98 matches found
Design/Logic Flaw
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "LaunchServices" component. It allows attackers to bypass the code-signing protection mechanism via a crafted app...
CVE-2018-4175
CVE-2018-4175 affects macOS LaunchServices prior to 10.13.4. A crafted app could bypass code-signing protection, enabling execution of modified Terminal and potentially arbitrary commands. Apple released macOS 10.13.4/security updates (HT208692) addressing this by enforcing code-signing protectio...
CVE-2018-4175
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "LaunchServices" component. It allows attackers to bypass the code-signing protection mechanism via a crafted app...
macOS and Mac OS X Multiple Vulnerabilities (Security Update 2018-002)
The remote host is running Mac OS X 10.11.6 or Mac OS X 10.12.6 and is missing a security update. It is therefore, affected by multiple vulnerabilities affecting the following components : - ATS - CFNetwork Session - CoreFoundation - CoreTypes - curl - Disk Images - iCloud Drive - Kernel - kext...
macOS 10.13.x < 10.13.4 Multiple Vulnerabilities
The remote host is running a version of macOS / Mac OS X that is 10.13.x prior to 10.13.4. It is, therefore, affected by multiple vulnerabilities in the following components : - Admin Framework - APFS - ATS - CoreFoundation - CoreText - Disk Images - Disk Management - File System Events - iCloud...
Apple iOS LaunchServices XPC Services API Security Restriction Bypass Vulnerability
iOS is an operating system developed by Apple for mobile devices, and supported devices include iPhone, iPod touch, iPad, and Apple TV. In Apple iOS versions prior to 9.3, a security restriction bypass vulnerability exists in the XPC Services API in LaunchServices, which allows a remote attacker ...
CVE-2016-1760
The XPC Services API in LaunchServices in Apple iOS before 9.3 allows attackers to bypass intended event-handler restrictions and modify an arbitrary app's events via a crafted app...
Design/Logic Flaw
The XPC Services API in LaunchServices in Apple iOS before 9.3 allows attackers to bypass intended event-handler restrictions and modify an arbitrary app's events via a crafted app...
CVE-2016-1760
CVE-2016-1760 affects iOS LaunchServices XPC Services API prior to iOS 9.3. The vulnerability arises from an event handler validation issue in the XPC Services API, which could allow a crafted app to bypass intended event-handler restrictions and modify events in arbitrary apps. The Apple advisor...
CVE-2016-1760
The XPC Services API in LaunchServices in Apple iOS before 9.3 allows attackers to bypass intended event-handler restrictions and modify an arbitrary app's events via a crafted app...
CVE-2015-7113
The LaunchServices component in Apple iOS before 9.2 and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service memory corruption via a malformed plist...
Memory corruption
The LaunchServices component in Apple iOS before 9.2 and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service memory corruption via a malformed plist...
CVE-2015-7113
The CVE-2015-7113 issue affects Apple iOS before 9.2 and watchOS before 2.1, targeting the LaunchServices component via a malformed plist. The underlying fault is memory corruption that can allow attackers to execute arbitrary code in a privileged context or cause a denial of service. Impact is d...
CVE-2015-7113
The LaunchServices component in Apple iOS before 9.2 and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service memory corruption via a malformed plist...
Apple iOS < 9.2 Multiple Vulnerabilities
Binary data appleios92check.nbin...
CVE-2015-1143
LaunchServices in Apple OS X before 10.10.3 allows local users to gain privileges via a crafted localized string, related to a "type confusion" issue...
CVE-2015-1142
LaunchServices in Apple OS X before 10.10.3 allows local users to cause a denial of service Finder crash via crafted localization data...
Code injection
LaunchServices in Apple OS X before 10.10.3 allows local users to cause a denial of service Finder crash via crafted localization data...
Type confusion
LaunchServices in Apple OS X before 10.10.3 allows local users to gain privileges via a crafted localized string, related to a "type confusion" issue...
CVE-2015-1142
CVE-2015-1142 affects Apple OS X LaunchServices prior to 10.10.3, where crafted localization data can trigger a local denial-of-service (Finder crash). The NVD entry lists the impact as Denial of Service with partial availability impact, and the recommended remediation is to update to the latest ...