PrivateVPN for macOS Privilege Permission and Access Control Vulnerability

PrivateVPN for macOS is a macOS-based VPN software for anonymous access to the Internet. A privilege permission and access control vulnerability exists in PrivateVPN for macOS based platforms. The vulnerability can be exploited by an attacker to execute arbitrary code as root by sending a malicio...

PrivateVPN for macOS Privilege Permission and Access Control Vulnerability (CNVD-2018-04750)

PrivateVPN for macOS is a macOS-based VPN software for anonymous access to the Internet. A privilege permission and access control vulnerability exists in PrivateVPN for macOS-based platforms. An attacker can exploit the vulnerability by sending an XPC message to the XPC service with a...

CVE-2 0 1 5-3 7 9 5-vulnerability warning-the black bar safety net

0x01 machshark In the previous article I have already several times mentioned machshark it. The tool one uses is that you can make a small c stub function, c-stub, the stub allows you to playback the mach message. As the article mentioned, based on MACH IPC with a state of concept. Although by...

Memory corruption

libxpc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service memory corruption via a crafted app that sends a malformed XPC message...

CVE-2014-4492

libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary code in an networkd context via a crafted XPC message from a sandboxed app, as demonstrated by la...

Design/Logic Flaw

libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary code in an networkd context via a crafted XPC message from a sandboxed app, as demonstrated by la...

CVE-2014-4492

CVE-2014-4492 involves a type confusion vulnerability in libnetcore affecting Apple devices (iOS before 8.1.3, OS X before 10.10.2, Apple TV before 7.0.3) where an attacker can craft an XPC message to sandboxed applications to trigger arbitrary code execution in the networkd context. The root cau...

CVE-2014-4492

libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary code in an networkd context via a crafted XPC message from a sandboxed app, as demonstrated by la...