Exploit Intelligence Platform

CVE-2017-2370 NOMISEC HIGH WORKING POC

Apple <10.2.1, <10.12.3, <10.1.1, <3.1.3 - RCE/DoS

An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. macOS before 10.12.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (buffer overflow) via a crafted app.

1 stars

CVSS 7.8

View Code

CVE-2016-7637 GITLAB HIGH WORKING POC

Apple Iphone OS < 10.1.1 - Memory Corruption

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

CVSS 7.8

View Code

CVE-2016-7637 GITLAB HIGH WORKING POC

Apple Iphone OS < 10.1.1 - Memory Corruption

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

CVSS 7.8

View Code

CVE-2017-7047 NOMISEC HIGH WORKING POC

Apple <10.3.3, <10.12.6, <10.2.2, <3.2.3 - RCE/DoS

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "libxpc" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

CVSS 8.8

View Code

CVE-2017-2370 NOMISEC HIGH WORKING POC

Apple <10.2.1, <10.12.3, <10.1.1, <3.1.3 - RCE/DoS

An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. macOS before 10.12.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (buffer overflow) via a crafted app.

CVSS 7.8

View Code

CVE-2017-2370 NOMISEC HIGH WORKING POC

Apple <10.2.1, <10.12.3, <10.1.1, <3.1.3 - RCE/DoS

An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. macOS before 10.12.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (buffer overflow) via a crafted app.

CVSS 7.8

View Code

CVE-2016-7644 EXPLOITDB HIGH text WORKING POC

Apple Iphone OS < 10.1.1 - Use After Free

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app.

CVSS 7.8

View Code

CVE-2016-7637 EXPLOITDB HIGH text WORKING POC

Apple Iphone OS < 10.1.1 - Memory Corruption

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

CVSS 7.8

View Code

CVE-2016-1794 EXPLOITDB HIGH c WORKING POC

Apple OS X <10.11.5 - RCE/DoS

The AppleGraphicsControlClient::checkArguments method in AppleGraphicsControl in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.

CVSS 7.8

View Code

CVE-2015-7047 EXPLOITDB c WORKING POC

Apple Watchos < 2.0 - Improper Input Validation

The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges via a crafted mach message that is misparsed.

View Code

CVE-2016-1803 EXPLOITDB HIGH c WORKING POC

Apple iOS <9.3.2, OS X <10.11.5, tvOS <9.2.1, watchOS <2.2.1 - RCE/DoS

CoreCapture in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.

CVSS 7.8

View Code

CVE-2015-7047 EXPLOITDB c WORKING POC

Apple Watchos < 2.0 - Improper Input Validation

The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges via a crafted mach message that is misparsed.

View Code

CVE-2016-1813 EXPLOITDB HIGH c WORKING POC

Apple iOS <9.3.2-OS X <10.11.5-tvOS <9.2.1-watchOS <2.2.1 - RCE/DoS

The IOAccelSharedUserClient2::page_off_resource method in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.

CVSS 7.8

View Code

CVE-2016-1793 EXPLOITDB HIGH c WORKING POC

Apple OS X <10.11.5 - RCE/DoS

AppleGraphicsDeviceControlClient in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.

CVSS 7.8

View Code

CVE-2016-1821 EXPLOITDB HIGH c WORKING POC

IOAudioFamily <10.11.5 - RCE/DoS

IOAudioFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.

CVSS 7.8

View Code

CVE-2016-1755 EXPLOITDB HIGH c WORKING POC

Apple iOS <9.3 - Privilege Escalation

The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1754.

CVSS 7.8

View Code

CVE-2015-6995 EXPLOITDB c WORKING POC

Apple Mac OS X < 10.11.0 - Memory Corruption

The Disk Images component in Apple iOS before 9.1 and OS X before 10.11.1 misparses images, which allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app.

View Code

CVE-2015-7068 EXPLOITDB HIGH c WORKING POC

Apple Iphone OS < 9.2 - NULL Pointer Dereference

IOKit SCSI in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an app that provides an unspecified userclient type.

CVSS 7.8

View Code

CVE-2016-1749 EXPLOITDB HIGH c WORKING POC

Apple OS X <10.11.4 - RCE/DoS

IOUSBFamily in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

CVSS 7.8

View Code

CVE-2015-7047 EXPLOITDB c WORKING POC

Apple Watchos < 2.0 - Improper Input Validation

The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges via a crafted mach message that is misparsed.

View Code

CVE-2016-1720 EXPLOITDB HIGH c WORKING POC

IOKit <9.2.1-10.11.3-9.1.1 - Privilege Escalation/DoS

IOKit in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

CVSS 7.8

View Code

CVE-2015-6996 EXPLOITDB c WORKING POC

Apple Iphone OS < 9.0.2 - Memory Corruption

IOAcceleratorFamily in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app.

View Code

CVE-2015-7078 EXPLOITDB c WORKING POC

Apple Mac OS X < 10.11.1 - Use After Free

Use-after-free vulnerability in Hypervisor in Apple OS X before 10.11.2 allows local users to gain privileges via vectors involving VM objects.

View Code

CVE-2015-7047 EXPLOITDB c WORKING POC

Apple Watchos < 2.0 - Improper Input Validation

The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges via a crafted mach message that is misparsed.

View Code

CVE-2015-7077 EXPLOITDB c WORKING POC

Apple Mac OS X < 10.11.1 - Memory Corruption

The Intel Graphics Driver component in Apple OS X before 10.11.2 allows local users to gain privileges or cause a denial of service (out-of-bounds memory access) via unspecified vectors.

View Code

ianbeer