On March 25, 2019, Apple patched CVE-2019-8561, a bug that could lead to root privilege escalation, signature bypassing, and ultimately, the bypassing of Apple's System Integrity Protection (SIP). This is the first of a series of blog entries where we will discuss our SIP-related vulnerability discoveries. We also disclosed more than 15 critical SIP-bypass vulnerabilities to Apple and talked about some of them at the Power of Community 2022 Security Conference (POC2022). We discuss how Apple patched it, how we exploited this vulnerability after it was addressed, and how Apple patched it again. This blog entry details our investigation of CVE-2019-8561, a vulnerability that exists in the macOS PackageKit framework, a component used to install software installer packages (PKG files).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |