CVE-2026-31961

Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 contains an unbounded memory allocation vulnerability when parsing Mach-O binaries. Exploitation requires that Quill processes an attacker-supplied Mach-O binary, which is most likely in...

EUVD-2026-11329

Quill has unbounded memory allocation via unvalidated size fields in Mach-O binary parsing...

Quill has unbounded memory allocation via unvalidated size fields in Mach-O binary parsing

Impact Quill before version v0.7.1 contains an unbounded memory allocation vulnerability when parsing Mach-O binaries. Exploitation requires that Quill processes an attacker-supplied Mach-O binary, which is most likely in environments such as CI/CD pipelines, shared signing services, or any...

EUVD-2007-6326

Malware in sbrugna...

EUVD-2006-6109

Malware in sbrugna...

An analysis of an in-the-wild iOS Safari WebContent to GPU Process exploit

By Ian Beer A graph representation of the sandbox escape NSExpression payload In April this year Google's Threat Analysis Group, in collaboration with Amnesty International, discovered an in-the-wild iPhone zero-day exploit chain being used in targeted attacks delivered via malicious link. The...

North Korea's Lazarus Hackers Targeting macOS Users Interested in Crypto Jobs

The infamous Lazarus Group has continued its pattern of leveraging unsolicited job opportunities to deploy malware targeting Apple's macOS operating system. In the latest variant of the campaign observed by cybersecurity company SentinelOne last week, decoy documents advertising positions for the...

CVE-2022-36041 Rizin Out-of-bounds Write vulnerability in Mach-O binary plugin

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when parsing Mach-O files. A user opening a malicious Mach-O file could be affected by this vulnerability, allowing an attacker to execute code on the...

Fuzzing iOS code on macOS at native speed

Or how iOS apps on macOS work under the hood Posted by Samuel Groß, Project Zero This short post explains how code compiled for iOS can be run natively on Apple Silicon Macs. With the introduction of Apple Silicon Macs, Apple also made it possible to run iOS apps natively on these Macs. This is...

Mac OS X <= 10.4.6 (launchd) Local Format String Exploit (x86)

No description provided by source. !/usr/bin/perl http://www.digitalmunition.com/FailureToLaunch.pl Code by Kevin Finisterre kflistsatdigitalmunitiondotcom This is a practical application of Non Executable Stack Lovin - http://www.digitalmunition.com/NonExecutableLovin.txt This code currently jum...

Design/Logic Flaw

The csvalidatepage function in bsd/kern/ubcsubr.c in the xnu kernel 1228.0 and earlier in Apple Mac OS X 10.5.1 allows local users to cause a denial of service failed assertion and system crash via a crafted signed Mach-O binary that causes the hashes function to return NULL...

CVE-2007-6359

The csvalidatepage function in bsd/kern/ubcsubr.c in the xnu kernel 1228.0 and earlier in Apple Mac OS X 10.5.1 allows local users to cause a denial of service failed assertion and system crash via a crafted signed Mach-O binary that causes the hashes function to return NULL...

CVE-2007-6261

Integer overflow in the loadthreadstack function in the Mach-O loader machloader.c in the xnu kernel in Apple Mac OS X 10.4 through 10.5.1 allows local users to cause a denial of service infinite loop via a crafted Mach-O binary...

CVE-2006-6126

Apple Mac OS X allows local users to cause a denial of service memory corruption via a crafted Mach-O binary with a malformed loadcommand data structure...

CVE-2006-6126

Technical details (affected software, root cause, impact, fixes) are not publicly available in the provided connected documents for CVE-2006-6126. Monitor for updates.

CVE-2006-6126

Apple Mac OS X allows local users to cause a denial of service memory corruption via a crafted Mach-O binary with a malformed loadcommand data structure...

Mac OS X &lt;= 10.4.6 (launchd) Local Format String Exploit (x86)

No description provided by source. !/usr/bin/perl http://www.digitalmunition.com/FailureToLaunch.pl Code by Kevin Finisterre kflistsatdigitalmunitiondotcom This is a practical application of Non Executable Stack Lovin - http://www.digitalmunition.com/NonExecutableLovin.txt This code currently jum...

Apple Mac OSX 10.4.6 (x86) - &#039;launchd&#039; Local Format String

!/usr/bin/perl http://www.digitalmunition.com/FailureToLaunch.pl Code by Kevin Finisterre kflistsatdigitalmunitiondotcom This is a practical application of Non Executable Stack Lovin - http://www.digitalmunition.com/NonExecutableLovin.txt This code currently jumps into 0x1811111 via dyldstubclose...