Rootpipe Reborn (Part II)
@CodeColorist continues writing about bugs, such as CVE-2019-8521 and CVE-2019-8565 that provide a mechanism to elevate privileges to root on
Read moreNews
06
[0day] Abusing XLM Macros in SYLK Files
A 0day logic flaw in Microsoft Excel leads to ‘remote’ code execution on macOS, via malicious macros.Objective-See’s BlogRead More
Read moreAn Unpatched Kernel Bug
On my flight to ShmooCon, I managed to panic my fully-patched MacBook. Here we analyze the kernel panic report, finding
Read moreAy MaMi – Analyzing a New macOS DNS Hijacker
OSX/MaMi (the first Mac malware of 2018) hijacks infected users’ DNS settings and installs a malicious certificate into the System
Read moreAll Your Docs Are Belong To Us
Here, we reverse, then ‘extend’ a popular macOS anti-virus engine. With the creation of a new anti-virus signature, classified documents
Read moreA Surreptitious Cryptocurrency Miner in the Mac App Store?
Turns out the innocuously named “Calendar 2” app, found on the official Mac App Store, was surreptitiously turning Mac into
Read moreCache Me Outside
Are full paths and preview thumbnails for files even on encrypted containers and removable usb devices really persistently stored? …yes
Read moreWho Moved My Pixels?!
In this guest blog post my friend Mikhail Sosonkin reverses Apple’s screencapture utility, discusses Mac malware that captures desktop images,
Read moreTwo Bugs, One Func(), part three
Analyzing code within the macOS kernel audit subsystem uncovered an exploitable heap overflow.Objective-See’s BlogRead More
Read moreTearing Apart the Undetected (OSX)Coldroot RAT
I uncovered a new cross-platform backdoor that provides remote attackers persistent access to infected systemsObjective-See’s BlogRead More
Read more