Rootpipe Reborn (Part I): TimeMachine Command Injection
Applying web security tricks to macOS LPE bugs.
Rootpipe Reborn (Part I): TimeMachine Command Injection
Applying web security tricks to macOS LPE bugs.
One-liner Safari Sandbox Escape Exploit
TOCTOU bug in CoreFoundation and state change of sandbox lockdown on macOS Safari, leading to easy sandbox escape.
One-liner Safari Sandbox Escape Exploit
TOCTOU bug in CoreFoundation and state change of sandbox lockdown on macOS Safari, leading to easy sandbox escape.
CVE-2018-4991: Adobe Creative Cloud Desktop Local Privilege Escalation via Signature Bypass
The private API design of XPC could make it hard for 3rd-party developers to write security code.
CVE-2018-4991: Adobe Creative Cloud Desktop Local Privilege Escalation via Signature Bypass
The private API design of XPC could make it hard for 3rd-party developers to write security code.
CVE-2018-8412: MS Office 2016 for Mac Privilege Escalation via a Legacy Package
Code signature bypass and insecure sideloading result in privilege escalation in Microsoft Office 2016 for Mac
CVE-2018-8412: MS Office 2016 for Mac Privilege Escalation via a Legacy Package
Code signature bypass and insecure sideloading result in privilege escalation in Microsoft Office 2016 for Mac
Something About #realworldctf doc2own
Get some real life 0day by playing CTF challenges.
Something About #realworldctf doc2own
Get some real life 0day by playing CTF challenges.
Bypass macOS Rootless by Sandboxing
Attacking the operating system by using its own security mechanism.
Bypass macOS Rootless by Sandboxing
Attacking the operating system by using its own security mechanism.