3 posts tagged ‘Apple Security Bounty’

• Security Research on Private Cloud Compute

  mjtsai, Oct 25, 2024

  Apple (tweet, Hacker News, MacRumors): In the weeks after we announced Apple Intelligence and PCC, we provided third-party auditors and select security researchers early access to the resources we created to enable this inspection, including the PCC Virtual Research Environment (VRE). Today we’re making these resources publicly available to invite all security and privacy researchers […]

  TechnologyApple IntelligenceApple Security BountyArtificial IntelligenceiOSiOS 18MacmacOS 15 SequoiaOpen SourcePrivacyPrivate Cloud ComputeSecurity

• TCC and Gatekeeper Bypasses

  mjtsai, Oct 21, 2024

  Wojciech Reguła (September 2021, tweet): I was looking for code injection opportunities that may allow reaching TCC bypasses. My simple shell script discovered a potential victim - /System/Library/CoreServices/Applications/Directory Utility.app. It had (and has) the following private TCC entitlement[…] This entitlement allows the Directory Utility to modify the user’s records stored in the /var/db/dslocal/nodes directory. […] […]

  TechnologyApple Security BountyBugExploitExtended AttributesGatekeeperLaunch ServicesMacmacOS 12 MontereymacOS 14 SonomamacOS 15 SequoiaSafariSecuritySQLiteTransparency Consent and Control (TCC)VirtualizationZIP Archive

• macOS 14.2.1

  mjtsai, Dec 19, 2023

  Juli Clover (release notes, security, developer, full installer, IPSW): According to Apple's release notes, macOS Sonoma 14.2.1 includes bug fixes and a security update. macOS 14.2.1 fixes a screen sharing vulnerability that could cause a user to unintentionally share the incorrect content. See also: Mr. Macintosh and Howard Oakley. Previously: macOS 14.2 Update (2023-12-21): Howard […]

  TechnologyApple Security BountyBugConsoleMacmacOS 14 SonomamacOS ReleasePrivacyScreen SharingSecurityVirtualization