(Pwn2Own) Apple macOS kextload Time-Of-Check Time-Of-Use Memory Corruption Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of kernel...

Design/Logic Flaw

Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because...

Apple Mac OS X 10.x KExtLoad Buffer Overflow Weakness

No description provided by source. source: http://www.securityfocus.com/bid/20034/info Apple Mac OS X kextload is prone to a buffer-overflow vulnerability because it fails to sufficiently bounds-check user-supplied data before copying it to a finite-sized memory buffer. This issue is not...

Apple Mac OS X 10.x KExtLoad Format String Weakness

No description provided by source. source: http://www.securityfocus.com/bid/20031/info Apple Mac OS X 'kextload' is prone to a format-string vulnerability because it fails to sufficiently sanitize user-supplied input data. This issue is not exploitable by itself, because kextload is not installed...

CVE-2006-4866

Buffer overflow in kextload in Apple OS X, as used by TDIXSupport in Roxio Toast Titanium and possibly other products, allows local users to execute arbitrary code via a long extension argument...

CVE-2006-4866

CVE-2006-4866: Buffer overflow in Apple OS X kextload (used by TDIXSupport in Roxio Toast Titanium) can allow a local user to execute arbitrary code via a long extension argument. Exploitation is local with low complexity and no authentication; CVSS notes partial impact to confidentiality, integr...

CVE-2006-4866

Buffer overflow in kextload in Apple OS X, as used by TDIXSupport in Roxio Toast Titanium and possibly other products, allows local users to execute arbitrary code via a long extension argument...

Apple Mac OSX 10.x - KExtLoad Format String

Apple Mac OSX 10.x - KExtLoad Format String source: https://www.securityfocus.com/bid/20031/info Apple Mac OS X 'kextload' is prone to a format-string vulnerability because it fails to sufficiently sanitize user-supplied input data. This issue is not exploitable by itself, because kextload is not...

Apple Mac OSX 10.x - KExtLoad Buffer Overflow

source: https://www.securityfocus.com/bid/20034/info Apple Mac OS X kextload is prone to a buffer-overflow vulnerability because it fails to sufficiently bounds-check user-supplied data before copying it to a finite-sized memory buffer. This issue is not exploitable by itself, because kextload is...

Apple Mac OSX 10.x - KExtLoad Format String

source: https://www.securityfocus.com/bid/20031/info Apple Mac OS X 'kextload' is prone to a format-string vulnerability because it fails to sufficiently sanitize user-supplied input data. This issue is not exploitable by itself, because kextload is not installed as a setuid-superuser application...

CVE-2004-1398

CVE-2004-1398 describes a format string vulnerability in prelink.c within kextload on Apple OS X, used by TDIXSupport in Roxio Toast Titanium and possibly other products. The underlying issue arises from format string specifiers in the extension argument, enabling local users to execute arbitrary...

CVE-2004-1398

Format string vulnerability in prelink.c in kextload in Apple OS X, as used by TDIXSupport in Roxio Toast Titanium and possibly other products, allows local users to execute arbitrary code via format string specifiers in the extension argument...