EUVD-2018-0110

Malware in sbrugna...

EUVD-2018-2480

Malware in sbrugna...

CVE-2018-6336

The CVE-2018-6336 issue affects osquery prior to v3.2.7. A malformed Universal/Fat binary can bypass third-party code-signing checks, causing unsigned code to execute while appearing Apple-signed. This is triggered when a Fat binary’s nested Mach-O binaries aren’t fully inspected, leading third-p...

CVE-2018-6336

An issue was discovered in osquery. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code...

PT-2018-17486 · Facebook · Osquery

Name of the Vulnerable Software and Affected Versions: osquery versions prior to 3.2.7 Description: A maliciously crafted Universal/fat binary can evade third-party code signing checks in osquery, allowing unsigned code to execute. This occurs because the full inspection of the Universal/fat bina...

Carbon Black Cb Response Code Execution Vulnerability

Carbon Black Cb Response is a scalable endpoint security solution from Carbon Black USA. The solution provides threat monitoring, threat alerts and malicious domain lists. A security vulnerability exists in Carbon Black Cb Response. The vulnerability can be exploited by an attacker to bypass...

F-Secure XFENCE and Little Flocker Command Execution Vulnerabilities

F-Secure XFENCE formerly Little Flocker is a suite of file protection utilities from the Finnish company F-Secure. The program prevents unauthorized access to files and protects against computer security threats such as malware and Trojans. A security vulnerability exists in F-Secure XFENCE and...

Unspecified Vulnerability in Multiple Objective-See KnockKnock Products

Objective-See KnockKnock is a tool for finding and analyzing malware.TaskExplorer is a tool for viewing processes on your system. A security vulnerability exists in several Objective-See KnockKnock products. The vulnerability can be exploited by an attacker with a maliciously crafted...

Google Santa and molcodesignchecker Code Signing Vulnerabilities

Google Santa is a binary black/white listing system for macOS. molcodesignchecker is a program that performs code signature verification in Objective-C. A security vulnerability exists in Google Santa and molcodesignchecker. The vulnerability can be exploited by an attacker with a maliciously...

PYSEC-2018-95

An issue was discovered in Yelp OSXCollector. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious...

CVE-2018-10406

An issue was discovered in Yelp OSXCollector. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious...

Code injection

An issue was discovered in Yelp OSXCollector. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious...

Code injection

An issue was discovered in F-Secure XFENCE and Little Flocker. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but t...

CVE-2018-10404

CVE-2018-10404 affects Objective-See KnockKnock, LuLu, TaskExplorer, WhatsYourSign and procInfo. A maliciously crafted Universal/Fat binary can bypass third‑party code signing checks, causing unsigned code to be executed while a legitimate Apple-signed Mach‑O in a Fat/Universal bundle is believed...

CVE-2018-10408

An issue was discovered in VirusTotal. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned co...

MOAB-16-01-2007: Multiple Colloquy IRC Format String Vulnerabilities

Summary Traditionally, chat clients on the Mac have been anything but glamorous. Colloquy is an advanced IRC & SILC client which aims to fill this void. By adhering to Mac OS X interface conventions, Colloquy has the look and feel of a quality Mac application. By making a common mistake the...