26 matches found
EUVD-2014-1334
Malware in sbrugna...
EUVD-2014-1333
Malware in sbrugna...
In-the-wild iOS Exploit Chain 3
Posted by Ian Beer, Project Zero TL;DR This chain targeted iOS 11-11.4.1, spanning almost 10 months. This is the first chain we observed which had a separate sandbox escape exploit. The sandbox escape vulnerability was a severe security regression in libxpc, where refactoring lead to a bounds che...
macOS XNU - Copy-on-Write Behaviour Bypass via Partial-Page Truncation of File Exploit
/ XNU has various interfaces that permit creating copy-on-write copies of data between processes, including out-of-line message descriptors in mach messages. It is important that the copied memory is protected against later modifications by the source process; otherwise, the source process might ...
(Pwn2Own) Apple macOS launchd Improper Access Check Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of Mach...
(Pwn2Own) Apple macOS Dock Service DSSetDesktopForDisplayAndSpace Uninitialized Pointer Privilege Escalation Vulnerability
This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of Mac...
Apple macOS Dock Service DSSetPreferences Uninitialized Pointer Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of Mach...
Apple macOS Dock Service DSSetProcessRecents Uninitialized Pointer Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of Mach...
Apple macOS Dock Service DSCopyPreferences Uninitialized Pointer Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of Mach...
Apple macOS Dock Service DSMinimizeWindowWithTitle Uninitialized Pointer Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of Mach...
Apple macOS Dock Service DSSetProcessLabel Uninitialized Pointer Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of Mach...
Apple macOS Dock Service DSSetItemTitle Uninitialized Pointer Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of Mach...
Apple macOS 10.12 - Double vm_deallocate in Userspace MIG Code Use-After-Free
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=954 Proofs of Concept: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/40954.zip Userspace MIG services often use machmsgserver or machmsgserveronce to implent an RPC server. These two functions a...
Apple Mac OSX / iOS - Unsandboxable Kernel Use-After-Free in Mach Vouchers
Exploit for multiple platform in category dos / poc / Source: https://code.google.com/p/google-security-research/issues/detail?id=553 The mach voucher subsystem fails to correctly handle spoofed no-more-senders messages. ipckobjectserver will be called for mach messages sent to kernel-owned mach...
Apple OS X mach message handling arbitrary code execution vulnerability
Apple OS X is an operating system developed by Apple Inc. Apple OS X suffers from a security vulnerability in the handling of mach messages, which allows an attacker to exploit the vulnerability to execute arbitrary code with kernel privileges...
Apple Mac OS X Multiple Vulnerabilities -07 (Sep 2014)
Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2014-1262
Apple Type Services ATS in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages that trigger memory corruption...
CVE-2014-1256
Buffer overflow in Apple Type Services ATS in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages...
CVE-2014-1255
Apple Type Services ATS in Apple OS X before 10.9.2 does not properly validate calls to the free function, which allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages...
Buffer overflow
Buffer overflow in Apple Type Services ATS in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages...