Posts List

Press 5 keys and become r00t aka CVE-2021-30655

Introduction I personally love vulnerabilities with stories. This one is of that kind… About one year ago, I submitted a vulnerability to Apple that they were unable to reproduce. We exchanged some emails with the clarifications, but the security team still couldn’t have validated the original vulnerability. Then they asked me to run sysdiagnose in order to collect logs that could have helped them. The problem Like a real security researcher I checked how the /usr/bin/sysdiagnose acutally works.

How to rob a (Fire)fox

Summary This story is about an issue I reported in July of 2019 via Bugzilla. The ticket is public from the 16th of January 2020, so I don’t disclose any new vulnerability. However, I think such posts are necessary to show the community how applications installed on Macs may harm their privacy. This post will show you how an attacker that achieves code execution on your machine may use Firefox to abuse your Privacy preferences (TCC) and thus access your microphone/camera/location and record your screen.

When vulnerable library is actually your physical book

Recently I read a really good book about macOS #appsec - Professional Cocoa Application Security. It’s from 2010 but still worth reading as the main concepts didn’t change so much. In this blog post, I’d like to share an interesting story that led to the discovery of CVE-2021-3162 - a local privilege escalation vulnerability in Docker on macOS. In Chapter 10 - “Deploying Software Securely”, I stumbled across configuring XPC services installers.