Subscribe via feed.
Archive for January, 2016

iOS Kernel IOHIDEventService Use-After-Free

Posted by deepcore under exploit (No Respond)

The iOS kernel suffers from a use-after-free vulnerability in IOHIDEventService.

SAP HANA hdbindexserver Memory Corruption

Posted by deepcore under exploit (No Respond)

A buffer overflow vulnerability exists in SAP HANA interface. If an attacker has a network access to the SQL interface or the SAP HANA Extended Application Services interface of an SAP HANA system, the vulnerability enables the attacker to inject code into the working memory that is subsequently executed by the application. It can also […]

Apple Security Advisory 2016-01-25-1

Posted by deepcore under Apple (No Respond)

Apple Security Advisory 2016-01-25-1 – tvOS 9.1.1 is now available and addresses code execution vulnerabilities.

Tags: , ,

iOS / OS X IOHIDEventQueue:start Code Execution

Posted by deepcore under Apple (No Respond)

iOS and OS X suffer from a kernel code execution vulnerability via double-delete in IOHIDEventQueue:start due to incorrect error handling.

Tags: , ,

iOS / OS X NECP System Control Integer Overflow

Posted by deepcore under Apple (No Respond)

iOS and OS X suffers from a kernel code execution vulnerability due to an integer overflow in NECP system control socket packet parsing.

Tags: , ,

iOS / OS X Iokit Registry Iterator Double Free

Posted by deepcore under Apple (No Respond)

iOS / OS X suffer from a kernel double free due to lack of locking in Iokit registry iterator manipulation.

Tags: , ,

OS X Coreaudiod Calls Uninitialized Function Pointer

Posted by deepcore under Apple (No Respond)

com.apple.audio.coreaudiod is reachable from various sandboxes including the Safari renderer. coreaudiod is sandboxed and runs as its own user, nevertheless it has access to various other interesting attack surfaces which safari doesn’t, allowing this bug to potentially form part of a full sandbox escape chain.

Tags: , ,

iOS / OS X Kernel IOHDIXControllUserClient:clientClose UAF / Double Free

Posted by deepcore under Apple (No Respond)

iOS / OS X kernels suffer from a use-after-free / double free vulnerability due to lack of locking in IOHDIXControllUserClient:clientClose.

Tags: , ,

[dos] – OS X – gst_configure Kernel Buffer Overflow

Posted by deepcore under Security (No Respond)

OS X – gst_configure Kernel Buffer Overflow

Tags: ,

[dos] – iOS and OS X – NECP System Control Socket Packet Parsing Kernel Code Execution Integer Overflow

Posted by deepcore under Security (No Respond)

iOS and OS X – NECP System Control Socket Packet Parsing Kernel Code Execution Integer Overflow

Tags: ,