Daniel Jalkut

Pesquisador deRed Sweater Software
#10650de 53,633
25.9CVSS total
Vulnerabilidades · 5
Baixa
1
Média
4
PT-2017-17491
5.5
2017-10-23
Apple · Apple Macos · CVE-2017-7074
**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.13 **Description** The issue involves the AppSandbox component, allowing attackers to cause a denial of service via a crafted app. **Recommendations** For versions prior to 10.13, update to version 10.13 or later to resolve the issue.
PT-2017-1299
3.3
2017-02-20
Apple · Ios · CVE-2016-4670
**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 10.1 macOS versions prior to 10.12.1 **Description** The issue involves the `Security` component and allows local users to discover lengths of arbitrary passwords by reading a log. It is related to errors in handling registration data. **Recommendations** For iOS versions prior to 10.1, update to version 10.1 or later. For macOS versions prior to 10.12.1, update to version 10.12.1 or later.
PT-2016-2791
5.5
2016-09-25
Apple · Os X · CVE-2016-4742
**Name of the Vulnerable Software and Affected Versions** Apple OS X versions prior to 10.12 **Description** The issue is related to the NSSecureTextField component in Apple OS X, which does not enable Secure Input. This allows attackers to discover credentials via a crafted app. The vulnerability can be exploited by a remote attacker using a specially created application to reveal user accounts. **Recommendations** For Apple OS X versions prior to 10.12, update to version 10.12 or later to resolve the issue. As a temporary workaround, consider avoiding the use of NSSecureTextField until a patch is available. Restrict access to sensitive information to minimize the risk of exploitation.
PT-2008-1718
5.8
2008-03-18
Apple · Foundation · CVE-2008-0058
**Name of the Vulnerable Software and Affected Versions** Foundation for Apple Mac OS X version 10.4.11 **Description** A race condition exists in the NSURLConnection cache management functionality, allowing remote attackers to execute arbitrary code through unspecified manipulations that cause messages to be sent to a deallocated object. **Recommendations** For Foundation for Apple Mac OS X version 10.4.11, at the moment, there is no information about a newer version that contains a fix for this issue.
PT-2008-1719
5.8
2008-03-18
Apple · Foundation · CVE-2008-0059
**Name of the Vulnerable Software and Affected Versions** Foundation for Apple Mac OS X version 10.4.11 **Description** A race condition exists in the NSXML component of Foundation for Apple Mac OS X, allowing context-dependent attackers to execute arbitrary code via a crafted XML file. This issue is related to error handling logic. **Recommendations** For Foundation for Apple Mac OS X version 10.4.11, at the moment, there is no information about a newer version that contains a fix for this vulnerability.