ianbeer

77 exploits Active since Jan 2015
CVE-2018-4243 EXPLOITDB HIGH c WORKING POC
iPhone OS < 11.4 - Remote Code Execution via getvolattrlist Buffer Overflow
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Kernel" component. A buffer overflow in getvolattrlist allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVSS 7.8
CVE-2018-4206 EXPLOITDB HIGH c WORKING POC
Apple tvOS < 11.4 - Remote Code Execution via Privileged Port Name Replacement
An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. macOS before 10.13.4 Security Update 2018-001 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Crash Reporter" component. It allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app that replaces a privileged port name.
CVSS 7.8
CVE-2017-13847 EXPLOITDB HIGH c WORKING POC
iPhone OS < 11.2 and macOS < 10.13.2 - Memory Corruption in IOKit
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVSS 7.8
CVE-2017-13867 EXPLOITDB HIGH c WORKING POC
Apple <11.2, <10.13.2, <4.2, <11.2 - RCE/DoS
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVSS 7.8
CVE-2017-2353 EXPLOITDB HIGH c WORKING POC
macOS < 10.12.3 - Use-After-Free in Bluetooth Component
An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app.
CVSS 7.8
CVE-2017-2360 EXPLOITDB HIGH c WORKING POC
Apple <10.2.1, <10.12.3, <10.1.1, <3.1.3 - RCE/DoS
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. macOS before 10.12.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app.
CVSS 7.8
CVE-2016-7660 EXPLOITDB HIGH c WORKING POC
iPhone OS < 10.2, macOS < 10.12.2, watchOS < 3.1.3 - Local Privilege Escalation via Syslog Mach Port Name References
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "syslog" component. It allows local users to gain privileges via unspecified vectors related to Mach port name references.
CVSS 7.8
CVE-2016-7661 EXPLOITDB HIGH c WORKING POC
iPhone OS < 10.2 and macOS < 10.12.2 - Local Privilege Escalation via Power Management Mach Port Name References
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "Power Management" component. It allows local users to gain privileges via unspecified vectors related to Mach port name references.
CVSS 7.8
CVE-2016-1807 EXPLOITDB MEDIUM c WORKING POC
Apple <9.3.2, <10.11.5, <9.2.1, <2.2.1 - Info Disclosure
Race condition in the Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows local users to obtain sensitive information from kernel memory via unspecified vectors.
CVSS 5.1
CVE-2015-7084 EXPLOITDB c WORKING POC
Apple iOS <9.2, macOS <10.11.2, tvOS <9.1, watchOS <2.1 - Memory Corruption in Kernel
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7083.
CVE-2015-7110 EXPLOITDB c WORKING POC
Apple macOS X < 10.11.2 and iPhone OS < 9.1 - Memory Corruption in Disk Images
The Disk Images component in Apple OS X before 10.11.2 and tvOS before 9.1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted disk image.
CVE-2015-7047 EXPLOITDB c WORKING POC
watchOS < 2.1 - Local Privilege Escalation via Crafted Mach Message
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges via a crafted mach message that is misparsed.
CVE-2015-7083 EXPLOITDB c WORKING POC
Apple Mac OS X < 10.11.1 - Memory Corruption
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7084.
CVE-2018-6084 EXPLOITDB HIGH WORKING POC
Google Chrome < 66.0.3359.117 - Local Arbitrary Code Execution via Updater
Insufficiently sanitized distributed objects in Updater in Google Chrome on macOS prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via an executable file.
CVSS 7.8
CVE-2016-7621 EXPLOITDB HIGH c WORKING POC
watchOS < 3.1.3 - Use-After-Free in Kernel
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows local users to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via unspecified vectors.
CVSS 7.8
CVE-2018-4083 EXPLOITDB HIGH c WORKING POC
macOS < 10.13.3 - Memory Corruption and Remote Code Execution in Touch Bar Support
An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the "Touch Bar Support" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVSS 7.8
CVE-2017-13878 EXPLOITDB HIGH c WORKING POC
Apple <10.13.2 - Info Disclosure/DoS
An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows local users to bypass intended memory-read restrictions or cause a denial of service (out-of-bounds read and system crash).
CVSS 7.1
CVE-2017-13865 EXPLOITDB MEDIUM c WORKING POC
Apple <11.2, <10.13.2, <4.2, <11.2 - Info Disclosure
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
CVSS 5.5
CVE-2017-2472 EXPLOITDB HIGH c WORKING POC
iPhone OS < 10.3, macOS < 10.12.4, tvOS < 10.2, watchOS < 3.2 - Use-After-Free in Kernel
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app.
CVSS 7.8
CVE-2017-2483 EXPLOITDB HIGH c WORKING POC
iPhone OS < 10.3, macOS < 10.12.4, tvOS < 10.2, watchOS < 3.2 - Kernel Buffer Overflow via Crafted App
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. A buffer overflow allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVSS 7.8
CVE-2017-2489 EXPLOITDB MEDIUM c WORKING POC
macOS < 10.12.4 - Unauthorized Kernel Memory Exposure via Intel Graphics Driver
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to obtain sensitive information from kernel memory via a crafted app.
CVSS 5.5
CVE-2017-2443 EXPLOITDB HIGH c WORKING POC
macOS < 10.12.4 - Memory Corruption in Intel Graphics Driver
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVSS 7.8
CVE-2018-4230 EXPLOITDB HIGH c WORKING POC
macOS < 10.13.5 - Use-After-Free in NVIDIA Graphics Drivers via SetAppSupportBits Race Condition
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that triggers a SetAppSupportBits use-after-free because of a race condition.
CVSS 7.0
CVE-2016-7617 EXPLOITDB HIGH c WORKING POC
macOS < 10.12.2 - Remote Code Execution or Denial of Service via Bluetooth Type Confusion
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (type confusion) via a crafted app.
CVSS 7.8
CVE-2016-7633 EXPLOITDB HIGH c WORKING POC
macOS < 10.12.2 - Use-After-Free in Directory Services
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Directory Services" component. It allows local users to gain privileges or cause a denial of service (use-after-free) via unspecified vectors.
CVSS 7.8