Apple macOS 10.13.4 Denial Of Service

Exploit Title: Apple MacOS 10.13.4 - Denial of Service PoC Date: 2019-09-10 Exploit Author: Sriram @SriHxor Vendor Homepage: https://support.apple.com/en-in/HT208848 Tested on: macOS High Sierra 10.13.4, iOS 11.3, tvOS 11.3, watchOS 4.3.0 CVE : CVE-2018-4240 2018 POC :...

CVE-2018-4187

An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. macOS before 10.13.4 Security Update 2018-001 is affected. The issue involves the "LinkPresentation" component. It allows remote attackers to spoof the UI via a crafted URL in a text message...

MacOS/iOS kernel heap overflow due to lack of lower size check in getvolattrlist(CVE-2018-4243)

getvolattrlist takes a user controlled bufferSize argument via the fgetattrlist syscall. When allocating a kernel buffer to serialize the attr list to there's the following comment: / Allocate a target buffer for attribute results. Note that since we won't ever copy out more than the caller...

Yosoro 1.0.4 - Remote Code Execution Vulnerability

Exploit for macOS platform in category web applications Exploit title: Yosoro 1.0.4 - Remote Code Execution Exploit Author: Carlo Pelliccioni Vendor homepage: https://yosoro.coolecho.net/ Software link: https://github.com/IceEnd/Yosoro/releases/download/v1.0.4/Yosoro-darwin-x64-1.0.4.zip Version:...

Yosoro 1.0.4 Remote Code Execution

Exploit title: Yosoro 1.0.4 - Remote Code Execution Date: 2018-05-29 Exploit Author: Carlo Pelliccioni Vendor homepage: https://yosoro.coolecho.net/ Software link: https://github.com/IceEnd/Yosoro/releases/download/v1.0.4/Yosoro-darwin-x64-1.0.4.zip Version: 1.0.4 Tested on: MacOS 10.13.4 CVE:...

Code injection

An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Status Bar" component. It allows invisible microphone access via a crafted app...

CVE-2018-4170

An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Admin Framework" component. It allows local users to discover a password by listing a process and its arguments during sysadminctl execution...

Race condition

An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "iCloud Drive" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app...

Out-of-bounds

An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service out-of-bounds read via a crafted app...