Swift-Attack - Unit Tests For Blue Teams To Aid With Building Detections For Some Common macOS Post Exploitation Methods

Unit tests for blue teams to aid with building detections for some common macOS post exploitation methods. I have included some post exploitation examples using both command line history and on disk binaries which should be easier for detection as well as post exploitation examples using API call...

iOS Malicious Bit Hunter - A Malicious Plug-In Detection Eng ine For iOS Applications

iOS Malicious Bit Hunter is a malicious plug-in detection engine for iOS applications. It can analyze the head of the macho file of the injected dylib dynamic library based on runtime, and can perform behavior analysis through interface input characteristics to determine the behavior of the dynam...

CloudBees Jenkins Xcode Integration Plugin XML External Entity Injection Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . CloudBees Jenkins Xcode...

CVE-2021-21656

Jenkins Xcode integration Plugin 2.0.14 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2021-21656

Jenkins Xcode integration Plugin 2.0.14 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

Xxe

Jenkins Xcode integration Plugin 2.0.14 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2021-21656

Jenkins Xcode integration Plugin (CloudBees Jenkins Xcode integration) 2.0.14 and earlier is affected by an XML External Entity (XXE) vulnerability. The root cause is that the plugin’s XML parser is not configured to prevent XXE attacks, allowing crafted XML input to be processed in ways that cou...

CVE-2021-21656

Jenkins Xcode integration Plugin 2.0.14 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

PT-2021-14699 · Jenkins · Jenkins Xcode Integration Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Xcode integration Plugin versions 2.0.14 and earlier Description: The issue is related to the configuration of the XML parser, which does not prevent XML external entity XXE attacks. Recommendations: For Jenkins Xcode integration Plug...

Jenkins 代码问题漏洞

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . CloudBees Jenkins Xcode...

Apple Releases Security Updates

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Apple security pages for the following products and apply the...

About the security content of Xcode 12.5

About the security content of Xcode 12.5 This document describes the security content of Xcode 12.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

Malware That Spreads Via Xcode Projects Now Targeting Apple's M1-based Macs

A Mac malware campaign targeting Xcode developers has been retooled to add support for Apple's new M1 chips and expand its features to steal confidential information from cryptocurrency apps. XCSSET came into the spotlight in August 2020 after it was found to spread via modified Xcode IDE project...

CVE-2021-1800

A path handling issue was addressed with improved validation. This issue is fixed in Xcode 12.4. A malicious application may be able to access arbitrary files on the host device while running an app that uses on-demand resources with Xcode...

CVE-2021-1800

A path handling issue was addressed with improved validation. This issue is fixed in Xcode 12.4. A malicious application may be able to access arbitrary files on the host device while running an app that uses on-demand resources with Xcode...

Path traversal

A path handling issue was addressed with improved validation. This issue is fixed in Xcode 12.4. A malicious application may be able to access arbitrary files on the host device while running an app that uses on-demand resources with Xcode...

CVE-2021-1800

A path handling issue was addressed with improved validation. This issue is fixed in Xcode 12.4. A malicious application may be able to access arbitrary files on the host device while running an app that uses on-demand resources with Xcode...

CVE-2021-1800

CVE-2021-1800 is tied to Apple Xcode 12.4. The vulnerability is a path handling issue in on-demand resources that could allow a malicious app to access arbitrary host files when using Xcode. Apple fixed this by improving path validation in Xcode 12.4. The cited sources (Apple advisory HT212153 an...

Hackers Infecting Apple App Developers With Trojanized Xcode Projects

Cybersecurity researchers on Thursday disclosed a new attack wherein threat actors are leveraging Xcode as an attack vector to compromise Apple platform developers with a backdoor, adding to a growing trend that involves targeting developers and researchers with malicious attacks. Dubbed...

Trojanized Xcode Project Slips MacOS Malware to Apple Developers

Cybercriminals are targeting Apple developers with a trojanized Xcode project, which once launched installs a backdoor that has spying and data exfiltration capabilities. Xcode is comprised of a suite of free, open software development tools developed by Apple for creating software for macOS, iOS...