![]() MacOS, the operating system that powers Apple's Mac computers, is a general-purpose operating system in the sense that Apple does not control what software the user runs. ![]() This post details how I found the bug and the simple proof of concept I made to exploit it. The vulnerability was fixed in macOS Big Sur 11.3 and Security Update 2021-002 Catalina. The effect of this was that it was possible to execute unsigned binaries on macOS despite Gatekeeper enforcement of code signatures, which would be of particular interest to targeted attackers who would want to execute a custom implant on such systems. ![]() When extracted by Archive Utility, file paths longer than 886 characters would fail to inherit the extended attribute, making it possible to bypass Gatekeeper for those files.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |