There is a memory corruption issue when processing a malformed RTP video stream in FaceTime that leads to a kernel panic due to a corrupted heap cookie or data abort. This bug can be reached if a user accepts a call from a malicious caller. This issue only affects FaceTime on iOS, it does not crash on a Mac.
e1efd0319dcc1218c75d95f35d08574bThe Google Cardboard Android and iOS applications (Android version 1.8, iOS version 1.2 and below) sends potentially sensitive information such as OS, CPU architecture, graphics chip vendor and version, CPU count, RAM, VRAM, screen size, device make and model, unencrypted to a third party site (Unity 3D Stats).
90bd446dbfb72bbe575551b017929885Apple Security Advisory 2018-10-30-8 - iOS 12 addresses code execution and denial of service vulnerabilities.
ecc5aee44c05b11b397afe48c8e8e894Apple Security Advisory 2018-10-30-1 - iOS 12.1 is now available and addresses code execution, cross site scripting, denial of service, and resource exhaustion vulnerabilities.
5ef94b835f94faad7aa4c95af8f0c45ePhrack Viewer Discretion Advised write up called (De)coding an iOS Kernel Vulnerability.
0b9e1425eae2da58736a86d93db780a0iOS and macOS suffers from a sandbox escape due to trusted length field in shared memory used by the HID event subsystem.
d02085ca3eebe96590a6bfad12954bf6iOS suffers from a kernel stack memory disclosure due to failure to check copyin return value.
dabae5d2d2f7dfbc02093d00e56e96e6iOS and macOS suffer from sandbox escape vulnerabilities due to MIG failing to use correct out-of-line descriptor lengths when parsing reply messages.
4f22a8f810b85991d35e76ab7b9861b4iOS and macOS suffers from a sandbox escape vulnerability due to mach message sent from shared memory.
212667e2b57588da87c0742e251ac563The iOS kernel suffers from a use-after-free vulnerability due to bad error handling in personas.
00aa8ae882f2b6020f3e4a12749da1eeApple Security Advisory 2018-10-08-1 - iOS 12.0.1 is now available and addresses lock screen issues.
7973fb64f647f02a30d5b632ad7521b0Apple Security Advisory 2018-9-24-4 - APPLE-SA-2018-9-24-4 provides additional information for APPLE-SA-2018-9-17-1. iOS 12 is now available and addresses memory corruption and input validation vulnerabilities.
be61103916d6a6155c475e643895c9b9Apple Security Advisory 2018-9-24-3 - APPLE-SA-2018-9-24-3 provides dditional information for APPLE-SA-2018-9-17-4. Safari 12 is now available and addresses browser history deletion and user interface spoofing vulnerabilities.
be699c74c6ab474dce54ff14a2997b25Apple Security Advisory 2018-9-17-5 - Apple Support 2.4 for iOS is now available and addresses a data interception issue.
a7441db84a7a0503a585f77069e82c01Apple Security Advisory 2018-9-17-1 - iOS 12 is now available and addresses memory corruption and input validation vulnerabilities.
94c7b08f05542c1e82ef6e458f60b472Signal on iOS (createGenericPreview) fails to check for unreasonably large images before manipulating received images. This allows for a large image sent to a user to exhaust all available memory when the image is displayed resulting in a forced restart of the device.
5fcb5cbb9844453047fb22759181b904ownCloud version 3.7.3 for iOS suffers from a cross site scripting vulnerability.
5ae27cad5869c1d6ba868d900a0d55c8Linkedin mobile iOS application version 9.11.8592.4 suffers from a CPU resource exhaustion vulnerability.
548e38902cc5abaceaeb0c3f8618bdd6Apple Security Advisory 2018-7-23-3 - iOS 11.4 addresses buffer overflow, code execution, and denial of service vulnerabilities.
8427cf26d14947f142aa0d01ecf6404amacOS and iOS suffer from a javascript injection bug in OfficeImporter.
8a77e3c5cc05866fe394bdbf6a928d1bApple Security Advisory 2018-7-9-1 - iOS 11.4.1 is now available and addresses code execution and denial of service vulnerabilities.
45d49e10a5c072897d4d320a7c5c9ee5The macOS and iOS kernels suffer from a heap overflow due to a lack of lower size check in getvolattrlist.
8bc2ddee4be107c0fed7f5978e377f2cWhatsApp version 2.18.31 on iOS suffers from a remote memory corruption vulnerability.
e1523bcfb6fbea3ce35f934bb2914515macOS/iOS ReportCrash suffers from a mach port replacement due to failure to respect MIG ownership rules.
afd5e9434d99e4e48e8d1ec634a2c115Compass Security discovered a design weakness in Microsoft Intune's iOS Keychain management. This allows users to access company data even after the device has been unenrolled.
07ee7ba08f913665a8c31f611a99564a
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed