulnerability
MacPaw CleanMyMac X is a cleaning tool dedicated to the macOS platform from MacPaw USA. The product is capable of removing junk files, history cache, logs, etc. from your computer. An input validation vulnerability exists in MacPaw CleanMyMac X version 4.04. A local attacker could exploit the...
Vulnerability Spotlight: Multiple Apple IntelHD5000 privilege escalation vulnerabilities
Tyler Bohan of Cisco Talos discovered this vulnerability. Executive Summary A memory corruption vulnerability exists in the IntelHD5000 kernel extension when dealing with graphics resources inside of Apple OSX 10.13.4. A library inserted into the VLC media application can cause an out-of-bounds...
Apple IntelHD5000 Graphics Process Token Privilege Escalation Vulnerability
Summary A memory corruption vulnerability exists in the IntelHD5000 kernel extension when dealing with graphics resources inside of OSX 10.13.4. A library inserted into the VLC media application can cause an out-of-bounds access inside of the KEXT leading to a use after free and invalid memory...
Apple IntelHD5000 Graphics Delete Resource Privilege Escalation Vulnerability
Summary A memory corruption vulnerability exists in the IntelHD5000 kernel extension when dealing with graphics resources inside of OSX 10.13.4. A library inserted into the VLC media application can cause an out-of-bounds access inside of the KEXT leading to a use after free and invalid memory...
CVE-2018-18859
Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because...
CVE-2018-18857
Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because...
CVE-2018-18858
Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because...