WebKit as used in Apple Safari versions prior to 5.0.6 memory corruption exploit with DEP bypass.
>> CATEGORY: OSX security tools
Secunia Security Advisory – A vulnerability has been reported in Apple iOS, which can be exploited by malicious people to conduct spoofing attacks.
Secunia Security Advisory – Multiple vulnerabilities have been reported in Apple iWork, which can be exploited by malicious people to compromise a user’s system.
Apple Security Advisory 2011-07-25-1 – A certificate chain validation issue existed in the handling of X.509 certificates. An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS
Apple Security Advisory 2011-07-25-2 – The iOS 4.2.10 software update addresses a certificate chain validation issue. The issue existed in the handling of X.509 certificates where an attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS. Other attacks involving X.509 certificate validation may also be possible
Apple Security Advisory 2011-07-20-2 – An iWork 9.1 update addresses multiple security issues. A buffer overflow existed in the handling of Excel files
Universal OS X dyld ROP shellcode that spawns a shell on port 4444.
iDefense Security Advisory 07.20.11 – Remote exploitation of a memory corruption vulnerability in Apple Inc.’s Safari browser could allow an attacker to execute arbitrary code with the privileges of the current user. Safari is Apple’s Web browser and is based on the open source WebKit browser engine. This vulnerability occurs when Safari incorrectly handles an error state when encountering a broken XHTML tag.
iDefense Security Advisory 07.20.11 – Remote exploitation of a heap based buffer overflow vulnerability in WebKit, as included with Apple Inc.’s Safari Web browser, could allow an attacker to execute arbitrary code with the privileges of the current user. Safari versions prior to 5.1 and 5.0.6 are vulnerable.
iDefense Security Advisory 07.20.11 – Remote exploitation of a use-after-free vulnerability in WebKit, as included with Apple Inc.’s Safari Web browser, could allow an attacker to execute arbitrary code with the privileges of the current user.