EUVD-2018-15871

Malware in sbrugna...

Apple macOS QuartzCore Type Confusion Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the QuartzCore Framework...

PT-2020-6828 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: Apple macOS affected versions not specified Description: The issue is related to a type confusion in the QuartzCore component of Mac OS, which can be exploited by launching the windowserver system process with incompatible types. This could...

Apple macOS Mojave QuartzCore Memory Corruption Vulnerability

Apple macOS Mojave is a specialized operating system developed by Apple for Mac computers, of which QuartzCore is a core drawing framework component. A memory corruption vulnerability exists in the QuartzCore component in Apple macOS Mojave versions prior to 10.14.4. An attacker can exploit this...

macOS and Mac OS X Multiple Vulnerabilities (Security Update 2019-001)

The remote host is running Mac OS X 10.12.6 and is missing a security update. It is therefore, affected by multiple vulnerabilities in the following components: - CoreAnimation - Hypervisor - Intel Graphics Driver - IOKit - Kernel - libxpc - QuartzCore C Tenable Network Security, Inc...

macOS 10.13.6 Multiple Vulnerabilities (Security Update 2019-001)

The remote host is running macOS 10.13.6 and is missing a security update. It is therefore, affected by multiple vulnerabilities in the following components: - Bluetooth - Core Media - CoreAnimation - FaceTime - Hypervisor - Intel Graphics Driver - IOKit - Kernel - libxpc - QuartzCore C Tenable...

macOS 10.14.x < 10.14.3 Multiple Vulnerabilities

The remote host is running a version of macOS / Mac OS X that is 10.14.x prior to 10.14.3. It is, therefore, affected by multiple vulnerabilities related to the following components: - AppleKeyStore - Bluetooth - Core Media - CoreAnimation - FaceTime - IOKit - Kernel - libxpc - Natural Language...

How to use QuartzCore Stack Overflow to achieve the iOS/macOS Safari sandbox escape-vulnerability warning-the black bar safety net

A vulnerability summary QuartzCore-that CoreAnimation is macOS and iOS is used to build animations scene graph of a framework. CoreAnimation uses a unique rendering of the model to a separate process to run the graphics operations. In macOS, the process is the WindowServer, and on iOS, the proces...

About the security content of watchOS 4.2.2 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...

CVE-2018-4085

An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "QuartzCore" component. It allows remote attackers to execute arbitrary code or cause a deni...

CVE-2018-4085

An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "QuartzCore" component. It allows remote attackers to execute arbitrary code or cause a deni...

Memory corruption

An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "QuartzCore" component. It allows remote attackers to execute arbitrary code or cause a deni...

CVE-2018-4085

An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "QuartzCore" component. It allows remote attackers to execute arbitrary code or cause a deni...

Apple macOS QuartzCore render_mask Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation o...

Arbitrary Code Execution Vulnerability in QuartzCore Component of Multiple Apple Products

Apple iOS, macOS High Sierra, tvOS, and watchOS are products of Apple Inc. Apple iOS is a suite of operating systems for mobile devices; macOS High Sierra is a specialized operating system for Mac computers; tvOS is a smart TV operating system; and watchOS is a smart watch operating system...

macOS and Mac OS X Multiple Vulnerabilities (Security Update 2018-001) (Meltdown)

The remote host is running Mac OS X 10.11.6 or Mac OS X 10.12.6 and is missing a security update. It is therefore, affected by multiple vulnerabilities affecting the following components : - Audio - curl - IOHIDFamily - Kernel - LinkPresentation - QuartzCore - Sandbox - Security - WebKit - Wi-Fi ...

macOS 10.13.x < 10.13.3 Multiple Vulnerabilities

The remote host is running a version of Mac OS X that is 10.13.x prior to 10.13.3. It is, therefore, affected by multiple vulnerabilities in the following components : - Audio - curl - IOHIDFamily - Kernel - LinkPresentation - QuartzCore - Sandbox - Security - WebKit - Wi-Fi Note that successful...

About the security content of watchOS 4.2.2

About the security content of watchOS 4.2.2 This document describes the security content of watchOS 4.2.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...

Apple iOS / OS X NSKeyedArchiver Memory Corruption(CVE-2017-2527)

CAMediaTimingFunctionBuiltin is a class in QuartzCore. Its initWithCoder: method reads an Int "index" then passes that to builtinfunction mov ebx, edi -- controlled unsigned int mov r14d, ebx lea r15, ZL9functions0 ; functions mov rax, r15+r148 if rax is non-null it's returned as an objective-c...

Apple iOS / macOS - NSKeyedArchiver Memory Corruption Due to Lack of Bounds Checking in CAMediaTimin

Exploit for multiple platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1175 CAMediaTimingFunctionBuiltin is a class in QuartzCore. Its initWithCoder: method reads an Int "index" then passes that to builtinfunction mov ebx, edi -- controlled unsigned...