Google Security Research

1,215 exploits Active since May 2013
CVE-2017-2474 EXPLOITDB HIGH c WORKING POC
iPhone OS < 10.3, macOS < 10.12.4, tvOS < 10.2, watchOS < 3.2 - Kernel Off-by-One Remote Code Execution
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. An off-by-one error allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVSS 7.8
CVE-2017-2478 EXPLOITDB HIGH c WORKING POC
iPhone OS < 10.3, macOS < 10.12.4, tvOS < 10.2, watchOS < 3.2 - Race Condition in Kernel
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVSS 7.0
CVE-2017-2482 EXPLOITDB HIGH c WORKING POC
iPhone OS < 10.3, macOS < 10.12.4, tvOS < 10.2, watchOS < 3.2 - Remote Code Execution via Kernel Buffer Overflow
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. A buffer overflow allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVSS 7.8
CVE-2017-2501 EXPLOITDB HIGH c WORKING POC
iPhone OS < 10.3.2, macOS < 10.12.5, tvOS < 10.2.1, watchOS < 3.2.2 - Race Condition in Kernel
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "Kernel" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVSS 7.0
EIP-2026-103409 EXPLOITDB c WORKING POC
Apple macOS/iOS Kernel - Memory Disclosure Due to Lack of Bounds Checking in netagent Socket Option Handling
CVE-2018-4243 EXPLOITDB HIGH c WORKING POC
iPhone OS < 11.4 - Remote Code Execution via getvolattrlist Buffer Overflow
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Kernel" component. A buffer overflow in getvolattrlist allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVSS 7.8
CVE-2017-2456 EXPLOITDB HIGH WORKING POC
iPhone OS < 10.3, macOS < 10.12.4, tvOS < 10.2, watchOS < 3.2 - Kernel Race Condition
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVSS 7.0
CVE-2018-4206 EXPLOITDB HIGH c WORKING POC
Apple tvOS < 11.4 - Remote Code Execution via Privileged Port Name Replacement
An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. macOS before 10.13.4 Security Update 2018-001 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Crash Reporter" component. It allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app that replaces a privileged port name.
CVSS 7.8
CVE-2017-2523 EXPLOITDB CRITICAL text WORKING POC
iPhone OS < 10.3.2, macOS < 10.12.5, tvOS < 10.2.1, watchOS < 3.2.2 - Remote Code Execution in Foundation
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "Foundation" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted data.
CVSS 9.8
CVE-2017-13847 EXPLOITDB HIGH c WORKING POC
iPhone OS < 11.2 and macOS < 10.13.2 - Memory Corruption in IOKit
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVSS 7.8
CVE-2017-2522 EXPLOITDB CRITICAL text WORKING POC
iPhone OS < 10.3.2, macOS < 10.12.5, tvOS < 10.2.1, watchOS < 3.2.2 - Remote Code Execution in CoreFoundation
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "CoreFoundation" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted data.
CVSS 9.8
CVE-2017-13861 EXPLOITDB HIGH text WORKING POC
Safari Webkit Proxy Object Type Confusion
An issue was discovered in certain Apple products. iOS before 11.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "IOSurface" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVSS 7.8
CVE-2017-13867 EXPLOITDB HIGH c WORKING POC
Apple <11.2, <10.13.2, <4.2, <11.2 - RCE/DoS
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVSS 7.8
CVE-2017-2524 EXPLOITDB CRITICAL text WORKING POC
iPhone OS < 10.3.2, macOS < 10.12.5, tvOS < 10.2.1, watchOS < 3.2.2 - Remote Code Execution in TextInput Component
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "TextInput" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted data.
CVSS 9.8
CVE-2017-2527 EXPLOITDB CRITICAL text WORKING POC
macOS < 10.12.5 - Remote Code Execution in CoreAnimation
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "CoreAnimation" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption and application crash) via crafted data.
CVSS 9.8
CVE-2019-8591 EXPLOITDB HIGH WORKING POC
iPhone OS < 12.3 - Type Confusion
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. An application may be able to cause unexpected system termination or write kernel memory.
CVSS 7.1
CVE-2019-8605 EXPLOITDB HIGH text WORKING POC
iPhone OS < 12.3 - Use-After-Free
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A malicious application may be able to execute arbitrary code with system privileges.
CVSS 7.8
CVE-2019-8623 EXPLOITDB HIGH text WORKING POC
Apple iCloud < 7.12 - Memory Corruption via Malicious Web Content
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
CVSS 8.8
CVE-2019-8611 EXPLOITDB HIGH text WORKING POC
iCloud < 7.12 - Memory Corruption via Malicious Web Content
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
CVSS 8.8
CVE-2019-8622 EXPLOITDB HIGH text WORKING POC
Apple iCloud < 7.12 - Memory Corruption via Malicious Web Content
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
CVSS 8.8
CVE-2016-7612 EXPLOITDB HIGH text WORKING POC
iPhone OS < 10.2, macOS < 10.12.2, watchOS < 3.1.3 - Kernel Memory Corruption
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVSS 7.8
CVE-2017-2353 EXPLOITDB HIGH c WORKING POC
macOS < 10.12.3 - Use-After-Free in Bluetooth Component
An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app.
CVSS 7.8
CVE-2017-2360 EXPLOITDB HIGH c WORKING POC
Apple <10.2.1, <10.12.3, <10.1.1, <3.1.3 - RCE/DoS
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. macOS before 10.12.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app.
CVSS 7.8
CVE-2016-7660 EXPLOITDB HIGH c WORKING POC
iPhone OS < 10.2, macOS < 10.12.2, watchOS < 3.1.3 - Local Privilege Escalation via Syslog Mach Port Name References
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "syslog" component. It allows local users to gain privileges via unspecified vectors related to Mach port name references.
CVSS 7.8
CVE-2016-7661 EXPLOITDB HIGH c WORKING POC
iPhone OS < 10.2 and macOS < 10.12.2 - Local Privilege Escalation via Power Management Mach Port Name References
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "Power Management" component. It allows local users to gain privileges via unspecified vectors related to Mach port name references.
CVSS 7.8