Posts List

Learn XPC exploitation - Part 2: Say no to the PID!

XPC Exploitation series Learn XPC exploitation - Part 1: Broken cryptography Learn XPC exploitation - Part 2: Say no to the PID! Intro Hey! In my last post, I showed you how weak SecRequirement string might lead to incoming connections validation issues. This post will focus on another way to trick XPC servers into trusting our malicious process. 😈 We’re going to exploit a vulnerability that I found some time ago in Malwarebytes.

Learn XPC exploitation - Part 1: Broken cryptography

XPC Exploitation series Learn XPC exploitation - Part 1: Broken cryptography Learn XPC exploitation - Part 2: Say no to the PID! After my talk on Objective by the Sea v3 I received a lot of questions regarding XPC exploitation. I think summing it up in a blog post series is a good idea, so here you have the first one! A post covering how to secure XPC services is planned in the nearest future.