Posts List

Dissecting Logitech Options on macOS

Some time ago, I bought Logitech MX Master wireless mouse to be used with my macs. And here the story begins… Since this mouse has extra buttons I wanted to assign them my custom actions. As I read in Logitech docs I had to download driver called “Logitech Options”. So I did! Kudos section First of all I wanted to thank @Disconnect3d for helping me with reversing part. The second Kudos belongs to @Taviso who discovered similar issue on Windows simultaneously and reported it to Logitech team.

Sandboxed malware may control your pasteboard

TLDR Sandbox implemented in macOS does not cover pasteboard. That blog post shows that you are able to create fully sandboxed malware (that may pass Apple’s review, bypassed many times in the past) stealing & modifying pasteboard values. What sandbox is? App Sandbox is an access control technology provided in macOS, enforced at the kernel level. It is designed to contain damage to the system and the user’s data if an app becomes compromised.

Your Signal messages can leak via locked screen on macOS

If you are a security aware person, you probably use one of the secure messengers. 😏 And maybe to improve your comfort you installed its desktop version on your mac? Sometimes we leave our computer unattended when we go to make a coffee or we need to talk with somebody in the other room. Since we are security aware, we always lock our screens (you do that, right?). But what if all messages sent to you will be visible on your locked mac?

Your encrypted photos revealed in macOS cache

Quicklook is a super cool mechanism allowing you to quick check file contents without opening it in specialized application. When you press the space bar on for instance *xlsx file, you can see following preview without having MS Excel installed. While reading *OS Internals Volume I (that I highly recommend btw) I stopped on Quicklook chapter. I found out that Quicklook registers XPC service that is responsible for ==creating thumbnails== database and storing it in /var/folders/…/C/com.