CIRCLE WITH A DOT

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

Why macOS AVs shouldn’t trust PIDs 😄🍏 - new post by @Coiffeur0x90

Uncategorized

1 Posts 1 Posters 0 Views

Q This user is from outside of this forum
Q This user is from outside of this forum
quarkslab@infosec.exchange

wrote last edited by

#1

Why macOS AVs shouldn’t trust PIDs - new post by @Coiffeur0x90
Intego X9: XPC validation falls back to PID → PID reuse + posix_spawn() shenanigans ⇒ confused deputy / privileged methods abused 🧨
Lesson: PID ≠ identity.
Check it out https://blog.quarkslab.com/intego_lpe_macos_2.html
1 Reply Last reply
1
0
R relay@relay.infosec.exchange shared this topic