15 matches found
CVE-2026-44308
CVE-2026-44308 concerns Spring Cloud AWS, where the SNS HTTP/HTTPS endpoint support methods (@NotificationMessageMapping, @NotificationSubscriptionMapping, @NotificationUnsubscribeConfirmationMapping) failed to verify incoming SNS message signatures from versions 3.0.0 through 4.0.1. An unauthent...
Spring Cloud AWS missing SNS message signature verification allows spoofing of HTTP/HTTPS endpoint notifications
Impact Applications using Spring Cloud AWS SNS HTTP/HTTPS endpoint support @NotificationMessageMapping, @NotificationSubscriptionMapping, @NotificationUnsubscribeConfirmationMapping did not verify the signature of incoming SNS messages. An unauthenticated attacker who knows the endpoint URL could...
CVE-2024-39767 Spoofed push notifications from malicious server
Mattermost Mobile Apps versions =2.16.0 fail to validate that the push notifications received for a server actually came from this serve that which allows a malicious server to send push notifications with another server’s diagnostic ID or server URL and have them show up in mobile apps as that...
PT-2024-19757 · Apple · Visionos +2
Name of the Vulnerable Software and Affected Versions: visionOS versions prior to 1.1 iOS versions prior to 17.4 iOS versions prior to 16.7.6 iPadOS versions prior to 17.4 iPadOS versions prior to 16.7.6 Description: An app may be able to spoof system notifications and UI. This issue was addresse...
Apple Mac OSX - IOBluetoothHCIPacketLogUserClient Memory Corruption
Exploit for macOS platform in category dos / poc / Source: https://code.google.com/p/google-security-research/issues/detail?id=572 The OS data types OSArray etc are explicity not thread safe; they rely on their callers to implement the required locking to serialize all accesses and manipulations ...
Apple Mac OSX - Kernel IOAccelDisplayPipeUserClient2 Use-After-Free
Exploit for macOS platform in category dos / poc / Source: https://code.google.com/p/google-security-research/issues/detail?id=565 Kernel UaF with IOAccelDisplayPipeUserClient2 with spoofed no more senders notifications repro: while true; do ./iospoofig4; done Likely to crash in various ways; hav...
Apple Mac OSX - Kernel IOAccelMemoryInfoUserClient Use-After-Free
Exploit for macOS platform in category dos / poc / Source: https://code.google.com/p/google-security-research/issues/detail?id=566 Kernel UaF with IOAccelMemoryInfoUserClient with spoofed no more senders notifications repro: while true; do ./iospoofig7; done Tested on ElCapitan 10.11 15a284 on...
Apple Mac OSX Kernel - IOAccelDisplayPipeUserClient2 Use-After-Free
Apple Mac OSX Kernel - IOAccelDisplayPipeUserClient2 Use-After-Free / Source: https://code.google.com/p/google-security-research/issues/detail?id=565 Kernel UaF with IOAccelDisplayPipeUserClient2 with spoofed no more senders notifications repro: while true; do ./iospoofig4; done Likely to crash i...
Apple Mac OSX Kernel - IOAccelMemoryInfoUserClient Use-After-Free
Apple Mac OSX Kernel - IOAccelMemoryInfoUserClient Use-After-Free / Source: https://code.google.com/p/google-security-research/issues/detail?id=566 Kernel UaF with IOAccelMemoryInfoUserClient with spoofed no more senders notifications repro: while true; do ./iospoofig7; done Tested on ElCapitan...
Apple Mac OSX Kernel - IOAccelDisplayPipeUserClient2 Use-After-Free
/ Source: https://code.google.com/p/google-security-research/issues/detail?id=565 Kernel UaF with IOAccelDisplayPipeUserClient2 with spoofed no more senders notifications repro: while true; do ./iospoofig4; done Likely to crash in various ways; have observed NULL derefs and NX traps. Tested on...
Apple Mac OSX Kernel - IOAccelMemoryInfoUserClient Use-After-Free
/ Source: https://code.google.com/p/google-security-research/issues/detail?id=566 Kernel UaF with IOAccelMemoryInfoUserClient with spoofed no more senders notifications repro: while true; do ./iospoofig7; done Tested on ElCapitan 10.11 15a284 on MacBookAir 5,2 / // ianbeer // clang -o iospoofig7...
Apple Mac OSX Kernel - no-more-senders Use-After-Free
/ Source: https://code.google.com/p/google-security-research/issues/detail?id=567 Kernel UaF due to audit session port failing to correctly account for spoofed no-more-senders notifications Tested on ElCapitan 10.11 15a284 on MacBookAir 5,2 / // ianbeer / Kernel UaF due to audit session port...
Apple Mac OSX - IOBluetoothHCIPacketLogUserClient Memory Corruption
/ Source: https://code.google.com/p/google-security-research/issues/detail?id=572 The OS data types OSArray etc are explicity not thread safe; they rely on their callers to implement the required locking to serialize all accesses and manipulations of them. By sending two spoofed no-more-senders...
Apple Mac OSX - Kernel no-more-senders Use-After-Free
Exploit for macOS platform in category dos / poc / Source: https://code.google.com/p/google-security-research/issues/detail?id=567 Kernel UaF due to audit session port failing to correctly account for spoofed no-more-senders notifications Tested on ElCapitan 10.11 15a284 on MacBookAir 5,2 / //...
Code injection
notifyd in Apple Mac OS X 10.4.11 does not verify that Mach port death notifications have originated from the kernel, which allows local users to cause a denial of service via spoofed death notifications that prevent other applications from receiving notifications...