macOS 14.6 open source was released. opensource.apple.com/releases/

The blog post on my talk "Unveiling Mac Security: A Comprehensive Exploration of Sandboxing and AppData TCC," presented at BlackHat USA 2024 and KCon 2024, is now available on imlzq.com/apple/macos/20… Thanks for reading.

Unpacking #Latrodectus DLL #MalwareAnalysis🕷️ [+] BP VirtualAlloc; ret value RAX This is a useful indicator that the code is about to be unpacked [+] Internal name (unpacked): UpdaterTag.dll [+] Export func: extra, follower, run, scub Sample VT (37/74): virustotal.com/gui/file/1db68…

Some cool game hacking stuff

#exploit 1. CVE-2024-36974: Linux Kernel taprio_parse_mqprio_opt injection ssd-disclosure.com/ssd-advisory-l… 2. CVE-2024-5274: Type Confusion in V8 in Google Chrome github.com/mistymntncop/C…

Our latest research details a Gatekeeper bug we reported to Apple that affects Launch Services. While exploring this issue, we also found ways to bypass Gatekeeper using the “The Unarchiver”, a popular archiving application on macOS. Check out our blog: jamf.com/blog/gatekeepe…

🍎🪳 => Possibly one of my hardest logic vulnerability ever to exploit. So many obstacles to overcome. In collaboration with Gergely Kalman Both of us found the issue and both of us thought it was not exploitable. We happened to discussing it, and a ray of light came through..

I finished the promised article about System Integrity Protection #SIP, which introduces the #Apple idea of #rootless on #macOS. The article is for anyone interested in: #Programming #Re #Cybersecurity karol-mazurek.medium.com/system-integri… Enjoy reading!

Hackers exploit 52 zero-days on the first day of Pwn2Own Ireland - Bill Toulas bleepingcomputer.com/news/security/… bleepingcomputer.com/news/security/…

🍎🐛 macOS 15.1 is out, update your Macs. Some of the bugs regarding diskarbitrationd and storagekitd which were patched are not in the advisory...

Uncovering Apple Vulnerabilities : The diskarbitrationd and storagekitd Audit Story (Part 1) : kandji.io/blog/macos-aud… credits Csaba Fitzl Kandji #CVE-2024-44175

This article explains how #macOS handles #exceptions on #Apple Silicon (#arm64), transitions between #user - #kernel mode, dives into #syscalls, #interrupts, and fault handling details, and includes a breakdown with a visual Exception Handling Map. Enjoy! karol-mazurek.medium.com/exceptions-on-…

Our very own L0Psec from @KandjiOfficial talks about Swift reversing. 🥳🔥#OBTS

🔄 We’re switching back to macOS at #OBTS with “Endless Exploits: The Saga of a macOS Vulnerability Exploited Seven Times” by Mickey Jin (Mickey Jin). Imagine a vulnerability so stubborn it plays like a soap opera—patch after patch, bypass after bypass, with privilege escalation

My slides for the OBTS is here: github.com/jhftss/jhftss.… Exploits: github.com/jhftss/POC Blog will be posted after the fix of the variant issue.

Armed with the knowledge learned from OSMR OffSec, I successfully identified several vulnerabilities, covering XPC local privilege escalation and TCC bypass. All programs are still actively maintained and updated , some of them have huge user bases.

New writeup: CVE-2025-24104 – Apple’s bug allowed arbitrary file reads outside the sandbox. While iOS 18.3 added a mitigation, it doesn’t fully fix the issue. I even bypassed it since my recommended fix wasn’t followed. Read more 👉 github.com/ifpdz/CVE-2025… #AppleSecurity

#exploit 1. Windows LNK - Analysis & PoC zeifan.my/Windows-LNK 2. CVE-2025-0927: Linux Distros Unpatched Vulnerability ssd-disclosure.com/ssd-advisory-l… 3. CVE-2025-24071: github.com/shacojx/CVE-20…

🍎🪳Some new CVEs to the list. 🎉 quarantine Impact: An app may be able to break out of its sandbox CVE-2025-31244 Sandbox Impact: An app may be able to bypass certain Privacy preferences CVE-2025-31224 XProtect We would like to acknowledge ... for their assistance.

A bunch of new Apple patches just dropped, including another one found with my Mach message fuzzer 🎉 Fixed in Sequoia 15.5, Sonoma 14.7.6, and Ventura 13.7.6. More details to come soon!