Aggregator

A vulnerability classified as critical was found in Apple macOS up to 13.6/14.6/15.1. Affected by this issue is some unknown functionality of the component Restrictions Handler. Executing manipulation can lead to improper access controls. The identification of this vulnerability is CVE-2024-54557. The attack can only be executed locally. There is no exploit available. Upgrading the affected component is advised.

A vulnerability described as problematic has been identified in Apple macOS up to 15.1. Affected by this issue is some unknown functionality. The manipulation results in information disclosure. This vulnerability is cataloged as CVE-2024-54549. The attack must be initiated from a local position. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability marked as critical has been reported in Apple macOS up to 13.6/14.6/15.1. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper access controls. This vulnerability is listed as CVE-2024-54547. The attack must be carried out locally. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability has been found in Apple iOS and iPadOS up to 11.1/15.1/18.1 and classified as critical. This vulnerability affects unknown code of the component State Management Handler. The manipulation leads to improper authentication. This vulnerability is documented as CVE-2024-54542. The attack needs to be performed locally. There is not any exploit available. The affected component should be upgraded.

A vulnerability was found in Apple Safari up to 11.1/15.1/18.1 and classified as critical. This issue affects some unknown processing of the component State Management Handler. The manipulation results in improper authentication. This vulnerability is reported as CVE-2024-54542. The attack requires a local approach. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Apple watchOS up to 11.1/15.1/18.1. This affects an unknown part of the component State Management Handler. Executing manipulation can lead to improper authentication. This vulnerability is registered as CVE-2024-54542. The attack needs to be launched locally. No exploit is available. You should upgrade the affected component.

zip_smuggling This Python utility creates zip files that contain additional data embedded within the file structure. This extra data is not visible/does not display when the zip is examined or decompressed, but can be...

The post Zip Smuggling: The Stealthy Way to Hide Data in Plain Sight appeared first on Penetration Testing Tools.

That’s it. The Month of AI Bugs is done. There won’t be a post tomorrow, because I will be at PAX West. Overview of Posts ChatGPT: Exfiltrating Your Chat History and Memories With Prompt Injection | Video ChatGPT Codex: Turning ChatGPT Codex Into a ZombAI Agent | Video Anthropic Filesystem MCP Server: Directory Access Bypass Via Improper Path Validation | Video Cursor: Arbitrary Data Exfiltration via Mermaid | Video Amp Code: Arbitrary Command Execution via Prompt Injection | Video Devin AI: I Spent $500 To Test Devin For Prompt Injection So That You Don’t Have To Devin AI: How Devin AI Can Leak Your Secrets via Multiple Means Devin AI: The AI Kill Chain in Action: Exposing Ports to the Internet via Prompt Injection OpenHands - The Lethal Trifecta Strikes Again: How Prompt Injection Can Leak Access Tokens OpenHands: Remote Code Execution and AI ClickFix Demo | Video Claude Code: Data Exfiltration with DNS Requests (CVE-2025-55284) | Video GitHub Copilot: Remote Code Execution (CVE-2025-53773) | Video Google Jules: Vulnerable to Multiple Data Exfiltration Issues Google Jules - Zombie Agent: From Prompt Injection to Remote Control Google Jules: Vulnerable To Invisible Prompt Injection Amp Code: Invisible Prompt Injection Vulnerability Fixed Amp Code: Data Exfiltration via Image Rendering Fixed | Video Amazon Q Developer: Secrets Leaked via DNS and Prompt Injection | Video Amazon Q Developer: Remote Code Execution via Prompt Injection | Video Amazon Q Developer: Vulnerable to Invisible Prompt Injection | Video Windsurf: Hijacking Windsurf: How Prompt Injection Leaks Developer Secrets | Video Windsurf: Memory-Persistent Data Exfiltration - SpAIware Exploit Windsurf: Sneaking Invisible Instructions by Developers Deep Research Agents: How Deep Research Agents Can Leak Your Data Manus: How Prompt Injection Hijacks Manus to Expose VS Code Server to the Internet | Video AWS Kiro: Arbitrary Code Execution via Indirect Prompt Injection | Video Cline: Vulnerable to Data Exfiltration and How to Protect Your Data | Video Windsurf MCP Integration: Missing Security Controls Put Users at Risk | Video Season Finale: AgentHopper: An AI Virus Research Project Demonstration | Video Thank you for following this research, and I hope it serves as a useful reference.

这是一个面向新手和资深人士的黑客社区，旨在帮助成员提升地下技能。用户可以提问、解答和学习，并通过Discord进一步交流。

A vulnerability, which was classified as critical, has been found in Apple macOS up to 11.1/15.1/18.1. Affected by this issue is some unknown functionality of the component State Management Handler. Performing manipulation results in improper authentication. This vulnerability is cataloged as CVE-2024-54542. The attack must be initiated from a local position. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Apple macOS. It has been classified as problematic. Affected by this issue is some unknown functionality. This manipulation causes state issue. This vulnerability is tracked as CVE-2024-54541. The attack is restricted to local execution. No exploit exists. Upgrading the affected component is recommended.

A vulnerability was found in Apple watchOS. It has been declared as problematic. This affects an unknown part. Such manipulation leads to state issue. This vulnerability is listed as CVE-2024-54541. The attack must be carried out locally. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability was found in Apple iOS and iPadOS. It has been rated as problematic. This vulnerability affects unknown code. Performing manipulation results in state issue. This vulnerability is cataloged as CVE-2024-54541. The attack must be initiated from a local position. There is no exploit available. Upgrading the affected component is advised.

A vulnerability, which was classified as problematic, was found in Apple macOS up to 13.6/14.6/15.1. This impacts an unknown function of the component Keyboard Event Handler. Executing manipulation can lead to state issue. The identification of this vulnerability is CVE-2024-54539. The attack can only be executed locally. There is no exploit available. You should upgrade the affected component.

A vulnerability has been found in Apple tvOS and classified as problematic. Affected is an unknown function. The manipulation leads to state issue. This vulnerability is referenced as CVE-2024-54541. The attack can only be performed from a local environment. No exploit is available. The affected component should be upgraded.

A vulnerability was found in Apple visionOS and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation results in state issue. This vulnerability is identified as CVE-2024-54541. The attack is only possible with local access. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Apple macOS up to 13.6/14.6/15.1. This affects an unknown function. Performing manipulation results in sandbox issue. This vulnerability was named CVE-2024-54537. The attack needs to be approached locally. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability labeled as critical has been found in Apple macOS up to 15.1. Affected is an unknown function of the component NVRAM Variable Handler. Executing manipulation can lead to improper access controls. This vulnerability is tracked as CVE-2024-54536. The attack is restricted to local execution. No exploit exists. The affected component should be upgraded.

A vulnerability identified as critical has been detected in Apple macOS up to 15.1. The affected element is an unknown function of the component kASLR. Performing manipulation results in memory corruption. This vulnerability is cataloged as CVE-2024-54531. The attack must be initiated from a local position. There is no exploit available. You should upgrade the affected component.