ignore security and it'll go away
Showing 51 - 75 of 649 RSS Feed

Operating System: Mac OS X

OS X Kernel AppleUSBPipe::Abort Missing Bounds Checking
Posted Mar 22, 2016
Authored by Google Security Research, ianbeer

Mac OS X kernel suffers from a code execution vulnerability due to a lack of bounds checking in AppleUSBPipe::Abort.

tags | exploit, kernel, code execution
systems | linux, apple, osx
advisories | CVE-2016-1749
MD5 | bed149432923b940c127c1235d8bcd34
OS X Kernel Nvidia Driver Unchecked Array Index
Posted Mar 22, 2016
Authored by Google Security Research, ianbeer

Mac OS X kernel has an issue where an unchecked array index can be used to read an object pointer then call a virtual method in the Nvidia GEForce driver.

tags | exploit, kernel
systems | linux, apple, osx
advisories | CVE-2016-1741
MD5 | a47e6c7658312f6b320a70c4c60eab37
OS X Kernel Use-After-Free / Double Delete
Posted Mar 22, 2016
Authored by Google Security Research, ianbeer

The Mac OS X kernel suffers from use-after-free and double delete issues due to incorrect locking in the Intel GPU driver.

tags | exploit, kernel
systems | linux, apple, osx
advisories | CVE-2016-1744
MD5 | 0fa2674827e519c2c3e1d71a56b5d833
Apple Security Advisory 2016-03-21-7
Posted Mar 22, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-03-21-7 - OS X Server 5.1 is now available and addresses RC4 crypto weaknesses, file access, and information disclosure vulnerabilities.

tags | advisory, crypto, vulnerability, info disclosure
systems | apple, osx
advisories | CVE-2016-1774, CVE-2016-1776, CVE-2016-1777, CVE-2016-1787
MD5 | f256c898392904a019b6cae8d63efdf2
Apple Security Advisory 2016-03-21-5
Posted Mar 22, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-03-21-5 - OS X El Capitan 10.11.4 and Security Update 2016-002 is now available and addresses code execution, memory corruption, and various other vulnerabilities.

tags | advisory, vulnerability, code execution
systems | apple, osx
advisories | CVE-2014-9495, CVE-2015-0973, CVE-2015-1819, CVE-2015-3195, CVE-2015-5312, CVE-2015-5333, CVE-2015-5334, CVE-2015-7499, CVE-2015-7500, CVE-2015-7551, CVE-2015-7942, CVE-2015-8035, CVE-2015-8126, CVE-2015-8242, CVE-2015-8472, CVE-2015-8659, CVE-2016-0777, CVE-2016-0778, CVE-2016-0801, CVE-2016-0802, CVE-2016-1732, CVE-2016-1733, CVE-2016-1734, CVE-2016-1735, CVE-2016-1736, CVE-2016-1737, CVE-2016-1738, CVE-2016-1740
MD5 | 627ce9820a6da1e5027ea19b5f314b42
Ubuntu Security Notice USN-2909-1
Posted Feb 23, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2909-1 - halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs. A local unprivileged attacker could use this to gain privileges. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, osx, ubuntu
advisories | CVE-2015-8785, CVE-2016-1575, CVE-2016-1576
MD5 | c3d900dc55125d606c8ada34c35b315d
Ubuntu Security Notice USN-2910-1
Posted Feb 23, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2910-1 - halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs. A local unprivileged attacker could use this to gain privileges. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, osx, ubuntu
advisories | CVE-2015-7550, CVE-2015-8543, CVE-2015-8569, CVE-2015-8575, CVE-2015-8785, CVE-2016-1575, CVE-2016-1576
MD5 | 5ed676fa5fe812b5a94013b6252bcc09
Ubuntu Security Notice USN-2908-2
Posted Feb 23, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2908-2 - halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs. A local unprivileged attacker could use this to gain privileges. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, osx, ubuntu
advisories | CVE-2013-4312, CVE-2015-8785, CVE-2016-1575, CVE-2016-1576, CVE-2016-2069
MD5 | 2d7c7ee60e1a7d19a52efbf09b6c634a
Ubuntu Security Notice USN-2908-3
Posted Feb 23, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2908-3 - halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs. A local unprivileged attacker could use this to gain privileges. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, osx, ubuntu
advisories | CVE-2013-4312, CVE-2015-8785, CVE-2016-1575, CVE-2016-1576, CVE-2016-2069
MD5 | 5680672e83a8e72b5207ee657a22e029
Ubuntu Security Notice USN-2908-1
Posted Feb 23, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2908-1 - halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs. A local unprivileged attacker could use this to gain privileges. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, osx, ubuntu
advisories | CVE-2013-4312, CVE-2015-8785, CVE-2016-1575, CVE-2016-1576, CVE-2016-2069
MD5 | d5d7f2d06c1fbed5492bd96a66c1e041
Ubuntu Security Notice USN-2907-2
Posted Feb 23, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2907-2 - halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs. A local unprivileged attacker could use this to gain privileges. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, osx, ubuntu
advisories | CVE-2015-7550, CVE-2015-8543, CVE-2015-8569, CVE-2015-8575, CVE-2015-8785, CVE-2016-1575, CVE-2016-1576
MD5 | 798142f94f449f05b15e2d12b69f7543
Ubuntu Security Notice USN-2907-1
Posted Feb 23, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2907-1 - halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs. A local unprivileged attacker could use this to gain privileges. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, osx, ubuntu
advisories | CVE-2015-7550, CVE-2015-8543, CVE-2015-8569, CVE-2015-8575, CVE-2015-8785, CVE-2016-1575, CVE-2016-1576
MD5 | e8d3239a49034312268ff7337e572e1f
Red Hat Security Advisory 2016-0225-01
Posted Feb 16, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0225-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module.

tags | advisory, remote, overflow
systems | linux, redhat, osx
advisories | CVE-2015-7547
MD5 | 704f74a2ec2b23ccef1d4561fcdc8657
Red Hat Security Advisory 2016-0176-01
Posted Feb 16, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0176-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module.

tags | advisory, remote, overflow
systems | linux, redhat, osx
advisories | CVE-2015-5229, CVE-2015-7547
MD5 | 5f58c9b7c52c02becfe6b3d2e8357ea9
Red Hat Security Advisory 2016-0175-01
Posted Feb 16, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0175-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module.

tags | advisory, remote, overflow
systems | linux, redhat, osx
advisories | CVE-2015-7547
MD5 | 1dad5ded0754526407fbb5cff6df2899
OS X Sysmond XPC Type Confusion Privilege Escalation
Posted Feb 10, 2016
Authored by Google Security Research, ianbeer

OS X suffers from a privilege escalation vulnerability due to XPC type confusion in sysmond.

tags | exploit
systems | linux, apple, osx
advisories | CVE-2014-8835
MD5 | 3ac26a15ec16701e2fb2e821afc62436
iOS / OS X Kernel IOHDIXControllUserClient:clientClose UAF / Double Free
Posted Jan 27, 2016
Authored by Google Security Research, ianbeer

iOS / OS X kernels suffer from a use-after-free / double free vulnerability due to lack of locking in IOHDIXControllUserClient:clientClose.

tags | exploit, kernel
systems | cisco, linux, apple, osx, ios
advisories | CVE-2015-7110
MD5 | 4ca3511924adc3aa52a467b0ddf5ed87
iOS / OS X Iokit Registry Iterator Double Free
Posted Jan 27, 2016
Authored by Google Security Research, ianbeer

iOS / OS X suffer from a kernel double free due to lack of locking in Iokit registry iterator manipulation.

tags | exploit, kernel, registry
systems | cisco, linux, apple, osx, ios
advisories | CVE-2015-7084
MD5 | c9357d0e4d6e5c18a2ac1368f7f6da8e
iOS / OS X NECP System Control Integer Overflow
Posted Jan 27, 2016
Authored by Google Security Research, ianbeer

iOS and OS X suffers from a kernel code execution vulnerability due to an integer overflow in NECP system control socket packet parsing.

tags | exploit, overflow, kernel, code execution
systems | cisco, linux, apple, osx, ios
advisories | CVE-2015-7083
MD5 | d2d590a1897674eee90f0e0ceadb0af8
iOS / OS X IOHIDEventQueue:start Code Execution
Posted Jan 27, 2016
Authored by Google Security Research, ianbeer

iOS and OS X suffer from a kernel code execution vulnerability via double-delete in IOHIDEventQueue:start due to incorrect error handling.

tags | exploit, kernel, code execution
systems | cisco, linux, apple, osx, ios
advisories | CVE-2015-7112
MD5 | b346e5d7b4ab0305590a11f0d0ad7091
Apple Security Advisory 2016-01-19-2
Posted Jan 20, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-01-19-2 - OS X El Capitan 10.11.3 and Security Update 2016-001 are now available and address memory corruption, code execution, and privilege escalation vulnerabilities.

tags | advisory, vulnerability, code execution
systems | apple, osx
advisories | CVE-2015-7995, CVE-2016-1716, CVE-2016-1717, CVE-2016-1718, CVE-2016-1719, CVE-2016-1720, CVE-2016-1721, CVE-2016-1722, CVE-2016-1729
MD5 | 1a3cee9c9c4fc15f51453f6d8a64e885
Apple Security Advisory 2015-12-08-3
Posted Dec 10, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-12-08-3 - OS X El Capitan 10.11.2 and Security Update 2015-008 is now available and addresses 54 vulnerabilities.

tags | advisory, vulnerability
systems | apple, osx
advisories | CVE-2011-2895, CVE-2012-0876, CVE-2012-1147, CVE-2012-1148, CVE-2015-3807, CVE-2015-5333, CVE-2015-5334, CVE-2015-6908, CVE-2015-7001, CVE-2015-7038, CVE-2015-7039, CVE-2015-7040, CVE-2015-7041, CVE-2015-7042, CVE-2015-7043, CVE-2015-7044, CVE-2015-7045, CVE-2015-7046, CVE-2015-7047, CVE-2015-7052, CVE-2015-7053, CVE-2015-7054, CVE-2015-7058, CVE-2015-7059, CVE-2015-7060, CVE-2015-7061, CVE-2015-7062, CVE-2015-7063
MD5 | a3dfdb84b85b00741b1c089a33944dfe
Red Hat Security Advisory 2015-2589-01
Posted Dec 9, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2589-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. It was discovered that the nss_files backend for the Name Service Switch in glibc would return incorrect data to applications or corrupt the heap. A local attacker could potentially use this flaw to execute arbitrary code on the system. It was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data.

tags | advisory, arbitrary, local, info disclosure
systems | linux, redhat, osx
advisories | CVE-2013-7423, CVE-2015-1472, CVE-2015-1473, CVE-2015-1781, CVE-2015-5277
MD5 | 19cba1476d7eb01430fcb1c63abd9f4d
Mac OS X 10.11 FTS Buffer Overflow
Posted Dec 8, 2015
Authored by Maksymilian Arciemowicz

Mac OS X version 10.11 suffered from an FTS deep structure of the file system buffer overflow vulnerability.

tags | exploit, overflow
systems | apple, osx
advisories | CVE-2010-0105, CVE-2013-6799, CVE-2014-4433, CVE-2014-4434
MD5 | 675fdc1af0d659351253897581e4b48f
Zed Attack Proxy 2.4.3 Mac OS X Release
Posted Dec 5, 2015
Authored by Psiinon | Site owasp.org

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Mac OS X release.

Changes: Various updates.
tags | tool, web, vulnerability
systems | apple, osx
MD5 | c3c2d165042c07a633a09351438e294d
Page 3 of 26
Back12345Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    15 Files
  • 19
    Oct 19th
    10 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    4 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close