162 matches found
Apple iOS 10.3.2 - Notifications API Denial of Service
Apple iOS 10.3.2 - Notifications API Denial of Service Exploit Title: Apple iOS 10.3.2 - Notifications API Denial of Service Date: 05-15-2017 Exploit Author: Sem Voigtländer @OxFEEDFACE, Vincent Desmurs @vincedes3 and Joseph Shenton Vendor Homepage: https://apple.com Software Link:...
Apple iOS < 10.3.2 - Notifications API Denial of Service
Exploit for iOS platform in category dos / poc Exploit Title: Apple iOS 10.3.2 - Notifications API Denial of Service Date: 05-15-2017 Exploit Author: Sem Voigtländer @OxFEEDFACE, Vincent Desmurs @vincedes3 and Joseph Shenton Vendor Homepage: https://apple.com Software Link:...
Apple iOS < 10.3.2 - Notifications API Denial of Service
Exploit Title: Apple iOS 10.3.2 - Notifications API Denial of Service Date: 05-15-2017 Exploit Author: Sem Voigtländer @OxFEEDFACE, Vincent Desmurs @vincedes3 and Joseph Shenton Vendor Homepage: https://apple.com Software Link: https://support.apple.com/en-us/HT207798 Version: iOS 10.3.2 Tested o...
HandBrake for Mac Compromised with Proton Spyware
The handlers of the open source HandBrake video transcoder are warning anyone who recently downloaded the Mac version of the software that they’re likely infected with malware. HandBrake warned users on Saturday of a compromise of one of its mirror download servers, and said anyone who grabbed th...
Introduction to Reverse Engineering Cocoa Applications
While not as common as Windows malware, there has been a steady stream of malware discovered over the years that runs on the OS X operating system, now rebranded as macOS. February saw three particularly interesting publications on the topic of macOS malware: a Trojan Cocoa application that sends...
Atlassian Confluence AppFusions Doxygen 1.3.0 Path Traversal
RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: AppFusions Doxygen for Atlassian Confluence Vendor URL: www.appfusions.com Type: Path Traversal CWE-22 Date found: 2016-06-23 Date published: - CVSSv3 Score: 6.3...
Objective Development Little Snitch Buffer Overflow Vulnerability
Objective Development Little Snitch is a suite of personal security software for Mac from the Austrian company Objective Development. A buffer overflow vulnerability exists in Objective Development Little Snitch versions 3.0 through 3.6.1. A local attacker can exploit this vulnerability to gain...
SOL77323091 - Objective Systems ASN1C Compiler vulnerability CVE-2016-5080
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
Vulnerability in Objective Systems ASN1C Compiler Affecting Cisco Products
A vulnerability in the ASN1C compiler by Objective Systems affects Cisco ASR 5000 devices running StarOS and Cisco Virtualized Packet Core VPC systems. The vulnerability could allow an unauthenticated, remote attacker to create a denial of service DoS condition or potentially execute arbitrary...
Security Bulletin: ASN. 1 coding in the presence of a heap memory corruption vulnerability-vulnerability warning-the black bar safety net
! ! 1. Security Bulletin information Title: Objective system integrated Co., Ltd. The design of the ASN. 1 coding specification in the presence of one can lead to heap memory corruption vulnerabilities. Vulnerability CVE number: CVE-2 0 1 6-5 0 8 0 Announcement of the URL address:...
CVE-2016-5080
Integer overflow in the rtxMemHeapAlloc function in asn1rta.lib in Objective Systems ASN1C for C/C++ before 7.0.2 allows context-dependent attackers to execute arbitrary code or cause a denial of service heap-based buffer overflow, on a system running an application compiled by ASN1C, via crafted...
CVE-2016-5080
CVE-2016-5080 affects Objective Systems ASN1C for C/C++ (asn1rt_a.lib, rtxMemHeapAlloc). The vulnerability is an integer overflow in ASN1C-generated code prior to version 7.0.2, allowing context-dependent attackers to potentially execute arbitrary code or cause a heap-based DoS via crafted ASN.1 ...
Objective Systems ASN1C generates code that contains a heap overflow vulnerability
Overview ASN.1 is a standard representation of data for networking and telecommunications applications. Objective System's ASN1C compiler generates C and C++ code that may be vulnerable to heap overflow. Description CWE-122: Heap-based Buffer Overflow - CVE-2016-5080ASN1C is used to generate...
Little Snitch Bug Leaves Some Mac Systems Open to Attack
Trusted Mac OS X firewall Little Snitch is vulnerable to local privilege escalation attacks that could give criminals the ability plant rootkits and keyloggers on some El Capitan systems. The Little Snitch firewall vulnerability was found by Synack Director of Research and well-known OS X hacker...
Zombie Objective - Customized SSL, Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Zombie Objective published at the 'play' market has multiple vulnerabilities...
Hot or Not? The Benefits and Risks of iOS Remote Hot Patching
Introduction Apple has made a significant effort to build and maintain a healthy and clean app ecosystem. The essential contributing component to this status quo is the App Store, which is protected by a thorough vetting process that scrutinizes all submitted applications. While the process is...
iBackDoor: High-Risk Code Hits iOS Apps
Introduction FireEye mobile researchers recently discovered potentially “backdoored” versions of an ad library embedded in thousands of iOS apps originally published in the Apple App Store. The affected versions of this library embedded functionality in iOS apps that used the library to display...
OS X Install.framework suid Helper Privilege Escalation Vulnerability
Exploit for macOS platform in category local exploits Source: https://code.google.com/p/google-security-research/issues/detail?id=314 The private Install.framework has a few helper executables in /System/Library/PrivateFrameworks/Install.framework/Resources, one of which is suid root: -rwsr-sr-x ...
Apple Mac OSX - Install.framework suid Helper Privilege Escalation
Source: https://code.google.com/p/google-security-research/issues/detail?id=314 The private Install.framework has a few helper executables in /System/Library/PrivateFrameworks/Install.framework/Resources, one of which is suid root: -rwsr-sr-x 1 root wheel 113K Oct 1 2014 runner Taking a look at i...
Coinbase: Runtime manipulation iOS app breaking the PIN
I was able to bypass your pin protection by doing runtime manipulation in iOS app 1.Installed the snoop it in device 2.By going snoop it tool settings choose the coinbase app 3.I already set the the pin in coinbase app 4.Open the coinbase app it is asking for PIN 5.Now browsing the snoopit...