Posts

• July 3, 2020 CVE-2020-9771 - mount_apfs TCC bypass and privilege escalation
• June 16, 2020 Secure coding XPC Services - Part 5 - PID reuse attacks (CVE-2020-14977)
• June 12, 2020 Secure coding XPC Services - Part 4 - Improved client authorization (CVE-2020-14978)
• June 9, 2020 The AMFI MACF policy system call
• May 29, 2020 Secure coding XPC Services - Part 3 - Incorrect client verification (CVE-2020-0984)
• May 12, 2020 Kernel Debugging macOS with SIP
• March 22, 2020 Secure coding XPC Services - Part 2 - Checking CS (CodeSigning) flags of the client
• March 18, 2020 Exploiting directory permissions on macOS
• January 12, 2020 Secure coding XPC services - Part 1 - Why EvenBetterAuthorization is not enough? (CVE-2019-20057)
• November 4, 2019 macOS persistence - Spotlight importers and how to create them
• October 25, 2019 GateKeeper - Bypass or not bypass?
• October 12, 2019 IOBit Unlocker 1.1.2 - Local Privilege Escalation (CVE-2020-14974 & CVE-2020-14975)
• October 5, 2019 Few click RCE via GitHub Desktop macOS client with Gatekeeper bypass and custom URL handlers
• August 9, 2019 UninstallString - a possible LPE via Social Engineering
• July 31, 2019 A simple protection against HMValidateHandle technique
• July 9, 2019 DYLD_INSERT_LIBRARIES DYLIB injection in macOS / OSX
• June 1, 2019 macOS - Getting root with benign AppStore apps
• May 28, 2019 GNS3 ubridge SETUID bit - arbitrary file read (CVE-2020-14976)
• April 23, 2019 macOS - Persisting through Application script files
• March 31, 2019 VMware Fusion 11 - Guest VM RCE - CVE-2019-5514