854 matches found
The vulnerability in the XNU kernel of iOS, Mac OS, and TV OS allows attackers to perform unauthorized changes to the memory shared among processes.
The vulnerability of the XNU-based operating systems such as iOS, Mac OS, and TV OS is related to errors in the memory initialization mechanism. Exploiting this vulnerability allows an attacker to perform unauthorized changes to the memory shared among processes, using specially crafted executabl...
macOS 0-Day Flaw Lets Hackers Bypass Security Features With Synthetic Clicks
A security researcher who last year bypassed Apple's then-newly introduced macOS privacy feature has once again found a new way to bypass security warnings by performing 'Synthetic Clicks' on behalf of users without requiring their interaction. Last June, Apple introduced a core security feature ...
CVE-2019-10038
Evernote 7.9 on macOS allows attackers to execute arbitrary programs by embedding a reference to a local executable file such as the /Applications/Calculator.app/Contents/MacOS/Calculator file...
Information Disclosure in GlobalProtect App
An information disclosure vulnerability exists in the GlobalProtect App for Windows and macOS VU192371. Successful exploitation of this issue would allow a local authenticated attacker to access authentication and/or session tokens and replay them to spoof the VPN session and gain access as the...
CVE-2018-15749
The Pulse Secure Desktop macOS 5.3RX before 5.3R5 and 9.0R1 has a Format String Vulnerability...
chromium-browser: Fullscreen UI spoof
Incorrect handling of asynchronous methods in Fullscreen in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to enter full screen without showing a warning via a crafted HTML page...
PrivateVPN for macOS Privilege Permission and Access Control Vulnerability (CNVD-2018-04750)
PrivateVPN for macOS is a macOS-based VPN software for anonymous access to the Internet. A privilege permission and access control vulnerability exists in PrivateVPN for macOS-based platforms. An attacker can exploit the vulnerability by sending an XPC message to the XPC service with a...
CVE-2018-7281
CactusVPN 5.3.6 for macOS contains a root privilege escalation vulnerability through a setuid root binary called runme. The binary takes a single command line argument and passes this argument to a system call, thus allowing low privileged users to execute commands as root...
CVE-2018-7281
CactusVPN 5.3.6 for macOS contains a root privilege escalation vulnerability through a setuid root binary called runme. The binary takes a single command line argument and passes this argument to a system call, thus allowing low privileged users to execute commands as root...
Google Researcher Releases iOS Exploit—Could Enable iOS 11 Jailbreak
As promised last week, Google's Project Zero researcher Ian Beer now publicly disclosed an exploit that works on almost all 64-bit Apple devices running iOS 11.1.2 or earlier, which can be used to build an iOS jailbreak, allowing users to run apps from non-Apple sources. On Monday morning, Beer...
GlobalProtect App Vulnerability
An "image path execution hijacking" vulnerability affects the Palo Alto Networks Global Protect Client. Exploitation of this issue requires the root privileges on the local station. An attacker could exploit this vulnerability to obtain a certain level of persistence on the compromised host. ref...
CVE-2017-13801
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Dictionary Widget" component. It allows attackers to read local files if pasted text is used in a search...
CVE-2017-7149
An issue was discovered in certain Apple products. macOS before 10.13 Supplemental Update is affected. The issue involves the "StorageKit" component. It allows attackers to discover passwords for APFS encrypted volumes by reading Disk Utility hints, because the stored hint value was accidentally...
CVE-2017-2451
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Security" component. It allows attackers to execute arbitrary code in a privileged context or cau...
Code injection
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app...
Design/Logic Flaw
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "iBooks" component. It allows remote attackers to obtain sensitive information from local files via a file: URL in an iBooks file...
Vulnerabilities of iOS and Mac OS X operating systems, allowing attackers to trigger service interruptions or execute arbitrary code
The vulnerability of the CoreMedia Playback component in iOS and Mac OS X operating systems arises from an operation that occurs outside the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause a service failure memory corruption, application...
CVE-2016-7662
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Security" component, which allows remote attackers to spoof certificates via unspecified vectors...
Apple macOS Denial of Service Vulnerability
Apple macOS is a specialized operating system developed by Apple for Mac computers. A denial of service vulnerability exists in Apple macOS version 10.12.2, which is caused by a man-in-the-middle attack on the Safari SSL "handshake" process that results in memory exhaustion, and can be exploited ...
UBUNTU-CVE-2016-5167
Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors...