Subscribe via feed.
Posts under OSX security tools

Safari 5.0.5 SVG Remote Code Execution

Posted by deepcore under Apple, exploit, OSX security tools (No Respond)

WebKit as used in Apple Safari versions prior to 5.0.6 memory corruption exploit with DEP bypass.

Tags: , , , ,

Secunia Security Advisory 45369

Posted by deepcore under Apple, exploit, OSX security tools, Security (No Respond)

Secunia Security Advisory – A vulnerability has been reported in Apple iOS, which can be exploited by malicious people to conduct spoofing attacks.

Tags: , ,

Secunia Security Advisory 45395

Posted by deepcore under Apple, exploit, OSX security tools, Security (No Respond)

Secunia Security Advisory – Multiple vulnerabilities have been reported in Apple iWork, which can be exploited by malicious people to compromise a user’s system.

Tags: , ,

Apple Security Advisory 2011-07-25-1

Posted by deepcore under Apple, OSX security tools, Security, software (No Respond)

Apple Security Advisory 2011-07-25-1 – A certificate chain validation issue existed in the handling of X.509 certificates. An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS

Tags: , ,

Apple Security Advisory 2011-07-25-2

Posted by deepcore under Apple, OSX security tools, Security, software (No Respond)

Apple Security Advisory 2011-07-25-2 – The iOS 4.2.10 software update addresses a certificate chain validation issue. The issue existed in the handling of X.509 certificates where an attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS. Other attacks involving X.509 certificate validation may also be possible

Tags: , , , ,

Apple Security Advisory 2011-07-20-2

Posted by deepcore under Apple, OSX security tools, Security (No Respond)

Apple Security Advisory 2011-07-20-2 – An iWork 9.1 update addresses multiple security issues. A buffer overflow existed in the handling of Excel files

Tags: , ,

Universal OS X ROP Shellcode

Posted by deepcore under Apple, OSX security tools (No Respond)

Universal OS X dyld ROP shellcode that spawns a shell on port 4444.

Tags: ,

iDefense Security Advisory 07.20.11 – Safari Memory Corruption

Posted by deepcore under Apple, exploit, OSX security tools, Security (No Respond)

iDefense Security Advisory 07.20.11 – Remote exploitation of a memory corruption vulnerability in Apple Inc.’s Safari browser could allow an attacker to execute arbitrary code with the privileges of the current user. Safari is Apple’s Web browser and is based on the open source WebKit browser engine. This vulnerability occurs when Safari incorrectly handles an error state when encountering a broken XHTML tag.

Tags: , , ,

iDefense Security Advisory 07.20.11 – WebKit Heap Overflow

Posted by deepcore under Apple, exploit, OSX security tools, Security (No Respond)

iDefense Security Advisory 07.20.11 – Remote exploitation of a heap based buffer overflow vulnerability in WebKit, as included with Apple Inc.’s Safari Web browser, could allow an attacker to execute arbitrary code with the privileges of the current user. Safari versions prior to 5.1 and 5.0.6 are vulnerable.

Tags: , , ,

iDefense Security Advisory 07.20.11 – WebKit Use-After-Free

Posted by deepcore under Apple, exploit, OSX security tools, Security (No Respond)

iDefense Security Advisory 07.20.11 – Remote exploitation of a use-after-free vulnerability in WebKit, as included with Apple Inc.’s Safari Web browser, could allow an attacker to execute arbitrary code with the privileges of the current user.

Tags: , , ,