Search cyberveille.decio.ch

Found 70 bookmarks

Custom sorting

smith (CVE-2023-32434)

This write-up presents an exploit for a vulnerability in the XNU kernel: Assigned CVE-2023-32434. Fixed in iOS 16.5.1 and macOS 13.4.1. Reachable from the WebContent sandbox and might have been actively exploited. *Note that this CVE fixed multiple integer overflows, so it is unclear whether or not the integer overflow used in my exploit was also used in-the-wild. Moreover, if it was, it might not have been exploited in the same way. The exploit has been successfully tested on: iOS 16.3, 16.3.1, 16.4 and 16.5 (iPhone 14 Pro Max) macOS 13.1 and 13.4 (MacBook Air M2 2022) All code snippets shown below are from xnu-8792.81.2.

#Poulin-Bélanger #EN #2023 #exploit #analysis #vulnerability #github #macos #ios #CVE-2023-32434

·github.com·Jan 3, 2024

smith (CVE-2023-32434)

Exploiting GOG Galaxy XPC service for privilege escalation in macOS

Unpack the analysis of a GOG Galaxy XPC service vulnerability. More from IBM X-Force Red.

#securityintelligence #2023 #EN #macos #GOG #client #XPC #vulnerability

·securityintelligence.com·Dec 16, 2023

Exploiting GOG Galaxy XPC service for privilege escalation in macOS

Imperva Uncovers CVE-2023-22524, A RCE Vulnerability

Learn about a RCE vulnerability, discovered by the Imperva Red Team, identified as CVE-2023-22524, in Atlassian Companion for macOS.

#imperva #EN #2023 #RCE #vulnerability #CVE-2023-22524 #Atlassian #macOS

·imperva.com·Dec 16, 2023

Imperva Uncovers CVE-2023-22524, A RCE Vulnerability

Apple Releases Security Updates to Patch Critical iOS and macOS Security Flaws

Apple has released patches for iOS, iPadOS, macOS, tvOS, watchOS, and Safari to address multiple vulnerabilities.

#thehackernews #EN #2023 #Apple #Security #Updates #November2023 #iOS #macOS #tvOS #watchOS #patch #CVE-2023-45866

·thehackernews.com·Dec 12, 2023

Apple Releases Security Updates to Patch Critical iOS and macOS Security Flaws

Analysis of a new macOS Trojan-Proxy

A new macOS Trojan-Proxy is riding on cracked versions of legitimate software; it relies on DNS-over-HTTPS to obtain a C&C (command and control) address. Illegally distributed software historically has served as a way to sneak malware onto victims’ devices. Oftentimes, users are not willing to pay for software tools they need, so they go searching the Web for a “free lunch”. They are an excellent target for cybercriminals who realize that an individual looking for a cracked app will be willing to download an installer from a questionable website and disable security on their machine, and so they will be fairly easy to trick into installing malware as well.

#securelist #EN #2023 #MacOS #Trojan #Malware #Trojan-Proxy #Descriptions #Technologies #Piracy #Apple

·securelist.com·Dec 6, 2023

Analysis of a new macOS Trojan-Proxy

N. Korean Hackers 'Mixing' macOS Malware Tactics to Evade Detection

The North Korean threat actors behind macOS malware strains such as RustBucket and KANDYKORN have been observed "mixing and matching" different elements of the two disparate attack chains, leveraging RustBucket droppers to deliver KANDYKORN.

#thehackernews #EN #2023 #North-Korea #macOS #malware #KANDYKORN

·thehackernews.com·Dec 2, 2023

N. Korean Hackers 'Mixing' macOS Malware Tactics to Evade Detection

DPRK Crypto Theft | macOS RustBucket Droppers Pivot to Deliver KandyKorn Payloads

Two apparently separate North Korean crypto theft campaigns targeting macOS users appear to be linked as threat actors mix and match droppers and payloads.

#sentinelone #EN #2023 #North-Korea #macOS #KandyKorn #RustBucket #DPRK

·sentinelone.com·Nov 27, 2023

DPRK Crypto Theft | macOS RustBucket Droppers Pivot to Deliver KandyKorn Payloads

Atomic Stealer distributed to Mac users via fake browser updates | Malwarebytes

Compromised websites are being used to redirect to fake browser updates and deliver malware onto Mac users.

#malwarebytes #EN #2023 #macos #Stealer #fake #browser #updates

·malwarebytes.com·Nov 22, 2023

Atomic Stealer distributed to Mac users via fake browser updates | Malwarebytes

Apple neglects to patch multiple critical vulnerabilities in macOS

Apple is neglecting to patch high-severity vulnerabilities in open-source components of macOS Sonoma, including curl and LibreSSL.

#intego #EN #2023 #Apple #patch #high-severity #macOS #Sonoma #curl #open-source

·intego.com·Nov 11, 2023

Apple neglects to patch multiple critical vulnerabilities in macOS

Jamf Threat Labs Discovers Malware from BlueNoroff

Newly discovered later-stage malware from BlueNoroff APT group targets macOS with characteristics similar to their RustBucket campaign.

#jamf #EN #2023 #Malware #macOS #BlueNoroff #RustBucket #analysis

·jamf.com·Nov 7, 2023

Jamf Threat Labs Discovers Malware from BlueNoroff

New macOS 'KandyKorn' malware targets cryptocurrency engineers

A new macOS malware dubbed 'KandyKorn' has been spotted in a campaign attributed to the North Korean Lazarus hacking group, targeting blockchain engineers of a cryptocurrency exchange platform. The attackers impersonate members of the cryptocurrency community on Discord channels to spread Python-based modules that trigger a multi-stage KandyKorn infection chain. Elastic Security discovered and attributed the attacks to Lazarus based on overlaps with past campaigns concerning the employed techniques, network infrastructure, code-signing certificates, and custom Lazarus detection rules.

#bleepingcomputer #EN #2023 #macOS #Lazarus #Discord #Python-based #cryptocurrency #engineers #Targeted

·bleepingcomputer.com·Nov 5, 2023

New macOS 'KandyKorn' malware targets cryptocurrency engineers

Triangulation: validators, post-compromise activity and modules | Securelist

In this report Kaspersky shares insights into the validation components used in Operation Triangulation, TriangleDB implant post-compromise activity, as well as details of some additional modules.

#securelist #EN #2023 #iOS #Apple #macOS #APT #Malware #Malware-Description #analysis #spyware #Triangulation

·securelist.com·Oct 26, 2023

Triangulation: validators, post-compromise activity and modules | Securelist

iLeakage

We present iLeakage, a transient execution side channel targeting the Safari web browser present on Macs, iPads and iPhones. iLeakage shows that the Spectre attack is still relevant and exploitable, even after nearly 6 years of effort to mitigate it since its discovery. We show how an attacker can induce Safari to render an arbitrary webpage, subsequently recovering sensitive information present within it using speculative execution. In particular, we demonstrate how Safari allows a malicious webpage to recover secrets from popular high-value targets, such as Gmail inbox content. Finally, we demonstrate the recovery of passwords, in case these are autofilled by credential managers.

#ileakage #EN #2023 #macos #Safari #Side-Channel #ios #Spectre #speculative

·ileakage.com·Oct 25, 2023

iLeakage

Hackers can force iOS and macOS browsers to divulge passwords and much more

iLeakage is practical and requires minimal resources. A patch isn't (yet) available.

#arstechnica #EN #2023 #ileakage #macos #ios #speculative

·arstechnica.com·Oct 25, 2023

Hackers can force iOS and macOS browsers to divulge passwords and much more

macOS MetaStealer | New Family of Obfuscated Go Infostealers Spread in Targeted Attacks

The rise of macOS infostealers continues with the latest entrant aiming to compromise business environments with targeted social engineering lures.

#sentinelone #EN #2023 #macOS #infostealer #MetaStealer

·sentinelone.com·Sep 14, 2023

macOS MetaStealer | New Family of Obfuscated Go Infostealers Spread in Targeted Attacks

Last Week on My Mac: How quickly can Apple release a security update?

We seldom get much insight into how long Apple takes to release an urgent update to macOS, but last week must have seen one of the quickest in recent times. By my reckoning, Apple’s engineers accomplished that in 6-10 days, across four of its operating systems, and with two distinct vulnerabilities.

#eclecticlight #EN #2023 #Apple #security #update #macos #release

·eclecticlight.co·Sep 10, 2023

Last Week on My Mac: How quickly can Apple release a security update?

Mac users targeted in new malvertising campaign delivering Atomic Stealer

Malicious ads for Google searches are targeting Mac users Phishing sites trick victims into downloading what they believe is the app they want The malware is bundled in an ad-hoc signed app so it cannot be revoked by Apple * The payload is a new version of the recent Atomic Stealer for OSX

#malwarebytes #EN #2023 #macos #AtomicStealer #stealer #tradingview

·malwarebytes.com·Sep 7, 2023

Mac users targeted in new malvertising campaign delivering Atomic Stealer

Developers Warned of Malicious PyPI, NPM, Ruby Packages Targeting Macs - SecurityWeek

Malicious packages uploaded to PyPI, NPM, and Ruby repositories are targeting macOS users with information stealing malware.

#securityweek #EN #2023 #macos #phylum #PyPI #NPM #Ruby #Supply-Chain-Attack

·securityweek.com·Sep 6, 2023

Developers Warned of Malicious PyPI, NPM, Ruby Packages Targeting Macs - SecurityWeek

Nascent Malware Campaign Targets npm, PyPI, and RubyGems Developers

Phylum has identified a malware campaign spanning PyPI, npm and RubyGems. Delivering early stage malware to users.

#phylum #EN #2023 #Supply-Chain-Attack #npm #PyPI #RubyGems #macOS

·blog.phylum.io·Sep 6, 2023

Nascent Malware Campaign Targets npm, PyPI, and RubyGems Developers

Is macOS’s new XProtect behavioural security preparing to go live?

Apple released its first update to its new behavioural security protection in XProtect Behaviour Service on 8 August, and again on 1 September. Here are the details.

#eclecticlight #EN #2023 #macOS #XProtect #Behaviour #Service

·eclecticlight.co·Sep 4, 2023

Is macOS’s new XProtect behavioural security preparing to go live?

How NightOwl for Mac Added a Botnet

NightOwl was supposed to make Macs work in dark mode. After a recent update, one developer discovered it was siphoning users’ data through a botnet.

#gizmodo #EN #2023 #macOS #App-Store #NightOwl

·gizmodo.com·Aug 31, 2023

How NightOwl for Mac Added a Botnet

macOS 0day: App Management

App Management is a new macOS security feature in Ventura introduced at WWDC last year: If an app is modified by something that isn't signed by the same development team and isn't allowed by an NSUpdateSecurityPolicy, macOS will block the modification and notify the user that an app wants to manage other apps. Clicking on the notification sends people to System Settings, where they can allow an app to update and modify other apps.

#lapcatsoftware #EN #2023 #macOS #0-day #AppManagement

·lapcatsoftware.com·Aug 22, 2023

macOS 0day: App Management

XLoader's Latest Trick | New macOS Variant Disguised as Signed OfficeNote App

Notorious botnet and infostealer XLoader makes a return to macOS with a new dropper and malware payload.

#sentinelone #EN #2023 #XLoader #macOS #dropper #payload

·sentinelone.com·Aug 22, 2023

XLoader's Latest Trick | New macOS Variant Disguised as Signed OfficeNote App

Mac systems turned into proxy exit nodes by AdLoad

AdLoad malware is still infecting Mac systems years after its first appearance in 2017. AdLoad, a package bundler, has been observed delivering a wide range of payloads throughout its existence. During AT&T Alien Labs’ investigation of its most recent payload, it was discovered that the most common component dropped by AdLoad during the past year has been a proxy application turning MacOS AdLoad victims into a giant, residential proxy botnet.

#ATT #Alien #AT&T-Alien-Labs #EN #2023 #macOS #AdLoad

·cybersecurity.att.com·Aug 14, 2023

Mac systems turned into proxy exit nodes by AdLoad

An Apple Malware-Flagging Tool Is ‘Trivially’ Easy to Bypass

The macOS Background Task Manager tool is supposed to spot potentially malicious software on your machine. But a researcher says it has troubling flaws.

#wired #EN #2023 #Apple #macOS #Task-Manager #PatrickWardle #bypass

·wired.com·Aug 14, 2023

An Apple Malware-Flagging Tool Is ‘Trivially’ Easy to Bypass

Apple Crimeware | Massive Rust Infostealer Campaign Aiming for macOS Sonoma Ahead of Public Release

Crimeware actors have launched an extensive campaign to target macOS users with malware disguised in multiple fake blockchain games.

#sentinelone #EN #2023 #Apple #Crimeware #Rust #Infostealer #Campaign #macOS #Sonoma

·sentinelone.com·Jul 31, 2023

Apple Crimeware | Massive Rust Infostealer Campaign Aiming for macOS Sonoma Ahead of Public Release

ShadowVault is the latest Mac data-stealer malware, reportedly

ShadowVault data stealer Mac malware made headlines in the Apple press this week. Here is what we know about it so far.

#intego #EN #2023 #macOS #ShadowVault #Mac #malware

·intego.com·Jul 14, 2023

ShadowVault is the latest Mac data-stealer malware, reportedly

Uncovering weaknesses in Apple macOS and VMWare vCenter: 12 vulnerabilities in RPC implementation

Cisco Talos discovered 12 memory corruption vulnerabilities in MSRPC implementations on Apple macOS and VMWare vCenter. - Seven vulnerabilities affect Apple macOS only. - Two vulnerabilities affect VMWare vCenter. - Three vulnerabilities affect both.

#talosintelligence #EN #2023 #MSRPC #macOS #VMWare #vCenter #vulnerabilities

·blog.talosintelligence.com·Jul 14, 2023

Uncovering weaknesses in Apple macOS and VMWare vCenter: 12 vulnerabilities in RPC implementation

Apple releases emergency update to fix zero-day exploited in attacks

Apple has issued a new round of Rapid Security Response (RSR) updates to address a new zero-day bug exploited in attacks and impacting fully-patched iPhones, Macs, and iPads.

#bleepingcomputer #EN #2023 #CVE-2023-37450 #Apple #iOS #iPad #iPhone #Mac #macOS #Rapid-Security-Response #Zero-Day

·bleepingcomputer.com·Jul 12, 2023

Apple releases emergency update to fix zero-day exploited in attacks

BlueNoroff | How DPRK’s macOS RustBucket Seeks to Evade Analysis and Detection -

Threat actors are using increasingly sophisticated forms of evasion and anti-analysis as they respond to increased attention to macOS security in the enterprise.

#sentinelone #EN #2023 #BlueNoroff #DPRK #macOS #RustBucket #Evade #analysis

·sentinelone.com·Jul 5, 2023

BlueNoroff | How DPRK’s macOS RustBucket Seeks to Evade Analysis and Detection -