Apple iOS/tvOS/watchOS Remote memory corruption through certificate file
Source:
https://cxsecurity.com/issue/WLB-2016110046
--
0. Short description
Special crafted certificate file may lead to memory corruption of
Apple libc incomplete fix of Security Update for OS X El Capitan 10.11.2
Credit: Maksymilian Arciemowicz from CXSECURITY.COM
URL: https://cxsecurity.com/issue/WLB-2016080232
Hi @ll,
Today Apple fixed buffer overflow issue in LIBC/FTS (CVE-2015-7039).
Patch available for:
- OS X El Capitan v10.11 and v10.11.1
- iPhone 4s and later,
- Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes
- Apple TV (4th generation)
Impact: Processing a maliciou
/*
MacOS X 10.11 hardlink bomb cause resource exhaustion (Avast PoC)
Credit: Maksymilian Arciemowicz ( CXSECURITY )
Website:
http://cxsecurity.com/
http://cert.cx/
Affected software:
- Commands such as: zip, tar, find
- AntiVirus: Avast, Eset32
Let's back to an old bug, which Apple does not pa
MacOS X 10.11 FTS Deep structure of the file system Buffer Overflow
Credit: Maksymilian Arciemowicz ( CXSECURITY )
Website:
http://cxsecurity.com/
http://cert.cx/
Affected software:
- Commands such as: ls, find, rm
- probably more
Apple file system suffer for a issue recognised in FTS library.
phpMyAdmin 4.4.6 Man-In-the-Middle to API Github (CVE-2015-3903)
Author: Maksymilian Arciemowicz from https://cxsecurity.com
Issue type: CWE-295
Source URL:
http://cxsecurity.com/issue/WLB-2015050095
--- Description ---
As we can read
CURLOPT_SSL_VERIFYPEER option.
http://curl.haxx.se/libcurl/c/
C++11 insecure by default
http://cxsecurity.com/issue/WLB-2014070187
--- 0 Description ---
In this article I will present a conclusion of testing the new 'objective
regex' in several implementation of standard c++ library like libcxx (clang)
and stdlibc++ (gcc). The results show the weakness i
MacOSX/XNU HFS Multiple Vulnerabilities
Maksymilian Arciemowicz
http://cxsecurity.com/
http://cifrex.org/
===
On November 8th, I've reported vulnerability in hard links for HFS+
(CVE-2013-6799)
http://cxsecurity.com/issue/WLB-2013110059
The HFS+ file system does not apply stric
MacOSX Safari Firefox Kaspersky RegExp Remote/Local Denial of Service
http://cxsecurity.com/
YouTube (Kaspersky PoC):
https://www.youtube.com/watch?v=joa_9IS7U90
0. Where is the problem?
Some time ago I have reported vulnerabilities in regcomp() in BSD
implementation (CVE-2011-3336) an
Apple MacOSX 10.9 Hard Link Memory Corruption
Date: 08.11.2013
http://cxsecurity.com/
http://cvemap.org/
URL: http://cxsecurity.com/issue/WLB-2013110059
- 0. Description ---
In most UNIX-like systems a hard link to a directory is only reserved for the
'root' user when possible at all.
In Mac
MacOSX 10.8.3 ftpd Remote Resource Exhaustion
Maksymilian Arciemowicz
http://cxsecurity.com/
http://cvemap.org/
Public Date: 01.02.2013
http://cxsecurity.com/cveshow/CVE-2010-2632
http://cxsecurity.com/cveshow/CVE-2011-0418
--- 1. Description ---
Old vulnerability in libc allow to denial of servi
11 matches
Mail list logo