The macOS and iOS kernels suffer from a heap overflow due to a lack of lower size check in getvolattrlist.
8bc2ddee4be107c0fed7f5978e377f2cThe XNU kernel suffers from a heap overflow vulnerability due to bad bounds checking in MPTCP.
449d61519abf2905830578f282b2544cThe macOS kernel suffers from a use-after-free vulnerability due to a lack of locking in the nvidia GeForce driver.
9df96b20c281d23bcd8105e681608b33macOS suffers from a double mach_port_deallocate in kextd due to failure to comply with MIG ownership rules.
3ed950f3129994df12395fa85baf3812macOS/iOS ReportCrash suffers from a mach port replacement due to failure to respect MIG ownership rules.
afd5e9434d99e4e48e8d1ec634a2c115Google software updater suffers from a local privilege escalation vulnerability on MacOS due to unsafe use of Distributed Objects.
f4d7f01c4f93843dc53c45e1355f3101The macOS kernel suffers from a use-after-free issue due to a lack of locking in AppleEmbeddedOSSupportHostClient::registerNotificationPort.
ea0f5075fd72108cc6b63fbdbbf36665macOS version 10.13 suffers from a kernel memory disclosure due to lack of bounds checking in AppleIntelCapriController::getDisplayPipeCapability.
64dd02ddcdb2646e983a2c6616d02c4amacOS and iOS suffer from a kernel double free vulnerability due to IOSurfaceRootUserClient not respecting MIG ownership rules.
184f6e2345e9d5d30fb5251e4ff335fcThe XNU kernel suffers from a memory corruption vulnerability due to an integer overflow in the __offsetof usage in posix_spawn on 32-bit platforms.
c638f3dbcc9363560aaf17fa6e01b0a5macOS / iOS suffer from multiple kernel use-after-free vulnerabilities due to incorrect IOKit object lifetime management in IOTimeSyncClockManagerUserClient.
91c42e10c5af4753d52cffa762abd8acThe macOS kernel suffers from a code execution vulnerability due to a lack of bounds checking in AppleIntelCapriController::GetLinkConfig.
5ae7dba93f843e9011a2eeac188240d3macOS and iOS suffer from a kernel double free due to incorrect API usage in flow divert socket option handling.
adea43dc13c8a03941deec88ab491ec2There is a XNU kernel memory disclosure flaw caused by a bug in the kernel API for detecting kernel memory disclosures. No, this isn't a failure at writing a description.
1879d1a7c15b3f573be6ae2ceeeb63demacOS and iOS sandbox escapes and privilege escalation vulnerabilities exist due to unexpected shared memory-backed xpc_data objects.
19f6fc5bf96e23f9e9f9a4af9ec8737eMacOS and iOS suffer from a userspace entitlement race condition.
b0f376780fac414cf9f189a9511d126fMicrosoft Windows MsMpEng suffers from a remotely exploitable use-after-free vulnerability due to a design issue in the GC engine.
b3d45bc0bcfc72ee99f5a1e8c697ddc5Apple MacOS suffers from a local elevation of privilege vulnerability due to a lack of bounds checking in HIServices custom CFObject serialization.
600fc3776c1067286aed2cca2a14e6abApple iOS / OS X suffer from a NSKeyedArchiver memory corruption vulnerability due to a lack of bounds checking in CAMediaTimingFunctionBuiltin.
23db36b84cf1781ab0aa9de1337b3eaeApple iOS / MacOS suffers from a NSKeyedArchiver heap corruption vulnerability due to a rounding error in TIKeyboardLayout initWithCoder:.
f4f95e9fe07f16fd6bb2e6208f80ac9fApple MacOS NSUnarchiver suffers from a heap corruption vulnerability due to lack of bounds checking in [NSBuiltinCharacterSet initWithCoder:].
329d5bd4e2af9705b151cb7c6b2201ddApple iOS / MacOS suffers from a memory corruption vulnerability due to bad bounds checking in NSCharacterSet coding for NSKeyedUnarchiver.
bdda55cda546b5c21d799497330d24d7Apple iOS / MacOS suffers from a kernel memory disclosure vulnerability due to lack of bounds checking in netagent socket option handling.
45cfcbcc7c332ce751e0f1cb5ebc14ccApple iOS / MacOS suffer from a kernel use-after-free vulnerability due to bad locking in unix domain socket file descriptor externalization.
bdf2e91d40e4ff551aba3904d5996640It turns out that even with SIP enabled a regular root user can write to the swapfile under /private/var/vm/swapfile0 on MacOS.
9be1c54a36a8598d7f45bd9dfd59fc35
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed