MacOS bug bounty

Information about 0-days exploited in-the-wild!

Posted by Ian Beer, Google Project Zero This blog post is my analysis of a vulnerability exploited in the wild and patched in early 20...

In October 2021, Apple released a fix for CVE-2021-30833. This was an arbitrary file-write vulnerability in the xar utility and was due to improper handling of path separation (forward-slash) characters when processing files contained within directory symlinks. Whilst analysing the patch for CVE-2021-30833, an additional vulnerability was identified which could allow for arbitrary file-write when unpacking a malicious XAR archive using the xar utility.

We discovered a now-patched vulnerability in macOS SUHelper, designated as CVE-2022-22639. If exploited, the vulnerability could allow malicious actors to gain root privilege escalation.

In this writeup, I will introduce a very simple method to bypass GateKeeper , and uncover the root cause through reversing and debugging. Apple had already addressed it as CVE-2022-22616 in macOS Monterey 12.3, and credited the bug to two Jamf researchers (@malwarezoo, @jbradley89) and me. So, make sure you have updated your Mac devices to the latest version.

Posted by Ian Beer & Samuel Groß  of Google Project Zero We want to thank Citizen Lab for sharing a sample of the FORCEDENTRY exploit ...

Recently, Apple pushed two security fixes for issues in the way GarageBand and Logic Pro X parsed MIDI ( musical instrument digital interface ) data. GarageBand is free and is available in the default OS X image. Logic Pro X can be purchased in the App Store: MIDI Available for: macOS Big Sur

This blog post will dive into what I like to call “execution contexts” on macOS and why it is important to understand these different…

Security researchers at Offensive Security discovered a vulnerability in the XPC service of Microsoft OneDrive. Here's how it works and how to secure it.

Perception Point researchers discovered a vulnerability in macOS which allows attackers to bypass Apple’s SIP (System Integrity Protection) mechanism, and thus take full control over the system.

$100,500 Apple Bug Bounty for hacking the webcam via a Safari Universal Cross-Site Scripting (UXSS) bug. CVE-2021-30861, CVE-2021-30975

Introduction This is the second TCC vulnerability that has been disclosed on my & Csaba’s talk “20+ ways to bypass your macOS privacy mechanisms” during Black Hat USA. This time by changing the NFSHomeDirectory variable I was able to bypass user TCC restrictions. Do you remember the CVE-2020–9934: Bypassing the macOS Transparency, Consent, and Control (TCC) Framework for unauthorized access to sensitive user data article describing a vulnerability found by Matt Shockley?

A new macOS vulnerability, “powerdir,” could allow an attacker to bypass the operating system’s TCC technology and gain unauthorized access to a user’s protected data. We shared our findings with Apple through Coordinated Vulnerability Disclosure (CVD) and Apple released a fix.

Parallels Desktop uses a paravirtual PCI device called the “Parallels ToolGate” for communication between guest and host OS. This device is identified by Vendor ID 0x1AB8 and Device ID 0x4000 in a Parallels guest.

TrustedSec's blog is an expert source of information on information security trends and best practices for strategic risk management.

In this blog, we'll dive into the process of finding the advised vulnerability and writing a simple exploit for VyprVPN for MacOS.