Lucene search
K

782 matches found

CNVD
CNVD
added 2017/11/01 12:0 a.m.7 views

Apple macOS High Sierra APFS is vulnerable

Apple macOS High Sierra is a specialized operating system developed by Apple for Mac computers.APFS is one of the file system components for Apple devices. A security vulnerability exists in the APFS component of Apple macOS High Sierra versions prior to 10.13.1. The vulnerability can be exploite...

4.6CVSS6.5AI score0.00324EPSS
Exploits0References1
CNVD
CNVD
added 2017/04/08 12:0 a.m.4 views

Apple macOS EFI Password Recovery Vulnerability

Apple macOS is a specialized operating system for Mac computers developed by Apple Inc. in the United States. efi is one of the firmware upgrade interface components. A password recovery vulnerability exists in the EFI component of Apple macOS versions prior to 10.12.4. The vulnerability can be...

6.8CVSS6.7AI score0.00216EPSS
Exploits0References1
Prion
Prion
added 2017/04/02 1:59 a.m.19 views

Design/Logic Flaw

An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves mishandling of DMA in the "EFI" component. It allows physically proximate attackers to discover the FileVault 2 encryption password via a crafted Thunderbolt adapter...

2.1CVSS6.2AI score0.00216EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2017/04/02 1:59 a.m.24 views

CVE-2016-7585

An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves mishandling of DMA in the "EFI" component. It allows physically proximate attackers to discover the FileVault 2 encryption password via a crafted Thunderbolt adapter...

6.8CVSS5.6AI score0.00216EPSS
Exploits0References3
OSV
OSV
added 2017/04/02 1:59 a.m.4 views

CVE-2016-7585

An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves mishandling of DMA in the "EFI" component. It allows physically proximate attackers to discover the FileVault 2 encryption password via a crafted Thunderbolt adapter...

6.8CVSS7.3AI score0.00216EPSS
Exploits0References3
Cvelist
Cvelist
added 2017/04/02 1:36 a.m.25 views

CVE-2016-7585

An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves mishandling of DMA in the "EFI" component. It allows physically proximate attackers to discover the FileVault 2 encryption password via a crafted Thunderbolt adapter...

6.8AI score0.00216EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2017/03/02 12:0 a.m.5 views

The vulnerability of the Mac OS X operating system allows a hacker to trigger a service failure or execute arbitrary code in a privileged context.

The vulnerability of the Thunderbolt component in the Mac OS X operating system is related to pointer assignment errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in privileged context or trigger a service failure pointer zero assignment through a specially...

9.3CVSS7.7AI score0.01428EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2017/02/20 8:59 a.m.3 views

CVE-2016-4780

An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "Thunderbolt" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service NULL pointer dereference via a crafted app...

7.8CVSS6.1AI score
Exploits0References1
NVD
NVD
added 2017/02/20 8:59 a.m.19 views

CVE-2016-4780

An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "Thunderbolt" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service NULL pointer dereference via a crafted app...

9.3CVSS7.3AI score0.01428EPSS
Exploits0References1
Prion
Prion
added 2017/02/20 8:59 a.m.14 views

Null pointer dereference

An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "Thunderbolt" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service NULL pointer dereference via a crafted app...

9.3CVSS7.5AI score0.01428EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2017/02/20 8:35 a.m.20 views

CVE-2016-4780

An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "Thunderbolt" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service NULL pointer dereference via a crafted app...

7.5AI score0.01428EPSS
Exploits0References1
CVE
CVE
added 2017/02/20 8:35 a.m.57 views

CVE-2016-4780

CVE-2016-4780 affects Thunderbolt in macOS Sierra prior to 10.12.1. The issue could allow a crafted app to execute arbitrary code in kernel context or cause a denial of service (NULL pointer dereference). Apple’s macOS 10.12.1 security update (and related updates) address the Thunderbolt null poi...

9.3CVSS7.5AI score0.01428EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2016/11/08 12:0 a.m.29 views

Mac OS X 10.x < 10.12.1 Multiple Vulnerabilities

Binary data 9758.prm...

9.3CVSS6.3AI score0.03731EPSS
Exploits5References24
Tenable Nessus
Tenable Nessus
added 2016/10/25 12:0 a.m.47 views

macOS 10.12.x < 10.12.1 Multiple Vulnerabilities

The remote host is running a version of Mac OS X that is 10.12.x prior to macOS 10.12.1. It is, therefore, affected by multiple vulnerabilities in the following components : - ATS - AppleMobileFileIntegrity - AppleSMC - CFNetwork Proxies - CoreGraphics - FaceTime - FontParser - IDS - Connectivity...

9.3CVSS7.2AI score0.03731EPSS
Exploits5References19
OSV
OSV
added 2016/09/25 10:59 a.m.3 views

CVE-2016-4727

IOThunderboltFamily in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service memory corruption via a crafted app...

7.8CVSS7.6AI score0.01331EPSS
Exploits0References4
CNVD
CNVD
added 2015/10/27 12:0 a.m.2 views

Xunlei Elevation of Privilege Vulnerability

Thunderbolt is a popular P2P download tool. Xunlei has a security vulnerability, as the system service installed by Xunlei provides the function of loading dynamic link libraries, but is not validated, allowing an attacker to exploit the vulnerability by executing code as SYSTEM under any user,...

7.2AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2015/10/21 12:0 a.m.5 views

The vulnerability of the Mac OS X operating system, which allows a hacker to modify the microprogramming software

The vulnerability of the EFI component in the Mac OS X operating system is related to errors in the code. Exploiting this vulnerability allows an intruder to modify the microprogramming software using a third-party storage device connected to the Thunderbolt interface...

4.7CVSS5.5AI score0.00352EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2015/10/09 5:59 a.m.19 views

Code injection

The EFI component in Apple OS X before 10.11 allows physically proximate attackers to modify firmware during the EFI update process by inserting an Apple Ethernet Thunderbolt adapter with crafted code in an Option ROM, aka a "Thunderstrike" issue. NOTE: this issue exists because of an incomplete...

4.7CVSS6.5AI score0.00389EPSS
Exploits0References4Affected Software1
The Hacker News
The Hacker News
added 2015/08/04 7:37 p.m.13 views

Thunderstrike 2: World's First Firmware Worm That Infects Mac Computers Without Detection

If you think Apple’s Mac computers are much more secure than Windows-powered systems, you need to think again. This isn’t true, and security researchers have finally proved it. Two security researchers have developed a proof-of-concept computer worm for the first time that can spread automaticall...

6.8AI score
Exploits0
ThreatPost
ThreatPost
added 2015/08/03 1:51 p.m.11 views

Thunderstrike 2 Mac OS X Firmware Worm

A new attack against Intel firmware running in Apple computers is expected to be unveiled at this week’s Black Hat conference. The research is an extension of the Thunderstrike Mac OS X firmware bootkit disclosed this spring that enables the undetectable installation of malicious firmware that...

1AI score
Exploits0References4
Rows per page
Query Builder