A radio proximity kernel memory corruption vulnerability exists in iOS and macOS due to bad state machine in BSS steering.
5ff730e5556e80e223e58b23eca60fa1Apple Security Advisory 2021-03-26-2 - iOS 12.5.2 addresses a cross site scripting vulnerability.
92e0cb5133e5e8ecb6931d5522ec5393Apple Security Advisory 2021-03-26-1 - iOS 14.4.2 and iPadOS 14.4.2 addresses a cross site scripting vulnerability.
a24404039fa9cf5fc55928412c9d7017Apple Security Advisory 2021-03-08-1 - iOS 14.4.1 and iPadOS 14.4.1 addresses a code execution vulnerability.
06c77493f484bf787aa128b7482af828The Canadian Internet Registration Authority (CIRA) Canadian Shield iOS application versions 4.0.12 and below do not validate the SSL certificate it receives when connecting to the application server.
bf1cf19e84f8affc4de78a67a8f1e677Apple Safari is susceptible to a remote code execution vulnerability via an undefined othersubr in Type 1 fonts handled by libType1Scaler.dylib on macOS and iOS.
46ada3aa4a5cf57b7f656c84696a56ccApple Security Advisory 2021-02-01-2 - iOS 14.4 and iPadOS 14.4 addresses buffer overflow, bypass, code execution, denial of service, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
5a08bcdee83129425fd6c1eb6b2dd555Apple Security Advisory 2021-01-26-1 - iOS 14.4 and iPadOS 14.4 address race condition and arbitrary code execution vulnerabilities.
9ea3bdc34259ca4f0ff33cda355065ebApple Security Advisory 2020-12-14-2 - iOS 12.5 addresses a code execution vulnerability.
fbf2576e6d5d22b3036b0586915e2dd4Apple Security Advisory 2020-12-14-1 - iOS 14.3 and iPadOS 14.3 addresses code execution, information leakage, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
806dfdd340bfdb087b03de6805c37b4cSuper Backup version 2.0.5 for iOS suffers from a directory traversal vulnerability.
dcba32401441371be6040dab9d02f9aeApple Security Advisory 2020-11-13-3 - Updates for iOS 14.0 and iPadOS 14.0 address buffer overflow, code execution, cross site scripting, denial of service, information leakage, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.
f15d74568f4f6adf383e272deddb869bApple Security Advisory 2020-11-05-2 - iOS 12.4.9 is now available and addresses a code execution vulnerability.
e403bd4c30b82e389c6c41871b8a9527Apple Security Advisory 2020-11-05-1 - iOS 14.2 and iPadOS 14.2 are now available and addresses code execution, integer overflow, out of bounds read, out of bounds write, path sanitization, and use-after-free vulnerabilities.
e316caeb924e1e7eb685c0783a056ddbIt appears that the corona virus Exposure Notifications API for iOS and Android may have a data leakage issue.
f3e9ce294b54d711be777bb3c9716ce7Whitepaper called iOS Swift Anti-Jailbreak Bypass with Frida.
3faa4e36a848fdfbb9d0d8405de46e69Apple Security Advisory 2020-09-16-1 - iOS 14.0 and iPadOS 14.0 are now available and address code execution, cross site scripting, out of bounds read, and out of bounds write vulnerabilities.
bf2d39afbca775367e4876e819239e81This Metasploit module exploits a JIT optimization bug in Safari Webkit. This allows us to write shellcode to an RWX memory section in JavaScriptCore and execute it. The shellcode contains a kernel exploit (CVE-2016-4669) that obtains kernel rw, obtains root and disables code signing. Finally we download and execute the meterpreter payload. This module has been tested against iOS 7.1.2 on an iPhone 4.
193bef4f6ec1463a50a80fcde4b59fa1A PAC and JIT hardening bypass exists in WebKit on iOS.
a3ac179138a9ac48c78209344b6266c3Mocha Telnet Lite for iOS version 4.2 denial of service proof of concept exploit.
07006fb34c3849a7f8b2583b33f722deRTSP for iOS version 1.0 denial of service proof of concept exploit.
9deb3c878023b0b278fe006ec1c53422iOS suffers from a Page Protection Layer (PPL) bypass due to incorrect argument verification in pmap_protect_options_internal() and pmap_remove_options_internal().
880d5a7841d44d213ff1f1ca340b8776Apple Security Advisory 2020-07-15-1 - iOS 13.6 and iPadOS 13.6 are now available and address buffer overflow, bypass, code execution, cross site scripting, denial of service, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
930c08146b91758658c332bba05db932VIPRE Password Vault iOS application versions 1.100.1090 and below suffer from a man-in-the-middle vulnerability due to a lack of validation of SSL certificates.
82d37852c91e2ee7b39bd7164fcdcea8Apple iOS version 13.5.1 suffers from an issue where it is possible to circumvent the copy and paste restriction from the company profile to the private profile. Thus, it is possible to extract attachments that can be previewed ("Quick Look") in the native Mail client to any private app.
25b8c8457ca8a60d7a3cd815cbaafb53
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed