A mitigation bypass / privilege escalation flaw has been discovered in Apple's iOS Screen Time functionality, granting one access to modify the restrictions. It allows a local attacker to acquire the Screen Time Passcode by bypassing the anti-bruteforce protections on the four-digit Passcode, and in consequence gaining total control over Screen Time (Parental Control) settings. Versions lower than 18 are affected.
75666d1dc71fb63eadc1180b8fde8bebebfa673977a37f948bb5e8bd009bd6f8Apple Security Advisory 09-16-2024-10 - macOS Ventura 13.7 addresses buffer overflow, bypass, out of bounds access, out of bounds read, and spoofing vulnerabilities.
83bec15ab00978bb0f11e5f9e97e565cb578510b79514deba529887e8947a015Apple Security Advisory 09-16-2024-9 - macOS Sonoma 14.7 addresses buffer overflow, bypass, out of bounds access, out of bounds read, out of bounds write, and spoofing vulnerabilities.
8c7c598c2151ce639d355f21defbebd09be8b2089b0d7ca88eaa2eab7d02cc0aApple Security Advisory 09-16-2024-8 - iOS 17.7 and iPadOS 17.7 addresses bypass, out of bounds access, and out of bounds read vulnerabilities.
4993b0fd28e2f9894d9a7a6b11b76fd5ab68a695255e84e47ffc88d2865ddeafApple Security Advisory 09-16-2024-7 - Xcode 16 addresses unauthorized access issues.
a9f654caa833e22ec318c428a9c9ddca09390fb9d6b6567f2484d2d566bdb417Apple Security Advisory 09-16-2024-6 - Safari 18 addresses cross site scripting and spoofing vulnerabilities.
8565030c81e5697f1f766f9a15d6dc4896c79e31fa63809ae8174b258ad1dd69Apple Security Advisory 09-16-2024-5 - visionOS 2 addresses cross site scripting, integer overflow, out of bounds access, and out of bounds read vulnerabilities.
c33139a06c51eeb99d320b409bf3dff9bf4f6d249df655edcfd84eafd70434a2Apple Security Advisory 09-16-2024-4 - watchOS 11 addresses cross site scripting, integer overflow, out of bounds access, and out of bounds read vulnerabilities.
cc37085fe262bc1e832562736dee07e94a59cea8867890657c7639a8a8399592Apple Security Advisory 09-16-2024-3 - tvOS 18 addresses cross site scripting, integer overflow, out of bounds access, and out of bounds read vulnerabilities.
c843d6fa186a698c1ffac01558f67ac6e0b1a38e1a1b300aaa7215b653a61d6fApple Security Advisory 09-16-2024-2 - macOS Sequoia 15 addresses buffer overflow, bypass, cross site scripting, integer overflow, out of bounds access, out of bounds read, out of bounds write, and spoofing vulnerabilities.
11e0895c93cecb300d8a33d6e28f17812bc77aab5debcbcbe16f0a04cf9334cbApple Security Advisory 09-16-2024-1 - iOS 18 and iPadOS 18 addresses bypass, cross site scripting, integer overflow, out of bounds access, and out of bounds read vulnerabilities.
fa8e9aa24c477ac62dac02f1d7ffb2d3727adf70a3fa512f104f0036e314d08eThis Metasploit module can be used to read the stored password of a vulnerable Apple Airport Extreme access point. Only a small number of firmware versions have the WDBRPC service running, however the factory configuration was vulnerable. It appears that firmware versions 5.0.x as well as 5.1.x are susceptible to this issue. Once the password is obtained, the access point can be managed using the Apple AirPort utility.
2fd6adb947740556bec13b31bd6224dcc19a86dab49c5a548ca5ac8935074e42This Metasploit module abuses an XSS vulnerability in versions prior to Firefox 39.0.3, Firefox ESR 38.1.1, and Firefox OS 2.2 that allows arbitrary files to be stolen. The vulnerability occurs in the PDF.js component, which uses Javascript to render a PDF inside a frame with privileges to read local files. The in-the-wild malicious payloads searched for sensitive files on Windows, Linux, and OSX. Android versions are reported to be unaffected, as they do not use the Mozilla PDF viewer.
51c57f3920e9435bf62bbd93f1635f5a4935408c0f9db23d25b25d8babebaaeeA vulnerability exists in versions of OSX, iOS, and Windows Safari released before April 8, 2015 that allows the non-HTTPOnly cookies of any domain to be stolen.
4a33fb3750429fbc48b60b65f9266ada10b36414af7a3f3d44b49aac0e5a6e4fGenerates a .webarchive file for Mac OS X Safari that will attempt to inject cross-domain Javascript (UXSS), silently install a browser extension, collect user information, steal the cookie database, and steal arbitrary local files. When opened on the target machine the webarchive file must not have the quarantine attribute set, as this forces the webarchive to execute in a sandbox.
111b8b484280c1043940976e5d33858cc2c48891b75d23d8260fce63f84a668fThis Metasploit module exploits a vulnerability in WebKit on Apple iOS. If successful, the device will restart after viewing the webpage.
5fb709e84ac7a03a5e059af24d7661123ea36759f6837d2dbde635d397cf9dd1Apple Security Advisory 07-29-2024-9 - visionOS 1.3 addresses bypass, information leakage, integer overflow, out of bounds access, out of bounds read, and use-after-free vulnerabilities.
912783b12a2274daf4f9e4029ffdec5e70764f6be9268f7b2bd3a32fd3034398Apple Security Advisory 07-29-2024-8 - tvOS 17.6 addresses bypass, information leakage, integer overflow, out of bounds access, out of bounds read, and use-after-free vulnerabilities.
24af958901ec4f60019382c6391a5084c8fa27387c472f7a1c9b0d411986764eApple Security Advisory 07-29-2024-7 - watchOS 10.6 addresses bypass, information leakage, integer overflow, out of bounds access, out of bounds read, and use-after-free vulnerabilities.
ce1b90be255740d64fae92457b413c220daea634eaabb0a474025f9a8ea97a77Apple Security Advisory 07-29-2024-6 - macOS Monterey 12.7.6 addresses bypass, code execution, out of bounds read, out of bounds write, and spoofing vulnerabilities.
929caca30b5aa2cda92d44eb666bf01775f6d98165012b1c1517eef37b683896Apple Security Advisory 07-29-2024-5 - macOS Ventura 13.6.8 addresses bypass, code execution, integer overflow, out of bounds read, out of bounds write, and spoofing vulnerabilities.
93e970c9d9534dec2ac727c8d034c1de7f39f9e4f3adde27b8a3d7b57cde5d6aApple Security Advisory 07-29-2024-4 - macOS Sonoma 14.6 addresses buffer overflow, bypass, code execution, information leakage, integer overflow, out of bounds access, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.
ae832f20b8a382b80cfa8c55837cfb4ccc59d3ee288b95b2aba5d16400cc0192Apple Security Advisory 07-29-2024-3 - iOS 16.7.9 and iPadOS 16.7.9 addresses bypass, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
f7b26d473ad3169fbed242934596d9e3281378ecbd212da94f7ce686cb90b1c4Apple Security Advisory 07-29-2024-2 - iOS 17.6 and iPadOS 17.6 addresses bypass, information leakage, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
da54e6d0a3ea7a8f32a9b9ff42884a7a1c4c0a06f57c1945b3d4a76d64693444Apple Security Advisory 07-29-2024-1 - Safari 17.6 addresses out of bounds access, out of bounds read, spoofing, and use-after-free vulnerabilities.
25d2dc0677f021e959c619c9edb4b4501758ac63a1051ea2fa65e86686673193
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed