Google Security Research

1,215 exploits Active since May 2013
CVE-2019-8717 EXPLOITDB HIGH text WRITEUP
macOS < 10.15 and tvOS < 13 - Out-of-bounds Write
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15, tvOS 13. An application may be able to execute arbitrary code with kernel privileges.
CVSS 7.8
EIP-2026-103367 EXPLOITDB text WORKING POC
macOS XNU - Missing Locking in checkdirs_callback() Enables Race with fchdir_common()
CVE-2019-6208 EXPLOITDB MEDIUM c WORKING POC
iPhone OS < 12.1.3, macOS < 10.14.3, tvOS < 12.1.2 - Memory Corruption via Improper Initialization
A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may cause unexpected changes in memory shared between processes.
CVSS 5.5
EIP-2026-103366 EXPLOITDB text WORKING POC
macOS XNU - Copy-on-Write Behavior Bypass via Mount of User-Owned Filesystem Image
CVE-2018-4083 EXPLOITDB HIGH c WORKING POC
macOS < 10.13.3 - Memory Corruption and Remote Code Execution in Touch Bar Support
An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the "Touch Bar Support" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVSS 7.8
CVE-2019-8661 EXPLOITDB CRITICAL text WORKING POC
macOS < 10.14.6 - Remote Code Execution via Use-After-Free
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.6. A remote attacker may be able to cause arbitrary code execution.
CVSS 9.8
EIP-2026-103365 EXPLOITDB text WRITEUP
macOS 10.14.6 (18G87) - Kernel Use-After-Free due to Race Condition in wait_for_namespace_event()
CVE-2017-13878 EXPLOITDB HIGH c WORKING POC
Apple <10.13.2 - Info Disclosure/DoS
An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows local users to bypass intended memory-read restrictions or cause a denial of service (out-of-bounds read and system crash).
CVSS 7.1
CVE-2018-4090 EXPLOITDB MEDIUM c WORKING POC
Apple tvOS < 11.2.5 - Kernel Memory Read Restriction Bypass
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
CVSS 5.5
CVE-2017-7154 EXPLOITDB MEDIUM c WORKING POC
Apple <11.2 - Privilege Escalation/DoS
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. The issue involves the "Kernel" component. It allows local users to bypass intended memory-read restrictions or cause a denial of service (system crash).
CVSS 6.6
CVE-2019-6224 EXPLOITDB HIGH text WORKING POC
iPhone OS < 12.1.3, macOS < 10.14.3, tvOS < 12.1.2, watchOS < 5.1.3 - Remote Code Execution via FaceTime Call
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A remote attacker may be able to initiate a FaceTime call causing arbitrary code execution.
CVSS 8.8
CVE-2018-4366 EXPLOITDB HIGH text WORKING POC
iPhone OS < 12.1 - Memory Corruption via Improved Input Validation
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.
CVSS 7.5
CVE-2018-4367 EXPLOITDB CRITICAL text WORKING POC
iPhone OS < 12.1 - Memory Corruption via Improved Input Validation
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.
CVSS 9.8
CVE-2017-13865 EXPLOITDB MEDIUM c WORKING POC
Apple <11.2, <10.13.2, <4.2, <11.2 - Info Disclosure
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
CVSS 5.5
CVE-2017-2472 EXPLOITDB HIGH c WORKING POC
iPhone OS < 10.3, macOS < 10.12.4, tvOS < 10.2, watchOS < 3.2 - Use-After-Free in Kernel
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app.
CVSS 7.8
CVE-2017-2483 EXPLOITDB HIGH c WORKING POC
iPhone OS < 10.3, macOS < 10.12.4, tvOS < 10.2, watchOS < 3.2 - Kernel Buffer Overflow via Crafted App
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. A buffer overflow allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVSS 7.8
CVE-2017-2489 EXPLOITDB MEDIUM c WORKING POC
macOS < 10.12.4 - Unauthorized Kernel Memory Exposure via Intel Graphics Driver
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to obtain sensitive information from kernel memory via a crafted app.
CVSS 5.5
CVE-2017-2443 EXPLOITDB HIGH c WORKING POC
macOS < 10.12.4 - Memory Corruption in Intel Graphics Driver
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVSS 7.8
CVE-2018-4230 EXPLOITDB HIGH c WORKING POC
macOS < 10.13.5 - Use-After-Free in NVIDIA Graphics Drivers via SetAppSupportBits Race Condition
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that triggers a SetAppSupportBits use-after-free because of a race condition.
CVSS 7.0
CVE-2018-4139 EXPLOITDB HIGH text WRITEUP
macOS < 10.13.4 - Remote Code Execution in kext tools
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "kext tools" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVSS 7.8
CVE-2016-7617 EXPLOITDB HIGH c WORKING POC
macOS < 10.12.2 - Remote Code Execution or Denial of Service via Bluetooth Type Confusion
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (type confusion) via a crafted app.
CVSS 7.8
CVE-2016-7633 EXPLOITDB HIGH c WORKING POC
macOS < 10.12.2 - Use-After-Free in Directory Services
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Directory Services" component. It allows local users to gain privileges or cause a denial of service (use-after-free) via unspecified vectors.
CVSS 7.8
CVE-2017-6978 EXPLOITDB HIGH c WORKING POC
macOS < 10.12.5 - Remote Code Execution in Accessibility Framework
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Accessibility Framework" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVSS 7.8
CVE-2017-13875 EXPLOITDB HIGH c WORKING POC
macOS < 10.13.2 - Out-of-bounds Read in Intel Graphics Driver
An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read) via a crafted app.
CVSS 7.8
CVE-2017-2516 EXPLOITDB MEDIUM text WORKING POC
macOS < 10.12.5 - Kernel Memory Read Restriction Bypass via Crafted App
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
CVSS 5.0