Lucene search
K

1177 matches found

HackRead
HackRead
added 2026/05/08 8:51 p.m.11 views

Fake macOS Troubleshooting Sites Used to Steal iCloud Data in ClickFix Scam

Microsoft researchers warn of a new ClickFix campaign targeting macOS with fake guides on Medium and Craft to deploy AMOS and SHub Stealer via Terminal commands...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/08 5:47 a.m.7 views

BIT-JRE-2026-20608

This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash...

8.8CVSS7.2AI score0.00229EPSS
Exploits0References20
AlpineLinux
AlpineLinux
added 2026/05/06 6:12 p.m.9 views

CVE-2026-7957

Out of bounds write in Media in Google Chrome on Mac, iOS prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS6.2AI score0.00291EPSS
Exploits0
OSV
OSV
added 2026/05/06 2:46 p.m.13 views

BIT-JAVA-MIN-2026-20676

This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A website may be able to track users through Safari web extensions...

5.3CVSS5.8AI score0.00222EPSS
Exploits0References5
OSV
OSV
added 2026/05/06 2:45 p.m.8 views

BIT-JAVA-MIN-2026-20652

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A remote attacker may be able to cause a denial-of-service...

7.5CVSS7.2AI score0.00608EPSS
Exploits0References20
OSV
OSV
added 2026/05/06 2:44 p.m.6 views

BIT-JAVA-MIN-2023-42917

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against...

8.8CVSS6.1AI score0.0937EPSS
Exploits0References21
OSV
OSV
added 2026/05/06 2:44 p.m.9 views

BIT-JAVA-MIN-2023-41993

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7...

8.8CVSS7.6AI score0.29179EPSS
Exploits3References9
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.11 views

PT-2026-38061

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A remote attacker may be able to cause a denial-of-service...

7.5CVSS7.2AI score0.00608EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/04/29 12:0 a.m.4 views

Mozilla Firefox ESR < 115.35.1

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 115.35.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-37 advisory. - Information disclosure due to incorrect boundary conditions in the Audio/Video component. This...

8.8CVSS6.1AI score0.00323EPSS
Exploits0References3
CVE
CVE
added 2026/04/21 5:41 p.m.15 views

CVE-2026-40604

CVE-2026-40604 affects ClearanceKit on macOS, where the opfilter system extension (bundle uk.craigbass.clearancekit.opfilter) can be suspended or signalled by any root process (SIGSTOP/SIGTERM/SIGKILL). While suspended, AUTH Endpoint Security events timeout and default to allow, silently bypassin...

8.2CVSS5.7AI score0.00105EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/04/21 5:41 p.m.8 views

EUVD-2026-24213

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.6, the opfilter Endpoint Security system extension bundle ID uk.craigbass.clearancekit.opfilter can be suspended with SIGSTOP or kill -STOP, or killed with SIGKILL/SIGTERM, by any...

8.2CVSS5.7AI score0.00105EPSS
Exploits0References1
Talos Blog
Talos Blog
added 2026/04/21 10:0 a.m.5 views

Bad Apples: Weaponizing native macOS primitives for movement and execution

As macOS adoption grows among developers and DevOps, it has become a high value target; however, native "living-off-the-land" LOTL techniques for the platform remain significantly under-documented compared to Windows. Adversaries can bypass security controls by repurposing native features like...

6.9AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/04/16 3:0 p.m.18 views

Dissecting Sapphire Sleet’s macOS intrusion from lure to compromise

In this article 1. Sapphire Sleet’s campaign lifecycle 2. Defending against Sapphire Sleet intrusion activity 3. Microsoft Defender detection and hunting guidance 4. Indicators of compromise Executive summary Microsoft Threat Intelligence uncovered a macOS‑focused cyber campaign by the North Kore...

6.3AI score
Exploits0
Adobe
Adobe
added 2026/04/14 12:0 a.m.16 views

APSB26-44 : Security update available for Adobe Acrobat Reader

Adobe has released a security update for Adobe Acrobat and Reader for Windows and macOS. This update addresses critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution and arbitrary file system read...

6.4AI score
Exploits0Affected Software3
CVE
CVE
added 2026/04/10 1:17 p.m.7 views

CVE-2026-33092

CVE-2026-33092 affects Acronis True Image OEM (macOS) before build 42571 and Acronis True Image (macOS) before build 42902. It is a local privilege escalation caused by improper handling of environment variables, with CVSSv3.0 vector LOCAL/LOW/PR:L/UI:N and impact on confidentiality, integrity, a...

7.8CVSS7.1AI score0.00181EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.7 views

Acronis True Image 安全漏洞

Acronis True Image is a renowned data backup and restoration software developed by the Swiss company Acronis. This software can be used to create drive and disk images, and to restore those images when a clean system is required. Acronis True Image OEM versions prior to 42571 and macOS 42902...

7.8CVSS7.1AI score0.00181EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/08 8:13 p.m.4 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the rotateFileVaultKey function in orbit/pkg/useraction/useractiondarwin.go. An attacker can execute arbitrary commands on macOS by supplying a crafted FileVault username or password that is interpolated into the...

8.5CVSS6.3AI score0.00111EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/08 12:0 a.m.4 views

Google Chrome < 147.0.7727.55 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 147.0.7727.55. It is, therefore, affected by multiple vulnerabilities as referenced in the 202604stable-channel-update-for-desktop advisory. - Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed an attack...

9.8CVSS7.8AI score0.00608EPSS
Exploits0References121
CVE
CVE
added 2026/04/04 12:0 a.m.16 views

CVE-2026-34779

CVE-2026-34779 affects Electron on macOS prior to patches 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8. The vulnerability arises in the AppleScript fallback path used by app.moveToApplicationsFolder(), which failed to properly handle certain characters in the application bundle path. Under specific ...

7.8CVSS6.1AI score0.00161EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2026/04/03 2:46 a.m.3 views

Command Injection

Overview electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Command Injection in the app.moveToApplicationsFolder function on macOS when handling application bundle paths containing...

7.8CVSS6.2AI score0.00161EPSS
Exploits0References2
Rows per page
Query Builder