(CVE-2019-8641) Remote iPhone Exploitation Part 1: Poking Memory via iMessage and CVE-2019-8641
Posted by Samuel Groß, Project Zero Introduction This is the first blog post in a three-part series that will detail how a vulnerability...
MacOS bug bounty
SSD Advisory – macOS Finder RCE - SSD Secure Disclosure
TL;DR Find out how a vulnerability in macOS Finder system allows remote attackers to trick users into running arbitrary commands. Vulnerability Summary A […]
(CVE-2020-9771) mount_apfs TCC bypass and privilege escalation · theevilbit blog
TL;DR We could mount the entire file system through APFS snapshots as read-only, with the noowners flag, which enables us accessing (almost) every file in the file system, including data (documents, files, etc…) of every user on the system, including those protected by Apple’s privacy framework (TCC). Even with the Guest account we could read files of admin accounts as Guest! 😱 This could be achieved with a single command, for example: mount_apfs -o noowners -s http://com.
GitHub - houjingyi233/macOS-iOS-system-security: macos/ios exploit writeup
macos/ios exploit writeup. Contribute to houjingyi233/macOS-iOS-system-security development by creating an account on GitHub.
(CVE-2021–30657) macOS Gatekeeper Bypass (2021 Edition)
This post will briefly discuss how a bug that I uncovered in macOS Catalina 10.15 (specifically tested on 10.15.7) and in macOS Big Sur…
(CVE-2021-3156) Heap-Based Buffer Overflow in Sudo (Baron Samedit)
Update Feb 3, 2021: It has been reported that macOS, AIX, and Solaris are also vulnerable to CVE-2021-3156, and that others may also still be vulnerable. Qualys has not independently verified the…
(CVE-2021-30713) Zero-Day TCC bypass discovered in XCSSET malware
Zero-day exploits TCC protection by allowing XCSSET malware to bypass user authorization through piggy-backing from previously approved applications.
(CVE-2020-27950) iOS 1-day hunting: uncovering and exploiting CVE-2020-27950 kernel memory leak
Back in the beginning of November, Project Zero announced that Apple has patched a full chain of vulnerabilities that were actively exploited in the wild. This chain consists in 3 vulnerabilities: a u
(CVE-2021-1782) Analysis and exploitation of the iOS kernel vulnerability
Two weeks ago, CVE-2021-1782 was fixed by Apple.
macOS XPC Exploitation - Sandbox Share case study
Usually we don't do blog posts about CTF challenges but we recently stumbled across a challenge that was a good opportunity to talk about several macOS/iOS internals, security mechanisms and exploit m
(CVE-2020-9971) Abusing XPC Service mechanism to elevate privilege in macOS/iOS
Author: Zhipeng Huo(@R3dF09) of Tencent Security Xuanwu Lab 0x0 IntroductionIn this blog, I will detail an interesting logic vulnerability I found in launchd process when it is managing the XPC Servic
(CVE-2019-8761) THIS MAN THOUGHT OPENING A TXT FILE IS FINE, HE THOUGHT WRONG.
CVE-2019-8761 is an interesting macOS bug I found that lets attackers execute HTML within a TXT file, leak files, and do all sorts of other funky things when a TXT file is opened.
(CVE-2021-30734) 32 bits, 32 gigs, 1 click...
In this post we will examine a vulnerability in the WebAssembly subsystem of JavaScriptCore, the JavaScript engine used in WebKit and Apple Safari. The issue...
(CVE-2020-9971) Using cve 2020 9971 to escape microsoft offices app sandbox
(CVE-2020-29621) Play the music and bypass TCC
Introduction This vulnerability has been disclosed during my & Csaba’s talk “20+ ways to bypass macOS your privacy mechanisms” during Black Hat USA. It was a part of my COVID-19 lockdown research. 😉 In the end this vulnerability led to full TCC bypass as I was able to fully control the TCC database. How I found this vulnerability After the XPC research, I had an idea to verify if it will be possible to use the same tricks but on the macOS processes.
20+ Ways to Bypass Your macOS Privacy Mechanisms
(CVE-2021-1815) macOS local privilege escalation via Preferences | Offensive Security
Apple recently fixed three vulnerabilities in macOS 11.3’s Preferences. Here we present our writeup about how we identified one of the issues, and how we exploited it.
(CVE-2021-30724) CVMServer Vulnerability in macOS and iOS
We analyze the patched CVE-2021-30724 vulnerability, affecting macOS, iOS, and iPadOS. If exploited, this flaw can allow privilege escalation.
(CVE-2021-1740) iOS14.8: Patch CVE-2021-1740 again silently
As well known, iOS14.8 patched two 0 days in the wild, one of which is the pegasus 0-click vulnerability. You can get the root cause and more interesting findings by reading my analysis from here.
(CVE-2021-30782, CVE-2021-1815, CVE-2021-1784) GitHub - theevilbit/exploits
Contribute to theevilbit/exploits development by creating an account on GitHub.
(CVE-2021-30798) TCC Bypass Again, Inspired By XCSSET
My team and I posted the details of the brand new Mac Malware XCSSET last year [1] [2], and disclosed the interesting 0 day tricks used inside. All the XCSSET payload modules were reviewed carefully. However, I was a newbie for hunting macOS vulnerability and I didn’t realize the TCC bypass is a vulnerability at that time until Jamf posted their new blog and detailed the 3rd 0 day used by XCSSET.
(CVE-2021-30860) Analysis of zero-click vulnerability
the flaw and fix of a zero-click vulnerability, exploited in the wild
https://www.trendmicro.com/en_us/research/21/i/analyzing-pegasus-spywares-zero-click-iphone-exploit-forcedentry.html
(CVE-2021-30807) WebContent->EL1 LPE: OOBR in AppleCLCD / IOMobileFrameBuffer
https://github.com/saaramar/IOMobileFrameBuffer_LPE_POC
Alex Plaskett
Random Security Research
CodeColorist · Final Lullaby
Wojciech Reguła
Welcome to my blog where I describe found in free time vulnerabilities, and other worth writing IT security things.
THEEVILBIT
Scott Knight
Reverse engineering and debugging.
Mdm protocol reference
Us 18 endahl a deep dive into mac os mdm and how it can be compromised wp