CoreGraphics Memory Corruption - CVE-2014-4377

Apple CoreGraphics library fails to validate the input when parsing the colorspace specification of a PDF XObject resulting in a heap overflow condition. A small heap memory allocation can be overflowed with controlled data from the input in any application linked with the affected framework. Usi...

CoreGraphics Information Disclosure - CVE-2014-4378

This article explores the exploitability of MobileSafari on IOS 7.1.x. Using a crafted PDF file as an HTML image makes it possible to leak information about the memory layout to the browser Javascript interpreter. Apple CoreGraphics library fails to validate input when parsing the colorspace...

Apple iPhone 2.2.1/3.x (MobileSafari) Crash & Reboot Exploit

No description provided by source. Apple iPhone MobileSafari Crash & Reboot TheLeader, GSOG st0p hotmail sp4m com Shoutz: hacking.org.il nullbyte.org.il Tested on iPod Touch 2G, OS 2.2.1 Launch MobileSafari, enter the page and MobileSafari will freeze. Wait for 4-5 minutes and the device will...

Apple iPhone Safari (body alink) Remote Crash

No description provided by source. ?php / / / / / // | / // \ | / / / / / /// / / / / / / / // / / / |/ / // / , / / // / / / / / //// //|///||/,/ / /// Live by the byte |// Members: Pr0T3cT10n -=M.o.B.=- TheLeader Sro Debug Contact: [email protected] -----------------------------------...

iPhone MobileSafari LibTIFF Buffer Overflow

No description provided by source. $Id: safarilibtiff.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...

Apple iOS MobileMail LibTIFF Buffer Overflow

No description provided by source. $Id: mobilemaillibtiff.rb 15950 2012-10-09 18:31:08Z rapid7 $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use...

Apple iPhone Safari (decodeURIComponent) Remote Crash

No description provided by source. ?php / / / / / // | / // \ | / / / / / /// / / / / / / / // / / / |/ / // / , / / // / / / / / //// //|///||/,/ / /// Live by the byte |// Members: Pr0T3cT10n -=M.o.B.=- TheLeader Sro Debug Contact: [email protected] -----------------------------------...

Apple iPhone Safari (JS .) Remote Crash

No description provided by source. ?php / / / / / // | / // \ | / / / / / /// / / / / / / / // / / / |/ / // / , / / // / / / / / //// //|///||/,/ / /// Live by the byte |// Members: Pr0T3cT10n -=M.o.B.=- TheLeader Sro Debug Contact: [email protected] -----------------------------------...

iOS 6.0-6.1.3 MobileSafari Crash

Crashes MobileSafari. Tested on iOS 6.0-6.1.3 Doxen now=new Date; document.writenow+""; document.write""; for i =0;i'; var str="DOXEN!"; document.writestr.toUpperCase; var d=new Date; document.writed.getFullYear; var d=new Date; document.writed.getTime + " ml sn 1994/08/10 swag"; 0day.today...

Apple iOS Mobile Mail - LibTIFF Buffer Overflow (Metasploit)

$Id: mobilemaillibtiff.rb 15950 2012-10-09 18:31:08Z rapid7 $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require...

Apple iOS MobileSafari LibTIFF Buffer Overflow

Exploit for hardware platform in category remote exploits $Id: safarilibtiff.rb 15950 2012-10-09 18:31:08Z rapid7 $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing...

iPhone 4S Falls at Hacker Contest; New iPhone 5 Vulnerable to Same Exploit

Two security researchers have already chipped the armor of the new iPhone, scheduled for release tomorrow. Joost Pol and Daan Keuper won the mobile Pwn2Own contest yesterday at EUSecWest event in Amsterdam by compromising a fully patched iPhone 4S device and stealing contacts, browsing history,...

Apple iOS MobileSafari LibTIFF Buffer Overflow

This module exploits a buffer overflow in the version of libtiff shipped with firmware versions 1.00, 1.01, 1.02, and 1.1.1 of the Apple iPhone. iPhones which have not had the BSD tools installed will need to use a special payload. This module requires Metasploit: https://metasploit.com/download...

iDefense Security Advisory 10.12.11: Apple MobileSafari Attachment Viewing Cross Site Scripting Vulnerability

iDefense Security Advisory 10.12.11 http://labs.idefense.com/intelligence/vulnerabilities/ Oct 12, 2011 I. BACKGROUND MobileSafari is Apple's mobile we browser for iOS devices. For more information about MobileSafari, please the visit following website:...

iDefense Security Advisory 10.12.11: Apple Mobile OfficeImport Framework Word Document Parsing Memory Corruption Vulnerability

iDefense Security Advisory 10.12.11 http://labs.idefense.com/intelligence/vulnerabilities/ Oct 12, 2011 I. BACKGROUND The OfficeImport framework is an API used by Apple's mobile devices, including the iPod Touch, iPhone, and iPad. The framework is used to parse and display Microsoft Office file...

Apple MobileSafari附件查看跨站脚本执行漏洞

CVE ID: CVE-2011-3426 MobileSafari是Apple的iOS设备的浏览器。 Apple公司的MobileSafari在处理Content-Disposition标头时存在安全漏洞，在不提示用户的情况下就打开附件内容，导致附件可以完全访问目标域的DOM，执行跨站脚本攻击，泄露敏感信息。攻击者通常使用社会工程学攻击或向受控站点插入内容。 Apple iOS 5 厂商补丁： Apple ----- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://support.apple.com/...

iDefense Security Advisory 03.21.11: Apple OfficeImport Framework Excel Memory Corruption Vulnerability

iDefense Security Advisory 03.21.11 http://labs.idefense.com/intelligence/vulnerabilities/ Mar 21, 2011 I. BACKGROUND The OfficeImport framework is an API used by Apple's mobile devices, including the iPod Touch, iPhone, and iPad. The framework is used to parse and display Microsoft Office file...

CVE-2011-0158

MobileSafari in Apple iOS before 4.3 does not properly implement application launching through URL handlers, which allows remote attackers to cause a denial of service persistent application crash via crafted JavaScript code...

Code injection

MobileSafari in Apple iOS before 4.3 does not properly implement application launching through URL handlers, which allows remote attackers to cause a denial of service persistent application crash via crafted JavaScript code...

CVE-2011-0158

MobileSafari in Apple iOS before 4.3 does not properly implement application launching through URL handlers, which allows remote attackers to cause a denial of service persistent application crash via crafted JavaScript code...