:: Deepquest ::

Mac OS X 10.10.4 (Yosemite) suffers from a keychain-related denial of service vulnerability.

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners […]

In Apple OS X 10.10.4 and prior, the DYLD_PRINT_TO_FILE environment variable is used for redirecting logging data to a file instead of stderr. Due to a design error, this feature can be abused by a local attacker to write arbitrary files as root via restricted, SUID-root binaries.

OS X version 10.10 DYLD_PRINT_TO_FILE local privilege escalation proof of concept exploit.

This Metasploit module exploits a code execution flaw in Western Digital Arkeia version 11.0.12 and below. The vulnerability exists in the ‘arkeiad’ daemon listening on TCP port 617. Because there are insufficient checks on the authentication of all clients, this can be bypassed. Using the ARKFS_EXEC_CMD operation it’s possible to execute arbitrary commands with root […]

Apple Security Advisory 2015-06-30-6 – iTunes 12.2 is now available and addresses multiple memory corruption issues.

Apple Security Advisory 2015-06-30-5 – QuickTime 7.7.7 is now available and addresses multiple memory corruption issues.

Apple Security Advisory 2015-06-30-1 – iOS 8.4 is now available and addresses denial of service, an incorrect issued certificate, arbitrary code execution, and various other flaws.

Apple Security Advisory 2015-06-30-2 – OS X Yosemite 10.10.4 and Security Update 2015-005 are now available and address privilege escalation, arbitrary code execution, access bypass, and various other vulnerabilities.

Apple Security Advisory 2015-06-30-3 – Mac EFI Security Update 2015-001 is now available and addresses EFI flash memory modification and memory corruption issues.