![]() ![]() However with root, I discovered one could now trigger a ring-0 heap-overflow that provides complete system control. Though root is great, we can't bypass SIP nor load unsigned kexts. and 3rd-party auto-update frameworks like Sparkle -yup vulnerable too! IoT, DropCam: EoP via hijack of binary component Virtualization, VMWare Fusion: EoP via race condition of insecure script Next, turns out Apple's core installer app may be subverted to load unsigned dylibs which may elevate privileges to root.Īnd what about 3rd-party installers? I looked at what's installed on my Mac, and ahhh, so many bugs!įirewall, Little Snitch: EoP via race condition of insecure plistĪnti-Virus, Sophos: EoP via hijack of binary componentīrowser, Google Chrome: EoP via script hijack ![]() It began with the discovery that Apple's OS updater could be abused to bypass SIP (CVE-2017-6974). Ever get an uneasy feeling when an installer asks for your password? Well, your gut was right! The majority of macOS installers & updaters are vulnerable to a wide range of priv-esc attacks. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |