The vulnerability of the LaunchServices service in Mac OS operating systems allows attackers to circumvent security restrictions and increase their privileges.

The vulnerability of the LaunchServices service in Mac OS operating systems is related to deficiencies in access control when processing XPC messages. Exploiting this vulnerability can allow attackers to circumvent security restrictions and enhance their privileges...

The vulnerability of the com.ipvanish.osx.vpnhelper component of the IPVanish VPN software allows a hacker to execute arbitrary code with root privileges.

The vulnerability of the com.ipvanish.osx.vpnhelper component of the IPVanish VPN software relates to deficiencies in access control. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary commands with root privileges using a specially crafted XPC messag...

PrivateVPN for macOS Privilege Permission and Access Control Vulnerability

PrivateVPN for macOS is a macOS-based VPN software for anonymous access to the Internet. A privilege permission and access control vulnerability exists in PrivateVPN for macOS based platforms. The vulnerability can be exploited by an attacker to execute arbitrary code as root by sending a malicio...

PrivateVPN for macOS Privilege Permission and Access Control Vulnerability (CNVD-2018-04750)

PrivateVPN for macOS is a macOS-based VPN software for anonymous access to the Internet. A privilege permission and access control vulnerability exists in PrivateVPN for macOS-based platforms. An attacker can exploit the vulnerability by sending an XPC message to the XPC service with a...

CVE-2 0 1 5-3 7 9 5-vulnerability warning-the black bar safety net

0x01 machshark In the previous article I have already several times mentioned machshark it. The tool one uses is that you can make a small c stub function, c-stub, the stub allows you to playback the mach message. As the article mentioned, based on MACH IPC with a state of concept. Although by...

Memory corruption

libxpc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service memory corruption via a crafted app that sends a malformed XPC message...

CVE-2014-4492

libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary code in an networkd context via a crafted XPC message from a sandboxed app, as demonstrated by la...

Design/Logic Flaw

libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary code in an networkd context via a crafted XPC message from a sandboxed app, as demonstrated by la...

CVE-2014-4492

libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary code in an networkd context via a crafted XPC message from a sandboxed app, as demonstrated by la...

CVE-2014-4492

CVE-2014-4492 involves a type confusion vulnerability in libnetcore affecting Apple devices (iOS before 8.1.3, OS X before 10.10.2, Apple TV before 7.0.3) where an attacker can craft an XPC message to sandboxed applications to trigger arbitrary code execution in the networkd context. The root cau...