Mac OS X kernel suffers from a code execution vulnerability due to a lack of bounds checking in AppleUSBPipe::Abort.
143c8edb082144d486e1c248032995f02f0e99555d57358b3a070cca59501529Adobe Flash has a heap overflow vulnerability in the Zlib codecs when playing flv files.
08105a5eab48b0c73b46d78b3dac94e27c8f4057fb00f1f9ce4ea6fafd037bdbThere is a use-after-free in Sprite Creation. If a Sprite is created, and then the handler for the frameConstructed event triggers a remove object action, the Sprite is then used after it has been freed.
c39ed19e599f2e87429baaa1420ef1c22c03fa613b8ce27ef51b01a165eed4b8The ActionScript parameter conversion in the fix for an issue in the December Flash bulletin APSB15-32 can sometimes access a parameter on the native stack that is uninitialized.
982e087bae1ff3d75902f159298bed43a1c32bb041ce513c46a96da67786a262The ActionScript parameter conversion in the fix for an issue in the December Flash bulletin APSB15-32 can sometimes access a parameter on the native stack that is uninitialized.
fca666e43ec07be074a4810a7671db92ce36a0d756afde739005726379118d6fThe ActionScript parameter conversion in the fix for Google Security Research issue 403 can sometimes access a parameter on the native stack that is uninitialized.
ccc716718377c7f69a2d68eb3c1540336084d2a28e046619c48fea014951002eThe AppleKeyStore userclient uses an IOCommandGate to serialize access to its userclient methods, however by racing two threads, one of which closes the userclient (which frees the IOCommandGate) and one of which tries to make an external method call we can cause a use-after-free of the IOCommandGate.
1db8ce601471ad3e19f7c84c23572709a3952990a28f5b5d130277dfb0f639dcMac OS X kernel has an issue where an unchecked array index can be used to read an object pointer then call a virtual method in the Nvidia GEForce driver.
8f940c5ed303d010b19d9f30337e7546f4aff5203b1fbca11bcbe729635d754bThe Mac OS X kernel suffers from use-after-free and double delete issues due to incorrect locking in the Intel GPU driver.
ca15dbb2b908cc1bd1b9e630c704f934d111095bea1cb1c8e14eacb07227a2e0There is a use-after-free in setInterval. If the interval length is an object with valueOf defined, this method gets executed, and can delete the object the interval is being set on.
cc2adc9a2940710a875fafa69fdae84c7e355762d1060554d76af5275b287193There is a use-after-free in Sound.setTransform similar to the one described in CVE-2015-8434. If the transform object provided is an integer primitive, and the Number constructor is overwritten, this constructor will be executed and can free the internal sound transform, which is then written to.
9cf5ceec9d1b8789d8ae0b14a3c45b7fe4d93c657668793da9239af45b02f16dThe code responsible for loading a suid-binary following a call to the execve syscall invalidates the task port after first swapping the new vm_map into the old task object leaving a short race window where we can manipulate the memory of the euid(0) process before the old task port is destroyed.
6be58b3f0fc092cb166e20a9e2e0ef99de307b957f1541a6ea0dd7a8f7ca8531An included fuzzing case demonstrates a crash in Adobe Flash shape rendering.
efc9af51bcd69cfee5ecf9979add44fc4891f75646247fc53ec96acdedf5bccbApple Security Advisory 2016-03-21-7 - OS X Server 5.1 is now available and addresses RC4 crypto weaknesses, file access, and information disclosure vulnerabilities.
3f5b87490fc0b888969c59aa3c86769bc4e48285372026935f48a72f9f313a9aApple Security Advisory 2016-03-21-6 - Safari 9.1 is now available and addresses code execution, interface spoofing, denial of service, and various other vulnerabilities.
a8eb642d04c965e996635f15999f220f4f3fa6eb33970813cc774fc9032a8db0Apple Security Advisory 2016-03-21-5 - OS X El Capitan 10.11.4 and Security Update 2016-002 is now available and addresses code execution, memory corruption, and various other vulnerabilities.
70ee7534060a15cce4887519635499ad26a30d4596bdf4d28ce6ea94b25fefadApple Security Advisory 2016-03-21-4 - Xcode 7.3 is now available and addresses multiple code execution vulnerabilities.
d45002641c3c19bee4fdec1c1a6e76827a26858fe07d85b7bd61d992c80bdafaApple Security Advisory 2016-03-21-3 - tvOS 9.2 is now available and addresses code execution, memory corruption, and various other vulnerabilities.
576bf88cd8411520d0b41a89dc0b71a608a7bbddb1b15581478a9131071d23caApple Security Advisory 2016-03-21-2 - watchOS 2.2 is now available and addresses memory corruption, code execution, and various other vulnerabilities.
e000b4344c6260c49d4654cae8607aac1e384c8404017451ab845c90b408cea7Apple Security Advisory 2016-03-21-1 - iOS 9.3 is now available and addresses code execution, memory corruption, and various other vulnerabilities.
d014002b8661b674441b269148e4a0b977e33ca0eab871429b9557c64d61cff3Securimage version 3.6.2 suffers from a cross site scripting vulnerability.
cef5c2470c562793c29df7022f016d538fa8aecde6d8f3749e5047f3dfdb89eeWordPress HB Audio Gallery Lite plugin version 1.0.0 suffers from an arbitrary file download vulnerability.
56a6cc400f6bf87cdcab4b117e69833f99576b61f0f4dfc5d6693a04f1f226edAdobe Flash suffers from a wild write at 0x453b0cf0 in color conversion that causes a crash.
051621ef0094ab8b55b05d6b364d50f6b9948eb005475d56a5738771d2f6685fAdobe Flash suffers from an information leak that may render non-deterministic content that apparently contains pointers.
41c6dbb42e26cd157241d1aeb71129cad02abd56098cd0be0d24a4218914f04dAdobe Flash suffers from an out-of-bounds read in AAC audio handling.
4bcaa997a98d2899f0ece2d75dffe49e567d8dc983b849e3e2064ea6b326e3c7
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed