https://knight.sc/reverse%20engineering/2019/10/31/macos-catalina-privilege-escalation.html
CVE-2019-8805 - A macOS Catalina privilege escalation
With the release of macOS Catalina in October, Apple rolled out a set of interesting new features collectively called System Extensions. System Extensions are a set of user space frameworks encouraging developers who currently maintain and ship kernel exte
knight.sc
The Vulnerability
The privilege escalation vulnerability actually exists within endpointsecurityd and the SystemExtensions.framework it depends on. All of the communication above, between daemons, takes place using a low level system IPC mechanism called XPC. The SystemExtensions.framework provides a OSSystemExtensionPointListener class used by endpointsecurityd to listen for the XPC activation requests sysextd sends. When the endpointsecurityd daemon starts up it does the following:
Apple’s Patch
With the release of macOS 10.15.1, Apple has patched this vulnerability. If we disassemble and reconstruct the code for [OSSystemExtensionPointListener listener:shouldAcceptNewConnection:] we can see the changes that they applied:
'CVE' 카테고리의 다른 글
| POODLE Attack (0) | 2020.08.09 |
|---|---|
| CVE-2020-0796-RCE-POC (0) | 2020.07.14 |
| CVE-2019-2890 (0) | 2019.12.10 |
| WhatsApp exploit poc (0) | 2019.11.21 |
| Android Camera Apps (0) | 2019.11.21 |
wtdsoul