5 posts tagged ‘Exploit’
SysBumps Attack
mjtsai,
Guru Baran (via Ric Ford, PDF): The research team from Korea University, led by Hyerean Jang, Taehun Kim, and Youngjoo Shin, presented their findings in a paper titled “SysBumps: Exploiting Speculative Execution in System Calls for Breaking KASLR in macOS for Apple Silicon.” Their work represents the first successful KASLR break attack on macOS systems […]
TCC and Gatekeeper Bypasses
Wojciech Reguła (September 2021, tweet): I was looking for code injection opportunities that may allow reaching TCC bypasses. My simple shell script discovered a potential victim - /System/Library/CoreServices/Applications/Directory Utility.app. It had (and has) the following private TCC entitlement[…] This entitlement allows the Directory Utility to modify the user’s records stored in the /var/db/dslocal/nodes directory. […] […]
Operation Triangulation Details
Dan Goodin (Hacker News): Researchers on Wednesday presented intriguing new findings surrounding an attack that over four years backdoored dozens if not thousands of iPhones, many of which belonged to employees of Moscow-based security firm Kaspersky. Chief among the discoveries: the unknown attackers were able to achieve an unprecedented level of access by exploiting a […]
Crashing iPhones With a Flipper Zero
Dan Goodin (via Bruce Schneier): To van der Ham’s surprise and chagrin, the same debilitating stream of pop-ups hit again on the afternoon commute home, not just against his iPhone but the iPhones of other passengers in the same train car. He then noticed that one of the same passengers nearby had also been present […]
Researchers Uncover the ‘Most Sophisticated’ iPhone Exploit Ever
Gizmodo,
What happens when you hack a cybersecurity researcher? Kaspersky, a Moscow-based security firm, presented new details regarding zero-day vulnerabilities in Apple products on Wednesday. Kaspersky researchers are calling this the most sophisticated attack they’ve ever seen, exposing a previously unknown hardware… Read more...