Hard Link Memory Corruption in Mac OS X 10.9
MacOS X 10.9 Hard Link Memory Corruption PoC #include <stdio.h>#include <unistd.h>#include <stdlib.h>#include <string.h>#include <sys/param.h>#include...
View ArticleRemote Comand Execution in Mac OS X 10.10 & FreeBSD10 ftp
MacOS X 10.10 & FreeBSD10 ftp Remote Comand Execution Just a quick heads-up, and sorry that no notice was given – the issueis that a malicious server can cause ftp(1) to execute arbitrarycommands:...
View ArticleNULL Pointer Dereference / Heap-based Buffer Overflow in Mac OS X 10.9.5
MacOS X 10.9.5 Kernel heap-based buffer overflow Impact: A maliciously crafted file system may cause unexpected system shutdown or arbitrary code execution Description: A heap-based buffer overflow...
View ArticleMultiple Vulnerabilities in Apple iOS before 8.1.1, OS X before 10.10.1, and...
Apple Security Advisory 2014-11-17-1 —–BEGIN PGP SIGNED MESSAGE—–Hash: SHA1 APPLE-SA-2014-11-17-1 iOS 8.1.1 iOS 8.1.1 is now available and addresses the following: CFNetworkAvailable for: iPhone 4s...
View ArticleMultiple Vulnerabilities in Mozilla Firefox, Firefox ESR, Thunderbird, and...
CVE-2014-1587 (firefox, firefox_esr, seamonkey, thunderbird) Vulnerability Summary for CVE-2014-1587 Original release date: 12/11/2014 Last revised: 12/11/2014 Source: US-CERT/NIST Overview Multiple...
View ArticleMultiple Vulnerabilities in Apple iOS, Apple OS X and Apple TV
CVE-2014-4480 (apple_tv, iphone_os) Vulnerability Summary for CVE-2014-4480 Original release date: 01/30/2015 Last revised: 02/02/2015 Source: US-CERT/NIST Overview Directory traversal vulnerability...
View ArticleApple OS X: Don’t trust and don’t prompt to trust certificates
Apple OS X: Don't trust and don't prompt to trust certificates Summary: It is essential to provide a configuration option in the operating system to:1. never trust invalid certificates, and2. to not...
View ArticleFREAK Vulnerability in Secure Transport in Apple iOS through 8.1.3, Apple OS...
CVE-2015-2235 (apple_tv, iphone_os, mac_os_x) Vulnerability Summary for CVE-2015-2235 Original release date: 03/06/2015 Last revised: 03/09/2015 Source: US-CERT/NIST Overview Secure Transport in Apple...
View ArticleHeap Overflow in Mac OS X 10.10.2
Mac OS X 10.10.2 Default KEXT heap overflow LPE Hello, I have recently found an exploitable heap overflow in a core OS X driver. Particularly, the injectString function is vulnerable to an heap...
View ArticleMultiple Vulnerabilities in Apple iOS
Apple Security Advisory 2015-03-09-1 —–BEGIN PGP SIGNED MESSAGE—–Hash: SHA1 APPLE-SA-2015-03-09-1 iOS 8.2 iOS 8.2 is now available and addresses the following: CoreTelephonyAvailable for: iPhone 4s...
View Article
More Pages to Explore .....