Found 33 bookmarks
Custom sorting
Zero-Click Calendar invite — Critical zero-click vulnerability chain in macOS
Zero-Click Calendar invite — Critical zero-click vulnerability chain in macOS
I found a zero-click vulnerability in macOS Calendar, which allows an attacker to add or delete arbitrary files inside the Calendar sandbox environment. This could lead to many bad things including malicious code execution which can be combined with security protection evasion with Photos to compromise users’ sensitive Photos iCloud Photos data. Apple has fixed all of the vulnerabilities between October 2022 and September 2023.
#mikko-kenttala#EN#2024#Critical#zero-click#macos#vulnerability
·mikko-kenttala.medium.com·
Zero-Click Calendar invite — Critical zero-click vulnerability chain in macOS
MacOS X Malware Development
MacOS X Malware Development
In today’s post, We’ll explore the process of designing and developing malware for macOS, which is a Unix-based operating system. We’ll use a classic approach to understanding Apple’s internals. To follow along, you should have a basic understanding of exploitation, as well as knowledge of C and Python programming, and some familiarity with low-level assembly language. While the topics may be advanced, I’ll do my best to present them smoothly.
#0xf00sec#EN#2024#MacOS#Malware#Development#process#Python#technique
·0xf00sec.github.io·
MacOS X Malware Development
The Hidden Treasures of Crash Reports
The Hidden Treasures of Crash Reports
Sadly, nobody really loves crash reports, but I’m here to change that! This research, a crash course on crash reports, will highlight how these often overlooked files are an invaluable source of information, capable of revealing malware infections, exploitation attempts, or even buggy (exploitable?) system code. Such insights are critical for defense and offense, empowering us to either protect or exploit macOS systems.
#objective-see#EN#2024#crash-report#course#Hidden#analysis#macos
·objective-see.org·
The Hidden Treasures of Crash Reports
Apple Rolls Out Security Updates for iOS, macOS
Apple Rolls Out Security Updates for iOS, macOS
Apple on Monday announced a hefty round of security updates that address dozens of vulnerabilities impacting both newer and older iOS and macOS devices. iOS 17.6 and iPadOS 17.6 were released for the latest generation iPhone and iPad devices with fixes for 35 security defects that could lead to authentication and policy bypasses, unexpected application termination or system shutdown, information disclosure, denial-of-service (DoS), and memory leaks.
#securityweek#EN#2024#macos#ios#ipados#Security#Updates#for#iOS#iOS17.6
·securityweek.com·
Apple Rolls Out Security Updates for iOS, macOS
Malicious Python Package Targets macOS Developers
Malicious Python Package Targets macOS Developers
  • A package called “lr-utils-lib” was uploaded to PyPi in early June 2024, containing malicious code that executes automatically upon installation. The malware uses a list of predefined hashes to target specific macOS machines and attempts to harvest Google Cloud authentication data. The harvested credentials are sent to a remote server.
#checkmarx#EN#2024#macOS#stealer#Supply-chain-attack#PyPI#pypi-malware#lr-utils-lib#developpers
·checkmarx.com·
Malicious Python Package Targets macOS Developers
Vulnerabilities in CocoaPods Open the Door to Supply Chain Attacks Against Thousands of iOS and MacOS Applications
Vulnerabilities in CocoaPods Open the Door to Supply Chain Attacks Against Thousands of iOS and MacOS Applications
  • E.V.A Information Security researchers uncovered several vulnerabilities in the CocoaPods dependency manager that allows any malicious actor to claim ownership over thousands of unclaimed pods and insert malicious code into many of the most popular iOS and MacOS applications. These vulnerabilities have since been patched. Such an attack on the mobile app ecosystem could infect almost every Apple device, leaving thousands of organizations vulnerable to catastrophic financial and reputational damage. One of the vulnerabilities could also enable zero day attacks against the most advanced and secure organizations’ infrastructure. Developers and DevOps teams that have used CocoaPods in recent years should verify the integrity of open source dependencies used in their application code. * Dependency managers are an often-overlooked aspect of software supply chain security. Security leaders should explore ways to increase governance and oversight over the use these tools.
#evasec#EN#2024#CocoaPods#Supply#Chain#Attacks#macOS#iOS#CVE-2024-38368
·evasec.io·
Vulnerabilities in CocoaPods Open the Door to Supply Chain Attacks Against Thousands of iOS and MacOS Applications
Malicious Go Binary Delivered via Steganography in PyPI
Malicious Go Binary Delivered via Steganography in PyPI
On May 10, 2024, Phylum’s automated risk detection platform alerted us to a suspicious publication on PyPI. The package was called requests-darwin-lite and appeared to be a fork of the ever-popular requests package with a few key differences, most notably the inclusion of a malicious Go binary packed into
#phylum#EN#2024#Steganography#macOS#Go
·blog.phylum.io·
Malicious Go Binary Delivered via Steganography in PyPI
Bringing process injection into view(s): exploiting all macOS apps using nib files · Sector 7
Bringing process injection into view(s): exploiting all macOS apps using nib files · Sector 7
In a previous blog post we described a process injection vulnerability affecting all AppKit-based macOS applications. This research was presented at Black Hat USA 2022, DEF CON 30 and Objective by the Sea v5. This vulnerability was actually the second universal process injection vulnerability we reported to Apple, but it was fixed earlier than the first. Because it shared some parts of the exploit chain with the first one, there were a few steps we had to skip in the earlier post and the presentations. Now that the first vulnerability has been fixed in macOS 13.0 (Ventura) and improved in macOS 14.0 (Sonoma), we can detail the first one and thereby fill in the blanks of the previous post. This vulnerability was independently found by Adam Chester and written up here under the name “DirtyNIB”. While the exploit chain demonstrated by Adam shares a lot of similarity to ours, our attacks trigger automatically and do not require a user to click a button, making them a lot more stealthy. Therefore we decided to publish our own version of this write-up as well.
#sector7#EN#2024#macos#nib#exploit#research#vulnerability#DirtyNIB
·sector7.computest.nl·
Bringing process injection into view(s): exploiting all macOS apps using nib files · Sector 7
Why Join The Navy If You Can Be A Pirate?
Why Join The Navy If You Can Be A Pirate?
Analyzing a pirated application, that contains a (malicious) surprise A few days ago, malwrhunterteam tweeted about pirated macOS application that appeared to contain malware And even though as noted in the tweet the sample appeared to be from 2023, it was new to me so I decided to take some time to dig in deeper. Plus, I’m always interested in seeing if Objective-See’s free open-source tools can provide protection against recent macOS threats. In this blog post we’ll start with the disk image, then hone in on a malicious dynamic library, which turns out just to be the start!
#objective-see#EN#2024#macOS#pirated#malicious#UltraEdit
·objective-see.org·
Why Join The Navy If You Can Be A Pirate?