![]() and 3rd-party auto-update frameworks like Sparkle -yup vulnerable too! ![]() IoT, DropCam: EoP via hijack of binary component Virtualization, VMWare Fusion: EoP via race condition of insecure script Next, turns out Apple's core installer app may be subverted to load unsigned dylibs which may elevate privileges to root.Īnd what about 3rd-party installers? I looked at what's installed on my Mac, and ahhh, so many bugs!įirewall, Little Snitch: EoP via race condition of insecure plistĪnti-Virus, Sophos: EoP via hijack of binary componentīrowser, Google Chrome: EoP via script hijack It began with the discovery that Apple's OS updater could be abused to bypass SIP (CVE-2017-6974). Ever get an uneasy feeling when an installer asks for your password? Well, your gut was right! The majority of macOS installers & updaters are vulnerable to a wide range of priv-esc attacks.
0 Comments
Leave a Reply. |