Google Security Research

1,215 exploits Active since May 2013
CVE-2016-1821 EXPLOITDB HIGH c WORKING POC
IOAudioFamily <10.11.5 - RCE/DoS
IOAudioFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
CVSS 7.8
CVE-2016-1744 EXPLOITDB HIGH c WORKING POC
Apple OS X <10.11.4 - RCE
The Intel driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1743.
CVSS 7.8
CVE-2016-1793 EXPLOITDB HIGH c WORKING POC
Apple OS X <10.11.5 - RCE/DoS
AppleGraphicsDeviceControlClient in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
CVSS 7.8
CVE-2015-7047 EXPLOITDB c WORKING POC
Apple Watchos < 2.0 - Improper Input Validation
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges via a crafted mach message that is misparsed.
CVE-2015-7047 EXPLOITDB c WORKING POC
Apple Watchos < 2.0 - Improper Input Validation
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges via a crafted mach message that is misparsed.
CVE-2015-7078 EXPLOITDB c WORKING POC
Apple Mac OS X < 10.11.1 - Use After Free
Use-after-free vulnerability in Hypervisor in Apple OS X before 10.11.2 allows local users to gain privileges via vectors involving VM objects.
CVE-2016-1749 EXPLOITDB HIGH c WORKING POC
Apple OS X <10.11.4 - RCE/DoS
IOUSBFamily in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVSS 7.8
CVE-2016-1861 EXPLOITDB HIGH c WORKING POC
Apple OS X <10.11.5 - RCE
The NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1846.
CVSS 7.8
CVE-2015-7047 EXPLOITDB c WORKING POC
Apple Watchos < 2.0 - Improper Input Validation
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges via a crafted mach message that is misparsed.
CVE-2016-1755 EXPLOITDB HIGH c WORKING POC
Apple iOS <9.3 - Privilege Escalation
The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1754.
CVSS 7.8
CVE-2015-6996 EXPLOITDB c WORKING POC
Apple Iphone OS < 9.0.2 - Memory Corruption
IOAcceleratorFamily in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app.
CVE-2015-7084 EXPLOITDB text WORKING POC
Apple Iphone OS < 9.1 - Memory Corruption
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7083.
CVE-2016-1720 EXPLOITDB HIGH c WORKING POC
IOKit <9.2.1-10.11.3-9.1.1 - Privilege Escalation/DoS
IOKit in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
CVSS 7.8
CVE-2016-1803 EXPLOITDB HIGH c WORKING POC
Apple iOS <9.3.2, OS X <10.11.5, tvOS <9.2.1, watchOS <2.2.1 - RCE/DoS
CoreCapture in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
CVSS 7.8
CVE-2015-7047 EXPLOITDB c WORKING POC
Apple Watchos < 2.0 - Improper Input Validation
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges via a crafted mach message that is misparsed.
CVE-2015-7068 EXPLOITDB HIGH c WORKING POC
Apple Iphone OS < 9.2 - NULL Pointer Dereference
IOKit SCSI in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an app that provides an unspecified userclient type.
CVSS 7.8
EIP-2026-104554 EXPLOITDB c WORKING POC
Apple Mac OSX 10.10 - IOKit IntelAccelerator Null Pointer Dereference
CVE-2015-6995 EXPLOITDB c WORKING POC
Apple Mac OS X < 10.11.0 - Memory Corruption
The Disk Images component in Apple iOS before 9.1 and OS X before 10.11.1 misparses images, which allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app.
CVE-2017-7037 EXPLOITDB HIGH html WORKING POC
Apple <10.3.3, <10.1.2, <6.2.2, <12.6.2 - RCE/DoS
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
CVSS 8.8
CVE-2015-7077 EXPLOITDB c WORKING POC
Apple Mac OS X < 10.11.1 - Memory Corruption
The Intel Graphics Driver component in Apple OS X before 10.11.2 allows local users to gain privileges or cause a denial of service (out-of-bounds memory access) via unspecified vectors.
CVE-2017-2528 EXPLOITDB MEDIUM html WORKING POC
Apple Safari < 10.1 - XSS
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with cached frames.
CVSS 6.1
CVE-2017-2510 EXPLOITDB MEDIUM html WORKING POC
Apple Safari < 10.1 - XSS
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with pageshow events.
CVSS 6.1
CVE-2017-2515 EXPLOITDB HIGH html WORKING POC
Apple Iphone OS < 10.3.1 - Memory Corruption
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
CVSS 8.8
CVE-2015-7106 EXPLOITDB c WORKING POC
Apple Mac OS X < 10.11.1 - Memory Corruption
The Intel Graphics Driver component in Apple OS X before 10.11.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
EIP-2026-104489 EXPLOITDB html WORKING POC
WebKit - 'Document::prepareForDestruction' / 'CachedFrame' Universal Cross-Site Scripting