Quantcast
Channel: Mac OS – Web Security Watch
Browsing all 10 articles
Browse latest View live

Hard Link Memory Corruption in Mac OS X 10.9

MacOS X 10.9 Hard Link Memory Corruption PoC #include <stdio.h>#include <unistd.h>#include <stdlib.h>#include <string.h>#include <sys/param.h>#include...

View Article



Remote Comand Execution in Mac OS X 10.10 & FreeBSD10 ftp

MacOS X 10.10 & FreeBSD10 ftp Remote Comand Execution Just a quick heads-up, and sorry that no notice was given – the issueis that a malicious server can cause ftp(1) to execute arbitrarycommands:...

View Article

NULL Pointer Dereference / Heap-based Buffer Overflow in Mac OS X 10.9.5

MacOS X 10.9.5 Kernel heap-based buffer overflow Impact: A maliciously crafted file system may cause unexpected system shutdown or arbitrary code execution Description: A heap-based buffer overflow...

View Article

Multiple Vulnerabilities in Apple iOS before 8.1.1, OS X before 10.10.1, and...

Apple Security Advisory 2014-11-17-1 —–BEGIN PGP SIGNED MESSAGE—–Hash: SHA1 APPLE-SA-2014-11-17-1 iOS 8.1.1 iOS 8.1.1 is now available and addresses the following: CFNetworkAvailable for: iPhone 4s...

View Article

Multiple Vulnerabilities in Mozilla Firefox, Firefox ESR, Thunderbird, and...

CVE-2014-1587 (firefox, firefox_esr, seamonkey, thunderbird) Vulnerability Summary for CVE-2014-1587 Original release date: 12/11/2014 Last revised: 12/11/2014 Source: US-CERT/NIST Overview Multiple...

View Article


Multiple Vulnerabilities in Apple iOS, Apple OS X and Apple TV

CVE-2014-4480 (apple_tv, iphone_os) Vulnerability Summary for CVE-2014-4480 Original release date: 01/30/2015 Last revised: 02/02/2015 Source: US-CERT/NIST Overview Directory traversal vulnerability...

View Article

Apple OS X: Don’t trust and don’t prompt to trust certificates

Apple OS X: Don't trust and don't prompt to trust certificates Summary: It is essential to provide a configuration option in the operating system to:1. never trust invalid certificates, and2. to not...

View Article

FREAK Vulnerability in Secure Transport in Apple iOS through 8.1.3, Apple OS...

CVE-2015-2235 (apple_tv, iphone_os, mac_os_x) Vulnerability Summary for CVE-2015-2235 Original release date: 03/06/2015 Last revised: 03/09/2015 Source: US-CERT/NIST Overview Secure Transport in Apple...

View Article


Heap Overflow in Mac OS X 10.10.2

Mac OS X 10.10.2 Default KEXT heap overflow LPE Hello, I have recently found an exploitable heap overflow in a core OS X driver. Particularly, the injectString function is vulnerable to an heap...

View Article


Multiple Vulnerabilities in Apple iOS

Apple Security Advisory 2015-03-09-1 —–BEGIN PGP SIGNED MESSAGE—–Hash: SHA1 APPLE-SA-2015-03-09-1 iOS 8.2 iOS 8.2 is now available and addresses the following: CoreTelephonyAvailable for: iPhone 4s...

View Article
Browsing all 10 articles
Browse latest View live




Latest Images