Revisiting An Old MediaRemote Bug (CVE-2018-4340)
Useless bugs are just being given up too early.
2020-05-27
Two macOS Persistence Tricks Abusing Plugins
Similar to DLL sideloading, legit plugins on macOS could be abused to load executable code on startup.
2019-11-21
Rootpipe Reborn (Part II): CVE-2019-8565 Feedback Assistant Race Condition
Relying on pid to validate IPC peer is unsafe.
2019-04-21
Rootpipe Reborn (Part I): TimeMachine Command Injection
Applying web security tricks to macOS LPE bugs.
2019-04-13
One-liner Safari Sandbox Escape Exploit
TOCTOU bug in CoreFoundation and state change of sandbox lockdown on macOS Safari, leading to easy sandbox escape.
2019-03-26
CVE-2018-4991: Adobe Creative Cloud Desktop Local Privilege Escalation via Signature Bypass
The private API design of XPC could make it hard for 3rd-party developers to write security code.
2018-08-22
CVE-2018-8412: MS Office 2016 for Mac Privilege Escalation via a Legacy Package
Code signature bypass and insecure sideloading gives root.
2018-08-22
Something About #realworldctf doc2own
Get some real life 0day by playing CTF challenges.
2018-08-07
Bypass macOS Rootless by Sandboxing
Attacking the operating system by using its own security mechanism.
2018-06-18