382 matches found
MacPaw CleanMyMac X Input Validation Vulnerability (CNVD-2019-23277)
MacPaw CleanMyMac X is a cleaning tool dedicated to the macOS platform. The product is capable of removing junk files, history cache, logs, etc. from your computer. MacPaw CleanMyMac X version 4.04 suffers from an input validation vulnerability that can be exploited by local attackers to cause a...
macOS 10.14.1 Carbon Core Memory corruption Vulnerability
CVE: CVE-2018-4463 Old and funny bug CVE-2018-4463 was patched by Apple in last macOS security update. Since 2015 Apple was exposing the users using Apple’s filesystem for stack overflow and infection by hidedd malware in DMG image. Insufficient patch for old vulnerability is the cause of problem...
Design/Logic Flaw
Nibbleblog 4.0.5 on macOS defaults to having .DSStore in each directory, causing DSStore information to leak...
macOS - 'sysctl_vfs_generic_conf' Stack Leak Through Struct Padding
/ The sysctls vfs.generic.conf. are handled by sysctlvfsgenericconf, which is implemented as follows: static int sysctlvfsgenericconf SYSCTLHANDLERARGS int name, namelen; struct vfstable vfsp; struct vfsconf vfsc; voidoidp; name = arg1; namelen = arg2; check for namelen==1 mountlistlock; for vfsp...
macOS - process_policy Stack Leak Through Uninitialized Field
macOS - processpolicy Stack Leak Through Uninitialized Field / The syscall processpolicyscope=PROCPOLICYSCOPEPROCESS, action=PROCPOLICYACTIONGET, policy=PROCPOLICYRESOURCEUSAGE, policysubtype=PROCPOLICYRUSAGECPU, attrp=, targetpid=0, targetthreadid= causes 4 bytes of uninitialized kernel stack...
iOS/MacOS kernel double free due to IOSurfaceRootUserClient not respecting MIG ownership rules(CVE-2017-13861)
I have previously detailed the lifetime management paradigms in MIG in the writeups for: CVE-2016-7612 https://bugs.chromium.org/p/project-zero/issues/detail?id=926 and CVE-2016-7633 https://bugs.chromium.org/p/project-zero/issues/detail?id=954 If a MIG method returns KERNSUCCESS it means that th...
macOS necp_get_socket_attributes so_pcb Type Confusion Exploit
Exploit for macOS platform in category dos / poc MacOS sopcb type confusion in necpgetsocketattributes CVE-2017-13855 When setsockopt is called on any socket with level SOLSOCKET and optname SONECPATTRIBUTES, necpgetsocketattributes is invoked. necpgetsocketattributes unconditionally calls...
Apple macOS 10.13.1 High Sierra - Insecure Cron System Local Privilege Escalation Vulnerability
Apple macOS version 10.13.1 High Sierra suffers from a cron related local privilege escalation vulnerability that allows you to gain root privileges. Recently I was working on an security issue in some other software that has yet to be disclosed which created a rather interesting condition. As a...
Apple macOS 10.13.1 High Sierra Cron Privilege Escalation
Recently I was working on an security issue in some other software that has yet to be disclosed which created a rather interesting condition. As a non-root user I was able to write to any file on the system that was not SIP-protected but the resulting file would not be root-owned, even if it...
Apple macOS 10.13.1 (High Sierra) - Insecure Cron System Local Privilege Escalation
Recently I was working on an security issue in some other software that has yet to be disclosed which created a rather interesting condition. As a non-root user I was able to write to any file on the system that was not SIP-protected but the resulting file would not be root-owned, even if it...
This Week in Security News
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back...
CVE-2017-2535
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Security" component. It allows attackers to conduct sandbox-escape attacks or cause a denial of service resource consumption via a crafted app...
Apple macOS 10.12.2 iOS 10.2 - _kernelrpc_mach_port_insert_right_trap Kernel Reference Count Leak Use-After-Free
Apple macOS 10.12.2 iOS 10.2 - kernelrpcmachportinsertrighttrap Kernel Reference Count Leak Use-After-Free / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=941 Proofs of Concept: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/40956.zip The...
Apple Mac OSX 10.9.x - sysmond XPC Privilege Escalation
Apple Mac OSX 10.9.x - sysmond XPC Privilege Escalation / Source: https://code.google.com/p/google-security-research/issues/detail?id=121 / / tested on OS X 10.9.5 - uses some hard-coded offsets which will have to be fixed-up for other versions! this poc uses liblorgnette to resolve some private...
CVE-2001-0921
Netscape 4.79 and earlier for MacOS allows an attacker with access to the browser to obtain passwords from form fields by printing the document into which the password has been typed, which is printed in cleartext...
CVE-1999-1076
Idle locking function in MacOS 9 allows local users to bypass the password protection of idled sessions by selecting the "Log Out" option and selecting a "Cancel" option in the dialog box for an application that attempts to verify that the user wants to log out, which returns the attacker into th...
MacOS Personal Wed Sharing DoS
Hello bugtraq readers and Apple Inc. The problem this time is that when File Sharing is set to check PWS logins, on a about 300char password the system freezes. This problem could be bigger, cause Macintosh File sharing passwords cannot be longer than 8 chars and many apps support File Sharing to...
Проблемы с защитой директорий в Apache под MacOS (case insensitive filesystem)
При использовании файловой системы с наименованием файлов не чуствительным к реестру можно обойти защиту каталогов...
Power On Software On Guard for MacOS 3.2 - Emergency Password
Power On Software On Guard for MacOS 3.2 - Emergency Password source: https://www.securityfocus.com/bid/553/info On Guard, a security program for MacOS, includes an emergency password feature in the event that the administrative password is lost or forgotten. If the user name 'emergency' is...
Ogopogo Autothenticate 1.1.5 - Weak Password Encryption
Ogopogo Autothenticate 1.1.5 - Weak Password Encryption source: https://www.securityfocus.com/bid/552/info Autothenticate is an extension for MacOS that remembers usernames and passwords from visited websites, and atomatically enters them when the site is visited again. It can be configured to...