Mac OS X | Core Security

This module exploits a specific flaw in the Hewlett-Packard Graphics Language

filter. Inadequate bounds checking on the pen width and pen color

opcodes result in an arbitrary memory overwrite allowing for the

execution of arbitrary code as the "hgltops" process uid.

-Linux Support added

This module exploits a vulnerability in Apple CUPS, when handling the IPP_TAG_UNSUPPORTED which could be exploited by attackers to cause a remote pre-authentication denial of service.

This module improves several features for client side exploits.

This module exploits a Reflected Cross-Site Scripting vulnerability in Openfire to install an agent.

This module exploits a buffer overflow vulnerability in smcFanControl on Apple Mac OS X 10.4.x when the software is installed with setuid root. An attacker can exploit this vulnerability to obtain root privileges.

This module improves several features for client side exploits.

This module exploits a vulnerability in Adobe Reader and Adobe Acrobat Professional .PDF files. The vulnerability is caused due to boundary errors in collectEmailInfo() method in EScript.api. This can be exploited to cause a stack-based buffer overflow when a specially crafted PDF file is opened.

This update adds support for Mac OS X 10.4.x and 10.5.x.

The PPP daemon (pppd) in Apple Mac OS X 10.4.8 checks ownership of the stdin file descriptor to determine if the invoker has sufficient privileges, which allows local users to load arbitrary plugins and gain root privileges by bypassing this check.

This module runs a server waiting for vulnerable clients to connect to it. When the client connects, it will try to install an agent by exploiting a vulnerability in Apple QuickTime, which allows unauthenticated attackers to execute arbitrary code or cause a denial of service condition.

This update adds Mac Intel support.

Subscribe to Mac OS X

Privacy Policy

Cookie Policy

Terms of Service

Accessibility

Impressum