Google Security Research - Security Researcher - Exploit Intelligence Platform

CVE-2016-1821 EXPLOITDB HIGH c WORKING POC

macOS < 10.11.5 - Remote Code Execution or Denial of Service via Crafted App

IOAudioFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.

CVSS 7.8

View Code

CVE-2016-1744 EXPLOITDB HIGH c WORKING POC

macOS < 10.11.4 - Memory Corruption in Intel Graphics Driver

The Intel driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1743.

CVSS 7.8

View Code

CVE-2016-1793 EXPLOITDB HIGH c WORKING POC

Apple OS X < 10.11.5 - Remote Code Execution or Denial of Service via AppleGraphicsDeviceControlClient

AppleGraphicsDeviceControlClient in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.

CVSS 7.8

View Code

CVE-2015-7047 EXPLOITDB c WORKING POC

watchOS < 2.1 - Local Privilege Escalation via Crafted Mach Message

The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges via a crafted mach message that is misparsed.

View Code

CVE-2015-7047 EXPLOITDB c WORKING POC

watchOS < 2.1 - Local Privilege Escalation via Crafted Mach Message

The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges via a crafted mach message that is misparsed.

View Code

CVE-2015-7078 EXPLOITDB c WORKING POC

macOS < 10.11.2 - Use-After-Free in Hypervisor via VM Objects

Use-after-free vulnerability in Hypervisor in Apple OS X before 10.11.2 allows local users to gain privileges via vectors involving VM objects.

View Code

CVE-2016-1749 EXPLOITDB HIGH c WORKING POC

Apple OS X < 10.11.4 - Memory Corruption in IOUSBFamily

IOUSBFamily in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

CVSS 7.8

View Code

CVE-2016-1861 EXPLOITDB HIGH c WORKING POC

macOS < 10.11.5 - Remote Code Execution in NVIDIA Graphics Drivers

The NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1846.

CVSS 7.8

View Code

CVE-2015-7047 EXPLOITDB c WORKING POC

watchOS < 2.1 - Local Privilege Escalation via Crafted Mach Message

The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges via a crafted mach message that is misparsed.

View Code

CVE-2016-1755 EXPLOITDB HIGH c WORKING POC

Apple iOS <9.3 - Privilege Escalation

The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1754.

CVSS 7.8

View Code

CVE-2015-6996 EXPLOITDB c WORKING POC

Apple iOS <9.1, macOS <10.11.1, watchOS <2.0.1 - Remote Code Execution via IOAcceleratorFamily Memory Corruption

IOAcceleratorFamily in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app.

View Code

CVE-2015-7084 EXPLOITDB text WORKING POC

Apple iOS <9.2, macOS <10.11.2, tvOS <9.1, watchOS <2.1 - Memory Corruption in Kernel

The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7083.

View Code

CVE-2016-1720 EXPLOITDB HIGH c WORKING POC

IOKit <9.2.1-10.11.3-9.1.1 - Privilege Escalation/DoS

IOKit in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

CVSS 7.8

View Code

CVE-2016-1803 EXPLOITDB HIGH c WORKING POC

Apple iOS <9.3.2, OS X <10.11.5, tvOS <9.2.1, watchOS <2.2.1 - RCE/DoS

CoreCapture in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.

CVSS 7.8

View Code

CVE-2015-7047 EXPLOITDB c WORKING POC

watchOS < 2.1 - Local Privilege Escalation via Crafted Mach Message

The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges via a crafted mach message that is misparsed.

View Code

CVE-2015-7068 EXPLOITDB HIGH c WORKING POC

Apple iOS <9.2, macOS <10.11.2, tvOS <9.1, watchOS <2.1 - Denial of Service via IOKit SCSI Userclient Type

IOKit SCSI in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an app that provides an unspecified userclient type.

CVSS 7.8

View Code

EIP-2026-104554 EXPLOITDB c WORKING POC

Apple Mac OSX 10.10 - IOKit IntelAccelerator Null Pointer Dereference

View Code

CVE-2015-6995 EXPLOITDB c WORKING POC

Apple iOS < 9.1 and OS X < 10.11.1 - Remote Code Execution via Disk Images Component

The Disk Images component in Apple iOS before 9.1 and OS X before 10.11.1 misparses images, which allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app.

View Code

CVE-2017-7037 EXPLOITDB HIGH html WORKING POC

Apple <10.3.3, <10.1.2, <6.2.2, <12.6.2 - RCE/DoS

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

CVSS 8.8

View Code

CVE-2015-7077 EXPLOITDB c WORKING POC

macOS < 10.11.2 - Privilege Escalation or Denial of Service via Intel Graphics Driver Memory Access

The Intel Graphics Driver component in Apple OS X before 10.11.2 allows local users to gain privileges or cause a denial of service (out-of-bounds memory access) via unspecified vectors.

View Code

CVE-2017-2528 EXPLOITDB MEDIUM html WORKING POC

Safari < 10.1.1 and iPhone OS < 10.3.2 - Universal Cross-Site Scripting via Cached Frames

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with cached frames.

CVSS 6.1

View Code

CVE-2017-2510 EXPLOITDB MEDIUM html WORKING POC

Safari < 10.1.1 - Universal Cross-Site Scripting via Pageshow Event Handling

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with pageshow events.

CVSS 6.1

View Code

CVE-2017-2515 EXPLOITDB HIGH html WORKING POC

iPhone OS < 10.3.1, Safari < 10.1, tvOS < 10.2 - Remote Code Execution via WebKit Memory Corruption

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

CVSS 8.8

View Code

CVE-2015-7106 EXPLOITDB c WORKING POC

macOS < 10.11.2 - Memory Corruption in Intel Graphics Driver

The Intel Graphics Driver component in Apple OS X before 10.11.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

View Code

EIP-2026-104489 EXPLOITDB html WORKING POC

WebKit - 'Document::prepareForDestruction' / 'CachedFrame' Universal Cross-Site Scripting

View Code