Exploiting Directory Permissions on macOS

Exploiting Directory Permissions on macOS

Hack In The Box Security Conference via YouTube Direct link

controlling content

13 of 28

13 of 28

controlling content

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Exploiting Directory Permissions on macOS

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 whoami
  3. 3 agenda
  4. 4 POSIX model - scenarios
  5. 5 flag modifiers
  6. 6 sticky bit
  7. 7 Access Control Lists
  8. 8 sandbox example (mds)
  9. 9 static method
  10. 10 dynamic method
  11. 11 general idea
  12. 12 problems
  13. 13 controlling content
  14. 14 Install History.plist file - Arbitrary file overwrite vulnerability (CVE-2020-3830)
  15. 15 Adobe Reader macOS installer - arbitrary file overwrite vulnerability (CVE-2020-3763)
  16. 16 Grant group write access to plist files via Diagnostic Messages History.plist (CVE-2020-3835)
  17. 17 macOS fontmover - file disclosure vulnerability (CVE-2019-8837)
  18. 18 exploitation
  19. 19 fix
  20. 20 macOS Diagnostic Messages arbitrary file overwrite vulnerability (CVE-2020-3855)
  21. 21 Adobe Reader macOS installer - LPE (CVE-2020-3762)
  22. 22 macOS periodic scripts - 320.whatis script LPE (CVE-2019-8802)
  23. 23 makewhatis
  24. 24 whatis database
  25. 25 OverSight
  26. 26 Installers
  27. 27 move operation
  28. 28 Objective-C

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.