:: Deepquest ::

51 bytes small OSX / Intel setuid shell for x86_64.

Secunia Security Advisory – Multiple vulnerabilities have been reported in Apple iOS, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, disclose sensitive information, bypass certain security restrictions, or to compromise a user’s system.

Secunia Security Advisory – Apple has acknowledged multiple vulnerabilities in Apple TV, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable device.

Zero Day Initiative Advisory 10-257 – This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the wholeText method of the Text element. When calculating the total size of all the text containing it, the application will wrap a 32-bit integer. The application will use this in an allocation and then later use a different value for populating the buffer. This can lead to code execution under the context of the application.

Apple Safari versions 4.02 through 4.05 and Windows versions 5.0 through 5.0.2 suffer from cross-domain information leakage and temporary user tracking vulnerabilities.

Secunia Security Advisory – Multiple vulnerabilities have been reported in Apple iOS, which can be exploited by malicious people bypass certain security restrictions, conduct spoofing attacks, disclose sensitive information, cause a DoS (Denial of Service), or to compromise a user’s system.

VUPEN Vulnerability Research Team discovered a critical vulnerability in Apple Safari. The vulnerability is caused by a use-after-free in WebKit when handling selections, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.

Secunia Security Advisory – Multiple vulnerabilities and weaknesses have been reported in Apple Safari, which can be exploited by malicious people to bypass certain security restrictions, conduct spoofing attacks, or compromise a user’s system.

Zero Day Initiative Advisory 10-255 – This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the quicktime.qtx. When handling the m1s atom an integer value is used as an offset into a buffer. Minimal validation is done and an attacker can supply a negative value. This can be used to write to an arbitrary address in process memory. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the user.

Zero Day Initiative Advisory 10-254 – This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the QuickTimeMPEG.qtx module. When handling an ELST atom’s edit list table data large values are not handled properly. Specifically, the media rate field is explicitly trusted and can be abused to control memory copy operations. By specifying a large enough value, an attacker can utilize this to write to an arbitrary address in process memory. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the user.