Real-time feed from 428 sources
No description available.
Apple's 'fix' for a macOS kernel panic, fixes nothing and worse, introduces a new bug.
The macOS kernel had an (intentional?) off-by-one bug that could trigger a kernel panic.
Let's analyse the malware that appeared in 2016, discussing the infection vector, persistence mechanism, feature, and disinfection for each.
Apple's App Translocation broke several of my tools, but we can locally undo it to restore broken functionality!
Turns out that writing security tools is a great way to inadvertently uncover bugs in macOS. How about a crash in Apple's 'Security' framework ... that can't be good!?
In this guest blog post my friend Mikhail Sosonkin reverses Apple's screencapture utility, discusses Mac malware that captures desktop images, and suggests methods for screen-capture detection!
The macOS sandbox is seeks to prevent malicious applications from surreptitiously spy on unsuspecting users. Turns out, it's trivial to sidestep some of these protections, resulting in significant privacy implications!
If you can programmatically generate synthetic mouse clicks, you can break macOS! Approving kernel extensions, dismissing privacy alerts, and much more more...
I uncovered a new cross-platform backdoor that provides remote attackers persistent access to infected systems
Learn how a Finder Sync can 'extend' Finder.app and how this could be abused for persistence
Apple wrote code to appease the Chinese government ...it was buggy. In certain configurations, iOS devices were vulnerable a "emoji-related" flaw that could be triggered remotely!
How to verify that an application came from the official Mac App Store, via receipt validation
Dissecting string obfuscations, junk code insertions, and anti-debugging logic of InstallCore
Getting process creation notifcations from kernel-mode to user-mode, via the undocumented kev_msg_post function
How reversing Apple's 'RootPipe' patch provided the means to secure TaskExplorer's XPC service
How to build HackingTeam's OS X implant in Xcode
Announcing the release of DHS; a tool to help detect (dylib) hijackers
A new Mac malware targets the cryptocurrency community. In this post, we dive into the malware and illustrate how Objective-See's tools can generically thwart this new threat at every step of the way.
NSLog(@"Hello World"); Objective-See.com is alive!
In macOS Mojave apps, to have to obtain user permission before using the Mac camera & microphone. We'll illustrate how this is trivial to bypass (at least in the current beta).
In part one of a guest blog post, @CodeColorist writes about several neat macOS vulnerabilities.
The APT group WindShift has been targeting Middle Eastern governments with Mac implants. Let's analyze their 1st-stage macOS implant: OSX.WindTail!
A core Mojave utility is rather disastrously broken - causing a full-system lockup. Let's find out why!