Sourcetree suffers from multiple remote code execution vulnerabilities related to git submodules and argument injection. macOS versions 1.0b2 up to 2.7.6 and Windows versions 0.5.1.0 up to 2.6.10 are affected.
cde4d25e68a273c6d5c20d3578cda77f6c048e35cf3936b680f4f3eaecbffdd7
macOS version 10.13 suffers from a kernel memory disclosure due to lack of bounds checking in AppleIntelCapriController::getDisplayPipeCapability.
fb130620dcdb600a2ebb81e91fb99499f91f82761f79a1fbcc6eee1ab19cfe5d
macOS suffers from a process_policy stack leak through an uninitialized field.
0b61e14b1505449eec0ba268f437fa25ec911aea03a436a711c618048ab77483
Apple Security Advisory 2018-1-8-2 - macOS High Sierra 10.13.2 Supplemental Update includes security improvements to Safari and WebKit to mitigate the effects of Spectre.
d853f93e1e71c9aa8d886a2aeccf078dfaa905ed2a74523bb075a36373aaeaf3
This is a macOS kernel exploit based on an IOHIDFamily vulnerability.
6ea69ef80ff70cebf65157f4be408a355f3ccb59f4cdf7875c0601be00b560f1
macOS and iOS suffer from a kernel double free vulnerability due to IOSurfaceRootUserClient not respecting MIG ownership rules.
4314c9b3d4d919fbf8280f16f7d8de49f26550f782ad1c352b5a319dee587e69
macOS suffers from a getrusage stack leak through struct padding.
f3c771e820e8f87d811a6417706be697870406b209dca5dce3bea7c2d48f9b1f
macOS suffers from an so_pcb type confusion vulnerability in necp_get_socket_attributes.
f2be6f0616271669be7061d78a7fed3616c67d1ae20bdb5246c68bbfa933e85d
macOS / iOS suffer from multiple kernel use-after-free vulnerabilities due to incorrect IOKit object lifetime management in IOTimeSyncClockManagerUserClient.
752bf8adfa42c1db21266f6817c3ff5c3ef4a4a157ab2fbb3882400fdc6fb035
The macOS kernel suffers from a code execution vulnerability due to a lack of bounds checking in AppleIntelCapriController::GetLinkConfig.
e6906ea2b28432c3baf84f42363204bf8884dc823824bf02ba0d05aa103772e9
macOS and iOS suffer from a kernel double free due to incorrect API usage in flow divert socket option handling.
0b5dfcc9863d0ed99660566f6392ccc4d9189ce7b6334fa7a00773db58a29596
Apple Security Advisory 2017-12-6-1 - macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan are now available and address issues in apache, curl, and more.
3918e25736c0918763ac137433051db5b4a68c6701db5e97911b5001522fb8e4
Apple macOS version 10.13.1 (High Sierra) suffers from a cron related local privilege escalation vulnerability that allows you to gain root privileges.
fbe2d99d3b7ef8fd7877306d5456d2c15f9aac738eb9b0ae46533c5eed03251a
This Metasploit module exploits a serious flaw in Mac OS X High Sierra. Any user can login with user "root", leaving an empty password.
dd129338b035d1f1252020b0fcad4403a67d63fb88369b316e4ae2fb47bd5adc
Apple Security Advisory 2017-10-31-8 - Additional information for the APPLE-SA-2017-09-25-1 macOS High Sierra 10.13 advisory has been provided that relates to Apache and various other software.
dd6b5b4eac263ebc5404ceffc22559c55c0e9ecea353a5fb6bd44a6814913f91
Apple Security Advisory 2017-10-31-12 - Additional information for the APPLE-SA-2017-09-25-9 macOS Server 5.4 advisory has been provided that relates to FreeRADIUS and Postfix.
ab7f1016be63a4d64acf9e8afda8cb266e256bd54b6c0f883eb1a5a8a72517ed
Apple Security Advisory 2017-10-31-2 - macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, Security Update 2017-004 El Capitan are now available and address TLS weaknesses, issues in Apache, and many more vulnerabilities.
ac256e54648493ce415cbcd2306f79310dc0a2baeca5b8e57161504c227231ff
Apple Security Advisory 2017-10-05-1 - macOS High Sierra 10.13 Supplemental Update is now available and addresses a password hint issue and keychain extraction vulnerabilities.
ba18157b0ddad8def7a6b9f8b593aefe7b6bf640e60a4ebe23e2efed83ae9885
Apple Security Advisory 2017-09-25-9 - macOS Server 5.4 is now available and addresses multiple vulnerabilities in FreeRADIUS.
55e8bc0b8dac96f5d4ea0c8772595685f930c0aabdaf38ed83e4aefe2c18f431
Apple Security Advisory 2017-09-25-1 - macOS High Sierra 10.13 is now available and addresses denial of service, insecure transit, and various other vulnerabilities.
56a33c5e5ed39ad993bf22ead073e39949c0c55274f11b40248081e1873fc193
SourceTree suffers from multiple remote code execution vulnerabilities that can be triggered via hostile repositories being checked in. SourceTree for macOS versions prior to 2.6.1 and SourceTree for Windows versions prior to 2.1.10 are affected.
1e50b9884995c5b9c544b4aa24ba0de7ea8f777b919770ce1a23e318b7d2c761
macOS and iOS sandbox escapes and privilege escalation vulnerabilities exist due to unexpected shared memory-backed xpc_data objects.
405eaaf340b03d53f3015ef4449fe9eaf691f0e32d6d231209f1632dfa391afd
Apple Security Advisory 2017-07-19-2 - macOS 10.12.6 is now available and addresses code execution, memory corruption, and various other vulnerabilities.
bcc56d96708e760ecf0c7d3255dbf1e45f11507054dc7e9d429392beb7658554
VMware Horizon's macOS client versions prior to 4.5 suffer from a code injection vulnerability.
f66d718ae51d75bdcc8a8fa9026bde7c7516f85ea2777a8579d4c319165f6016
MacOS and iOS suffer from a userspace entitlement race condition.
4ebafbb5739c54a9e9cc89090e800144ff08cbe890ca0a497d69232449556a6c
Apple MacOS disk arbitration daemon race condition exploit.
5e822f89be908a76378c56e9215de59cc184f0164ff3f531107ef63a5defc99b