Apple OS XiOS - mach_ports_register Multiple Memory Safety s

Apple OS XiOS - machportsregister Multiple Memory Safety s Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=882 machportsregister is a kernel task port MIG method. It's defined in MIG like this: routine machportsregister targettask : taskt; initportset : machportarrayt = ^array o...

Apple OS X Kernel - IOBluetoothFamily.kext Use-After-Free

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=830 When you create a new IOKit user client from userspace you call: kernreturnt IOServiceOpen ioservicet service, taskportt owningTask, uint32t type, ioconnectt connect ; The owningTask mach port gets converted into a task struc...

task_t considered harmful

Posted by Ian Beer, Project Zero This post discusses a design issue at the core of the XNU kernel which powers iOS and MacOS. Apple have shipped two iterations of mitigations followed yesterday by a large refactor in MacOS 10.12.1/iOS 10.1. We’ll look at the bugs, how they can be exploited to...

Mozilla Turning TLS 1.3 On By Default With Firefox 52

When Mozilla ships Firefox 52, on or around March 7, 2017, the browser will come with the cryptographic protocol TLS 1.3 on by default. Martin Thomson, a principle engineer at Mozilla broke the news Wednesday in an email to Mozilla Development Platform members. “TLS 1.3 removes old and unsafe...

Microsoft Windows - DeviceApi CMApi PiCMOpenDeviceKey Arbitrary Registry Key Write Privilege Escalation (MS16-124)

Microsoft Windows - DeviceApi CMApi PiCMOpenDeviceKey Arbitrary Registry Key Write Privilege Escalation MS16-124 / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=872 Windows: DeviceApi CMApi PiCMOpenClassKey Arbitrary Registry Key Write EoP Platform: Windows 10 10586 not tested...

DEBIAN-CVE-2016-6327

drivers/infiniband/ulp/srpt/ibsrpt.c in the Linux kernel before 4.5.1 allows local users to cause a denial of service NULL pointer dereference and system crash by using an ABORTTASK command to abort a device write operation...

CVE-2016-5943

IBM Spectrum Control formerly Tivoli Storage Productivity Center 5.2.x before 5.2.11 allows remote authenticated users to bypass intended access restrictions, and read task details or edit properties, via unspecified vectors...

CVE-2016-5943

IBM Spectrum Control formerly Tivoli Storage Productivity Center 5.2.x before 5.2.11 allows remote authenticated users to bypass intended access restrictions, and read task details or edit properties, via unspecified vectors...

CVE-2016-4698

AppleMobileFileIntegrity in Apple iOS before 10 and OS X before 10.12 mishandles process entitlement and Team ID values in the task port inheritance policy, which allows attackers to execute arbitrary code in a privileged context via a crafted app...

CVE-2016-4698

AppleMobileFileIntegrity in Apple iOS before 10 and OS X before 10.12 mishandles process entitlement and Team ID values in the task port inheritance policy, which allows attackers to execute arbitrary code in a privileged context via a crafted app...

Arbitrary File Containment Vulnerability in UFIDA Financials

UFIDA Financials is a financial management software. UFIDA Financial System has an arbitrary file inclusion vulnerability. The vulnerability url is: http://target/TaskManager/TaskServiceServlet?m=1&taskname=... /... /WEB-INF/web.xml%00, attackers can use the vulnerability to obtain database...

Security fix for the ALT Linux 7 package adobe-flash-player version 3:11-alt65

3:11-alt65 built Sept. 20, 2016 Sergey V Turchin in task 169477 Sept. 19, 2016 Sergey V Turchin - new version CVE-2016-4271, CVE-2016-4272, CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4277, CVE-2016-4278, CVE-2016-4279, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283,...

swarm - A Modular Distributed Penetration Testing Tool

Swarm is an open source modular distributed penetration testing Tool that use distributed task queue to implement communication in the master-slave mode system and use MongoDB for data storage. It consists of a distributed framework and function modules. The function module can be an entirely new...

FormatFactory Local Stack Overflow Vulnerability

FormatFactory is audio, video and graphics file type conversion software. A local stack buffer overflow vulnerability exists in FormatFactory version 3.9.0. A faulty validation check in a load file .task causes a stack overflow that can crash the affected program...

FormatFactory 3.9.0 .task Stack Overflow

Document Title: =============== FormatFactory 3.9.0 - .task Stack Overflow Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1935 Release Date: ============= 2016-09-01 Vulnerability Laboratory ID VL-ID: ====================================...

FormatFactory 3.9.0 - (.task) Stack Overflow Vulnerability

Document Title: =============== FormatFactory 3.9.0 - .task Stack Overflow Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1935 Release Date: ============= 2016-09-01 Vulnerability Laboratory ID VL-ID: ====================================...

FormatFactory 3.9.0 - (.task) Stack Overflow Vulnerability

Document Title: =============== FormatFactory 3.9.0 - .task Stack Overflow Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1935 Release Date: ============= 2016-08-31 Vulnerability Laboratory ID VL-ID: ====================================...

Timing of Browser-Based Security Alerts Could Be Better

Multitasking may be the way of the connected world, but as it turns out, it’s not conducive to secure behavior online. Academics from Brigham Young University and the University of Pittsburgh came to that conclusion after using functional magnetic resonance imaging fMRI to study how the brain...

PT-2016-7426 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.6.6 Description: A race condition exists in the get task ioprio function, allowing local users to potentially gain privileges or cause a denial of service through a crafted ioprio get system call. This issue c...

CVE-2016-3059

IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server aka IBM Spectrum Protect for Databases 6.3 before 6.3.1.7 and 6.4 before 6.4.1.9 and Tivoli Storage FlashCopy Manager for Microsoft SQL Server aka IBM Spectrum Protect Snapshot 3.1 before 3.1.1.7 and 3.2 before...