Aggregator

CVE-2024-54547 | Apple macOS up to 13.6/14.6/15.1 access control (WID-SEC-2024-3692)

5 months 3 weeks ago

A vulnerability marked as critical has been reported in Apple macOS up to 13.6/14.6/15.1. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper access controls. This vulnerability is listed as CVE-2024-54547. The attack must be carried out locally. There is no available exploit. It is suggested to upgrade the affected component.

vuldb.com

CVE-2024-54542 | Apple iOS/iPadOS up to 11.1/15.1/18.1 State Management improper authentication (WID-SEC-2024-3692)

Vuldb Updates

5 months 3 weeks ago

A vulnerability has been found in Apple iOS and iPadOS up to 11.1/15.1/18.1 and classified as critical. This vulnerability affects unknown code of the component State Management Handler. The manipulation leads to improper authentication. This vulnerability is documented as CVE-2024-54542. The attack needs to be performed locally. There is not any exploit available. The affected component should be upgraded.

vuldb.com

CVE-2024-54542 | Apple Safari up to 11.1/15.1/18.1 State Management improper authentication (WID-SEC-2024-3692)

Vuldb Updates

5 months 3 weeks ago

A vulnerability was found in Apple Safari up to 11.1/15.1/18.1 and classified as critical. This issue affects some unknown processing of the component State Management Handler. The manipulation results in improper authentication. This vulnerability is reported as CVE-2024-54542. The attack requires a local approach. No exploit exists. It is suggested to upgrade the affected component.

vuldb.com

CVE-2024-54542 | Apple watchOS up to 11.1/15.1/18.1 State Management improper authentication (WID-SEC-2024-3692)

Vuldb Updates

5 months 3 weeks ago

A vulnerability, which was classified as critical, was found in Apple watchOS up to 11.1/15.1/18.1. This affects an unknown part of the component State Management Handler. Executing manipulation can lead to improper authentication. This vulnerability is registered as CVE-2024-54542. The attack needs to be launched locally. No exploit is available. You should upgrade the affected component.

vuldb.com

Zip Smuggling: The Stealthy Way to Hide Data in Plain Sight

Penetration Testing Tools - Metepreter.org

5 months 3 weeks ago

zip_smuggling This Python utility creates zip files that contain additional data embedded within the file structure. This extra data is not visible/does not display when the zip is examined or decompressed, but can be...

The post Zip Smuggling: The Stealthy Way to Hide Data in Plain Sight appeared first on Penetration Testing Tools.

ddos

Wrap Up: The Month of AI Bugs

Embrace The Red

5 months 3 weeks ago

That’s it.

The Month of AI Bugs is done. There won’t be a post tomorrow, because I will be at PAX West.

Overview of Posts

ChatGPT: Exfiltrating Your Chat History and Memories With Prompt Injection | Video
ChatGPT Codex: Turning ChatGPT Codex Into a ZombAI Agent | Video
Anthropic Filesystem MCP Server: Directory Access Bypass Via Improper Path Validation | Video
Cursor: Arbitrary Data Exfiltration via Mermaid | Video
Amp Code: Arbitrary Command Execution via Prompt Injection | Video
Devin AI: I Spent $500 To Test Devin For Prompt Injection So That You Don’t Have To
Devin AI: How Devin AI Can Leak Your Secrets via Multiple Means
Devin AI: The AI Kill Chain in Action: Exposing Ports to the Internet via Prompt Injection
OpenHands - The Lethal Trifecta Strikes Again: How Prompt Injection Can Leak Access Tokens
OpenHands: Remote Code Execution and AI ClickFix Demo | Video
Claude Code: Data Exfiltration with DNS Requests (CVE-2025-55284) | Video
GitHub Copilot: Remote Code Execution (CVE-2025-53773) | Video
Google Jules: Vulnerable to Multiple Data Exfiltration Issues
Google Jules - Zombie Agent: From Prompt Injection to Remote Control
Google Jules: Vulnerable To Invisible Prompt Injection
Amp Code: Invisible Prompt Injection Vulnerability Fixed
Amp Code: Data Exfiltration via Image Rendering Fixed | Video
Amazon Q Developer: Secrets Leaked via DNS and Prompt Injection | Video
Amazon Q Developer: Remote Code Execution via Prompt Injection | Video
Amazon Q Developer: Vulnerable to Invisible Prompt Injection | Video
Windsurf: Hijacking Windsurf: How Prompt Injection Leaks Developer Secrets | Video
Windsurf: Memory-Persistent Data Exfiltration - SpAIware Exploit
Windsurf: Sneaking Invisible Instructions by Developers
Deep Research Agents: How Deep Research Agents Can Leak Your Data
Manus: How Prompt Injection Hijacks Manus to Expose VS Code Server to the Internet | Video
AWS Kiro: Arbitrary Code Execution via Indirect Prompt Injection | Video
Cline: Vulnerable to Data Exfiltration and How to Protect Your Data | Video
Windsurf MCP Integration: Missing Security Controls Put Users at Risk | Video
Season Finale: AgentHopper: An AI Virus Research Project Demonstration | Video

Thank you for following this research, and I hope it serves as a useful reference.

Does it possible?

不安全

5 months 3 weeks ago

这是一个面向新手和资深人士的黑客社区，旨在帮助成员提升地下技能。用户可以提问、解答和学习，并通过Discord进一步交流。

CVE-2024-54542 | Apple macOS up to 11.1/15.1/18.1 State Management improper authentication (WID-SEC-2024-3692)

Vuldb Updates

5 months 3 weeks ago

A vulnerability, which was classified as critical, has been found in Apple macOS up to 11.1/15.1/18.1. Affected by this issue is some unknown functionality of the component State Management Handler. Performing manipulation results in improper authentication. This vulnerability is cataloged as CVE-2024-54542. The attack must be initiated from a local position. There is no exploit available. It is advisable to upgrade the affected component.

vuldb.com

CVE-2024-54541 | Apple macOS state issue (WID-SEC-2024-3692)

Vuldb Updates

5 months 3 weeks ago

A vulnerability was found in Apple macOS. It has been classified as problematic. Affected by this issue is some unknown functionality. This manipulation causes state issue. This vulnerability is tracked as CVE-2024-54541. The attack is restricted to local execution. No exploit exists. Upgrading the affected component is recommended.

vuldb.com

CVE-2024-54541 | Apple watchOS state issue (WID-SEC-2024-3692)

Vuldb Updates

5 months 3 weeks ago

A vulnerability was found in Apple watchOS. It has been declared as problematic. This affects an unknown part. Such manipulation leads to state issue. This vulnerability is listed as CVE-2024-54541. The attack must be carried out locally. There is no available exploit. It is recommended to upgrade the affected component.

vuldb.com

CVE-2024-54541 | Apple iOS/iPadOS state issue (WID-SEC-2024-3692)

Vuldb Updates

5 months 3 weeks ago

A vulnerability was found in Apple iOS and iPadOS. It has been rated as problematic. This vulnerability affects unknown code. Performing manipulation results in state issue. This vulnerability is cataloged as CVE-2024-54541. The attack must be initiated from a local position. There is no exploit available. Upgrading the affected component is advised.

vuldb.com

CVE-2024-54539 | Apple macOS up to 13.6/14.6/15.1 Keyboard Event state issue (WID-SEC-2024-3692)

Vuldb Updates

5 months 3 weeks ago

A vulnerability, which was classified as problematic, was found in Apple macOS up to 13.6/14.6/15.1. This impacts an unknown function of the component Keyboard Event Handler. Executing manipulation can lead to state issue. The identification of this vulnerability is CVE-2024-54539. The attack can only be executed locally. There is no exploit available. You should upgrade the affected component.

vuldb.com

CVE-2024-54541 | Apple tvOS state issue (WID-SEC-2024-3692)

Vuldb Updates

5 months 3 weeks ago

A vulnerability has been found in Apple tvOS and classified as problematic. Affected is an unknown function. The manipulation leads to state issue. This vulnerability is referenced as CVE-2024-54541. The attack can only be performed from a local environment. No exploit is available. The affected component should be upgraded.

vuldb.com

CVE-2024-54541 | Apple visionOS state issue (WID-SEC-2024-3692)

Vuldb Updates

5 months 3 weeks ago

A vulnerability was found in Apple visionOS and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation results in state issue. This vulnerability is identified as CVE-2024-54541. The attack is only possible with local access. There is not any exploit available. It is suggested to upgrade the affected component.

vuldb.com

CVE-2024-54537 | Apple macOS up to 13.6/14.6/15.1 sandbox (WID-SEC-2024-3692)

Vuldb Updates

5 months 3 weeks ago

A vulnerability, which was classified as critical, has been found in Apple macOS up to 13.6/14.6/15.1. This affects an unknown function. Performing manipulation results in sandbox issue. This vulnerability was named CVE-2024-54537. The attack needs to be approached locally. There is no available exploit. It is advisable to upgrade the affected component.

vuldb.com

CVE-2024-54536 | Apple macOS up to 15.1 NVRAM Variable access control (WID-SEC-2024-3692)

Vuldb Updates

5 months 3 weeks ago

A vulnerability labeled as critical has been found in Apple macOS up to 15.1. Affected is an unknown function of the component NVRAM Variable Handler. Executing manipulation can lead to improper access controls. This vulnerability is tracked as CVE-2024-54536. The attack is restricted to local execution. No exploit exists. The affected component should be upgraded.

vuldb.com

CVE-2024-54531 | Apple macOS up to 15.1 kASLR memory corruption (WID-SEC-2024-3692)

Vuldb Updates

5 months 3 weeks ago

A vulnerability identified as critical has been detected in Apple macOS up to 15.1. The affected element is an unknown function of the component kASLR. Performing manipulation results in memory corruption. This vulnerability is cataloged as CVE-2024-54531. The attack must be initiated from a local position. There is no exploit available. You should upgrade the affected component.

vuldb.com