ZDI-23-1605: Apple macOS Hydra ABC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | allinfosecnews.com

Nov. 14, 2023, 6 a.m. |

ZDI: Published Advisories www.zerodayinitiative.com

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the Hydra framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2023-42856.

abc apple apple macos attack attackers attack vectors cves cvss disclosure exploit file framework hydra implementation information information disclosure information disclosure vulnerability macos may out-of-bounds parsing rating sensitive sensitive information vulnerability zdi

More from www.zerodayinitiative.com / ZDI: Published Advisories

ZDI-24-778: Linux Kernel USB Core Out-Of-Bounds Read Local Privilege Escalation Vulnerability 3 days, 13 hours ago | www.zerodayinitiative.com

attackers authentication cvss escalation +14

ZDI-24-777: Linux Kernel ksmbd Out-Of-Bounds Read Information Disclosure Vulnerability 3 days, 13 hours ago | www.zerodayinitiative.com

attackers authentication configuration cvss +18

ZDI-24-776: (Pwn2Own) Oracle VirtualBox OHCI USB Controller Use-After-Free Local Privilege Escalation Vulnerability 3 days, 13 hours ago | www.zerodayinitiative.com

attacker attackers code controller +24

ZDI-24-670: (0Day) Famatech Advanced IP Scanner Uncontrolled Search Path Element Local Privilege Escalation Vulnerability 4 days, 13 hours ago | www.zerodayinitiative.com

0day advanced attacker attackers +21

ZDI-24-677: (0Day) Dropbox Desktop Folder Sharing Mark-of-the-Web Bypass Vulnerability 4 days, 13 hours ago | www.zerodayinitiative.com

0day attackers bypass bypass vulnerability +19

ZDI-24-676: (0Day) Deep Sea Electronics DSE855 Restart Missing Authentication Denial-of-Service Vulnerability 4 days, 13 hours ago | www.zerodayinitiative.com

0day attackers authentication bypass +14

ZDI-24-675: (0Day) Deep Sea Electronics DSE855 Factory Reset Missing Authentication Denial-of-Service Vulnerability 4 days, 13 hours ago | www.zerodayinitiative.com

0day attackers authentication bypass +16

ZDI-24-674: (0Day) Deep Sea Electronics DSE855 Multipart Value Handling Stack-Based Buffer Overflow Remote Code Execution … 4 days, 13 hours ago | www.zerodayinitiative.com

0day arbitrary code attackers authentication +22

ZDI-24-673: (0Day) Deep Sea Electronics DSE855 Multipart Boundary Infinite Loop Denial-of-Service Vulnerability 4 days, 13 hours ago | www.zerodayinitiative.com

0day attackers authentication cve +13

Sr. Splunk Engineer | Remote, USA

@ Optiv | Illinois

View on infosec-jobs.com

DevSecOps Engineer

@ Johnson Controls | Johnson Controls (I) CoEE,Pune

View on infosec-jobs.com

DevSecOps Engineer- Mobile Solutions

@ ZF Friedrichshafen AG | Chennai, TN, IN, 600116

View on infosec-jobs.com

Penetration Testing Principal Consultant

@ Horangi | Thailand

View on infosec-jobs.com

Penetration Testing Team Lead - SG

@ Horangi | Singapore

View on infosec-jobs.com

Penetration Testing Engineer III

@ Boliden | (USA) AR BENTONVILLE Home Office ISD Office - DGTC

View on infosec-jobs.com