MacOS bug bounty

Table of contents

On June 21, 2023, Apple rolled out a security update for Safari, tagging CVE-2023-32439 as a DFG type confusion vulnerability. Let's analyze it!

Discover our thorough analysis on the discovery of Gatekeeper bypass CVE-2023-27943. Find out more information now.

null

Contribute to po6ix/POC-for-CVE-2023-41993 development by creating an account on GitHub.

This blog post is written for my talk at OBTS v6.0.

By Ian Beer A graph representation of the sandbox escape NSExpression payload In April this year Google's Threat Analysis Group, in ...

How Services could previously be exploited to access user files.

New blog post is up which looks at an unpatched vulnerability in macOS which allows us to hijack entitlements from signed binaries.. aka.. DirtyNIB. https://t.co/B3M6kyssKa— Adam Chester 🏴‍☠️ (@_xpn_) October 5, 2023

This post is a writeup of CVE-2023-38571, a macOS TCC bypass bug I found. It was supposed to be unveiled in my upcoming talk: "Unexpected, Unreasonable, Unfixable: Filesystem Attacks on macOS" at OBTS v6, but I needed to cut some bugs out. This is another one of them. Background While …

This post is a writeup of CVE-2023-32364, a macOS application sandbox escape bug I found. It was supposed to be unveiled in my upcoming talk: "Unexpected, Unreasonable, Unfixable: Filesystem Attacks on macOS" at OBTS v6, but I needed to cut some bugs out. This is one of them. macOS Sandboxing …

CVE-2022-32947 walkthough and demo. Contribute to asahilina/agx-exploit development by creating an account on GitHub.

Disable Sandbox Through Interposing | by ɪ • ᴅ ᴇ ᴀ ᴠ ꜱ ツ | Sep, 2023 | Medium https://t.co/WCCtOkcWJV— Clandestine (@akaclandestine) September 16, 2023

A set of memory corruption vulnerabilities in the ncurses library could have allowed attackers to chain the vulnerabilities to elevate privileges and run code in the targeted program's context or perform other malicious actions.

Contribute to ZZY3312/CVE-2023-32434 development by creating an account on GitHub.

Introduction A vulnerability Discovered in Telegram for MacOS assigned as CVE-2023-26818 leads to a TCC (Transparency, Consent, and Control) bypass through a...

iOS 16.2 and macOS Ventura 13.1 released just over a month ago, fixing an interesting vulnerability that I reported in IOHIDFamily. I would ...

iOS 14 is now available to the public, and with it comes the iOS 14.0 security content update . One of the vulnerabilities you'll see listed...

A PoC for CVE-2023-28206 · GitHub

Overview I identified a vulnerability that allowed executing code on victims’ machines after they click the Edit button on a Confluence page when Atlassian Companion is installed on macOS. The Atlassian Companion app enables users to edit Confluence files in their preferred desktop application, then save the file back to Confluence automatically. Source: https://confluence.atlassian.com/doc/administering-the-atlassian-companion-app-958456281.html Exploitation conditions Victim must have Atlassian Companion installed. Victim clicks on the Edit button in Confluence, so the malicious file is opened in the Atlassian Companion App on macOS (standard app behavior).

CVE-2022-22655 - macOS Location Services Bypass · GitHub

null

A year ago, I discovered a TCC-bypass issue in the system daemon service named com.apple.fontmover. Three months later, Apple addressed it as CVE-2022-32902. After checking how Apple addressed the issue, I found two new issues introduced by patching the issue. I reported them to Apple immediately and waited for about 9 months.

Background

Summary (TL;DR)