Showing Articles About
macos
-
Max Keasley - 12 Apr 2024
Exploiting the AWS Client VPN on macOS for Local Privilege Escalation (CVE-2024-30165)
A local privilege escalation vulnerability was discovered in AWS Client VPN 3.9.0 for macOS. The flaw stemmed from an XPC service lacking proper client verification, allowing an attacker to uninstall the application and execute malicious scripts with root privileges. The vulnerability enabled unauthorized root-level actions through the XPC service's insufficient validation of message origins.
-
Calum Hall Luke Roberts - 14 Apr 2021
Attack Detection Fundamentals 2021: macOS - Lab #1
This article explores macOS attack detection fundamentals using the Mythic post-exploitation framework. It demonstrates initial access via Office macros, persistence techniques using LaunchAgents, and sandbox breakout methods. The focus is on detecting malicious process trees and understanding macOS security mechanisms through practical attack scenarios.
- Calum Hall Luke Roberts
- 14 Apr 2021
Attack Detection Fundamentals 2021: macOS - Lab #2
This article explores LaunchAgent persistence techniques on macOS, demonstrating how attackers can abuse system functionality to maintain access. Detection methods using Endpoint Security Framework and osquery are discussed to identify suspicious LaunchAgent behavior. Key strategies include monitoring file creation events and analyzing unsigned binaries executed by LaunchAgents.
- Calum Hall Luke Roberts
- 14 Apr 2021
Attack Detection Fundamentals 2021: macOS - Lab #3
This article explores a macOS attack technique that bypasses Apple's Transparency, Consent & Control (TCC) security mechanism. The attack leverages SSH's full disk access to directly modify the TCC database, allowing unauthorized access to protected system resources. Detection methods are demonstrated, focusing on monitoring local SSH connections and direct database modifications.
- Luke Roberts
- 16 Oct 2020
Operationalising Calendar Alerts: Persistence on macOS
A novel macOS persistence technique leverages calendar alerts in Automator.app to execute arbitrary applications at specified times. The method exploits an undocumented API in EventKit to programmatically create calendar events with executable alerts. By using JavaScript for Automation (JXA), attackers can establish stealthy persistence on macOS systems through calendar event manipulation.
- Calum Hall Luke Roberts
- 17 Apr 2020
Jamfing for Joy: Attacking macOS in Enterprise
The article details multiple attack vectors against Jamf, a macOS enterprise management platform. Multiple techniques for compromising device management systems are explored, including password spraying, user enumeration, and policy abuse. An open-source Jamf Attack Toolkit was developed to demonstrate and facilitate these cybersecurity vulnerabilities.
- Fabian Beterke
- 29 Oct 2018
Apple Safari Pwn2Own 2018 Whitepaper
This whitepaper details two Safari vulnerabilities demonstrated at Desktop PWN2OWN 2018. The vulnerabilities (CVE-2018-4199 and CVE-2018-4196) allowed full compromise of macOS systems running Safari 11.0.3. The exploits could potentially breach user data on the affected systems.
- Fabian Beterke
- 29 Oct 2018
Big Game Fuzzing Pwn2Own Safari T2
A presentation detailed vulnerability research targeting macOS Safari at Pwn2Own. The talk covered specialized fuzzing tools and exploit development techniques for browser security. Specific vulnerabilities were discussed, including a heap underflow in the browser and a sandbox breakout using uninitialized memory.
- Fabian Beterke
- 16 Apr 2018
Apple Safari - Wasm Section Exploit
A technical investigation was conducted into a vulnerability in Apple Safari's Web Assembly (Wasm) implementation discovered during Pwn2own 2018. The vulnerability (CVE-2018-4121) was found in the relatively new Wasm component of WebKit, which was likely less thoroughly tested. The paper details technical exploration of the exploit techniques on macOS 10.13.3.
- James Loureiro
- 25 Sep 2017
Biting the Apple that feeds you - macOS Kernel Fuzzing
An automated kernel fuzzing framework was developed for the macOS XNU kernel using an in-memory fuzzer with static and dynamic analysis techniques. The framework targeted core subsystems to identify critical vulnerabilities in macOS. The approach aimed to address the limited existing automated kernel fuzzing solutions for the Apple platform.