A mitigation bypass / privilege escalation flaw has been discovered in Apple's iOS Screen Time functionality, granting one access to modify the restrictions. It allows a local attacker to acquire the Screen Time Passcode by bypassing the anti-bruteforce protections on the four-digit Passcode, and in consequence gaining total control over Screen Time (Parental Control) settings. Versions lower than 18 are affected.
75666d1dc71fb63eadc1180b8fde8bebebfa673977a37f948bb5e8bd009bd6f8
Apple Security Advisory 09-16-2024-10 - macOS Ventura 13.7 addresses buffer overflow, bypass, out of bounds access, out of bounds read, and spoofing vulnerabilities.
83bec15ab00978bb0f11e5f9e97e565cb578510b79514deba529887e8947a015
Apple Security Advisory 09-16-2024-9 - macOS Sonoma 14.7 addresses buffer overflow, bypass, out of bounds access, out of bounds read, out of bounds write, and spoofing vulnerabilities.
8c7c598c2151ce639d355f21defbebd09be8b2089b0d7ca88eaa2eab7d02cc0a
Apple Security Advisory 09-16-2024-8 - iOS 17.7 and iPadOS 17.7 addresses bypass, out of bounds access, and out of bounds read vulnerabilities.
4993b0fd28e2f9894d9a7a6b11b76fd5ab68a695255e84e47ffc88d2865ddeaf
Apple Security Advisory 09-16-2024-7 - Xcode 16 addresses unauthorized access issues.
a9f654caa833e22ec318c428a9c9ddca09390fb9d6b6567f2484d2d566bdb417
Apple Security Advisory 09-16-2024-6 - Safari 18 addresses cross site scripting and spoofing vulnerabilities.
8565030c81e5697f1f766f9a15d6dc4896c79e31fa63809ae8174b258ad1dd69
Apple Security Advisory 09-16-2024-5 - visionOS 2 addresses cross site scripting, integer overflow, out of bounds access, and out of bounds read vulnerabilities.
c33139a06c51eeb99d320b409bf3dff9bf4f6d249df655edcfd84eafd70434a2
Apple Security Advisory 09-16-2024-4 - watchOS 11 addresses cross site scripting, integer overflow, out of bounds access, and out of bounds read vulnerabilities.
cc37085fe262bc1e832562736dee07e94a59cea8867890657c7639a8a8399592
Apple Security Advisory 09-16-2024-3 - tvOS 18 addresses cross site scripting, integer overflow, out of bounds access, and out of bounds read vulnerabilities.
c843d6fa186a698c1ffac01558f67ac6e0b1a38e1a1b300aaa7215b653a61d6f
Apple Security Advisory 09-16-2024-2 - macOS Sequoia 15 addresses buffer overflow, bypass, cross site scripting, integer overflow, out of bounds access, out of bounds read, out of bounds write, and spoofing vulnerabilities.
11e0895c93cecb300d8a33d6e28f17812bc77aab5debcbcbe16f0a04cf9334cb
Apple Security Advisory 09-16-2024-1 - iOS 18 and iPadOS 18 addresses bypass, cross site scripting, integer overflow, out of bounds access, and out of bounds read vulnerabilities.
fa8e9aa24c477ac62dac02f1d7ffb2d3727adf70a3fa512f104f0036e314d08e
This Metasploit module can be used to read the stored password of a vulnerable Apple Airport Extreme access point. Only a small number of firmware versions have the WDBRPC service running, however the factory configuration was vulnerable. It appears that firmware versions 5.0.x as well as 5.1.x are susceptible to this issue. Once the password is obtained, the access point can be managed using the Apple AirPort utility.
2fd6adb947740556bec13b31bd6224dcc19a86dab49c5a548ca5ac8935074e42
This Metasploit module abuses an XSS vulnerability in versions prior to Firefox 39.0.3, Firefox ESR 38.1.1, and Firefox OS 2.2 that allows arbitrary files to be stolen. The vulnerability occurs in the PDF.js component, which uses Javascript to render a PDF inside a frame with privileges to read local files. The in-the-wild malicious payloads searched for sensitive files on Windows, Linux, and OSX. Android versions are reported to be unaffected, as they do not use the Mozilla PDF viewer.
51c57f3920e9435bf62bbd93f1635f5a4935408c0f9db23d25b25d8babebaaee
A vulnerability exists in versions of OSX, iOS, and Windows Safari released before April 8, 2015 that allows the non-HTTPOnly cookies of any domain to be stolen.
4a33fb3750429fbc48b60b65f9266ada10b36414af7a3f3d44b49aac0e5a6e4f
Generates a .webarchive file for Mac OS X Safari that will attempt to inject cross-domain Javascript (UXSS), silently install a browser extension, collect user information, steal the cookie database, and steal arbitrary local files. When opened on the target machine the webarchive file must not have the quarantine attribute set, as this forces the webarchive to execute in a sandbox.
111b8b484280c1043940976e5d33858cc2c48891b75d23d8260fce63f84a668f
This Metasploit module exploits a vulnerability in WebKit on Apple iOS. If successful, the device will restart after viewing the webpage.
5fb709e84ac7a03a5e059af24d7661123ea36759f6837d2dbde635d397cf9dd1
Apple Security Advisory 07-29-2024-9 - visionOS 1.3 addresses bypass, information leakage, integer overflow, out of bounds access, out of bounds read, and use-after-free vulnerabilities.
912783b12a2274daf4f9e4029ffdec5e70764f6be9268f7b2bd3a32fd3034398
Apple Security Advisory 07-29-2024-8 - tvOS 17.6 addresses bypass, information leakage, integer overflow, out of bounds access, out of bounds read, and use-after-free vulnerabilities.
24af958901ec4f60019382c6391a5084c8fa27387c472f7a1c9b0d411986764e
Apple Security Advisory 07-29-2024-7 - watchOS 10.6 addresses bypass, information leakage, integer overflow, out of bounds access, out of bounds read, and use-after-free vulnerabilities.
ce1b90be255740d64fae92457b413c220daea634eaabb0a474025f9a8ea97a77
Apple Security Advisory 07-29-2024-6 - macOS Monterey 12.7.6 addresses bypass, code execution, out of bounds read, out of bounds write, and spoofing vulnerabilities.
929caca30b5aa2cda92d44eb666bf01775f6d98165012b1c1517eef37b683896
Apple Security Advisory 07-29-2024-5 - macOS Ventura 13.6.8 addresses bypass, code execution, integer overflow, out of bounds read, out of bounds write, and spoofing vulnerabilities.
93e970c9d9534dec2ac727c8d034c1de7f39f9e4f3adde27b8a3d7b57cde5d6a
Apple Security Advisory 07-29-2024-4 - macOS Sonoma 14.6 addresses buffer overflow, bypass, code execution, information leakage, integer overflow, out of bounds access, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.
ae832f20b8a382b80cfa8c55837cfb4ccc59d3ee288b95b2aba5d16400cc0192
Apple Security Advisory 07-29-2024-3 - iOS 16.7.9 and iPadOS 16.7.9 addresses bypass, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
f7b26d473ad3169fbed242934596d9e3281378ecbd212da94f7ce686cb90b1c4
Apple Security Advisory 07-29-2024-2 - iOS 17.6 and iPadOS 17.6 addresses bypass, information leakage, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
da54e6d0a3ea7a8f32a9b9ff42884a7a1c4c0a06f57c1945b3d4a76d64693444
Apple Security Advisory 07-29-2024-1 - Safari 17.6 addresses out of bounds access, out of bounds read, spoofing, and use-after-free vulnerabilities.
25d2dc0677f021e959c619c9edb4b4501758ac63a1051ea2fa65e86686673193