EUVD-2007-4673

Malware in sbrugna...

macOS iMessage - Heap Overflow when Deserializing Exploit

macOS iMessage - Heap Overflow when Deserializing Exploit There is a heap overflow in NSURL initWithCoder: that can be reached via iMessage and likely other paths. When an NSURL is deserialized, one property its plist can contain is NS.minimalBookmarkData, which is then used as a parameter for...

macOS iMessage - Heap Overflow when Deserializing

There is a heap overflow in NSURL initWithCoder: that can be reached via iMessage and likely other paths. When an NSURL is deserialized, one property its plist can contain is NS.minimalBookmarkData, which is then used as a parameter for NSURL...

macOS iMessage - Heap Overflow when Deserializing

macOS iMessage - Heap Overflow when Deserializing There is a heap overflow in NSURL initWithCoder: that can be reached via iMessage and likely other paths. When an NSURL is deserialized, one property its plist can contain is NS.minimalBookmarkData, which is then used as a parameter for NSURL...

Apple iOS NSURL Certificate Validation Vulnerability

Apple iOS is the latest operating system that runs on Apple's iPhone and iPod touch devices. Apple iOS has a certificate validation vulnerability in NSURL when the certificate is changed, allowing attackers in a privileged network location to intercept SSL/TLS links...

Information disclosure

The NSURL implementation in the CFNetwork SSL component in Apple iOS before 9 does not properly verify X.509 certificates from SSL servers after a certificate change, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2015-5824

CVE-2015-5824 affects CFNetwork SSL in Apple’s software stack (NSURL) on iOS before 9, where certificate verification fails after a certificate change. This enables man-in-the-middle attackers in privileged network positions to spoof servers and obtain data. Root cause: improper validation of X.5...

dTunes 2.72 (Filename Processing) Local Format String PoC

Exploit for unknown platform in category dos / poc ========================================================= dTunes 2.72 Filename Processing Local Format String PoC ========================================================= !/usr/bin/perl dTunes 2.72 local format string PoC filename processing...

Apple Mac OS X v10.4.11之前版本多个安全漏洞

BUGTRAQ ID: 26444 CVECAN ID:...

CVE-2007-4691

The NSURL component in Apple Mac OS X 10.4 through 10.4.10 performs case-sensitive comparisons that allow attackers to bypass intended restrictions for local file system URLs...

Design/Logic Flaw

The NSURL component in Apple Mac OS X 10.4 through 10.4.10 performs case-sensitive comparisons that allow attackers to bypass intended restrictions for local file system URLs...

CVE-2007-4691

The NSURL component in Apple Mac OS X 10.4 through 10.4.10 performs case-sensitive comparisons that allow attackers to bypass intended restrictions for local file system URLs...

CVE-2007-4691

Apple Mac OS X 10.4–10.4.10 is affected by CVE-2007-4691, where NSURL’s case-sensitive local-file URL checks allow bypassing intended restrictions on local file system URLs. Consequence: potential access to local or mounted volumes without proper warnings. Mitigation: upgrade to Mac OS X 10.4.11 ...

Mac OS X < 10.4.11 Multiple Vulnerabilities (Security Update 2007-008)

The remote host is running a version of Mac OS X 10.4 which is older than version 10.4.11 or a version of Mac OS X 10.3 which does not have Security Update 2007-008 applied. This update contains several security fixes for the following programs : - Flash Player Plugin - AppleRAID - BIND - bzip2 -...