Vendor

Objective-See

5 briefs RSS

macOS SIP Bypass via Sandboxing Abuse

A macOS vulnerability enables bypassing System Integrity Protection (SIP) by abusing sandboxing mechanisms to load an untrusted library into a SIP-entitled process.

defense-evasion privilege-escalation macos sip-bypass

2r 2t 1h ago

high advisory

Comprehensive Analysis of Mac Malware in 2017

3 rules 6 TTPs

A comprehensive analysis of Mac malware discovered in 2017, detailing infection vectors, persistence mechanisms, features, and goals, including FruitFly, MacDownloader (iKitten), and others.

Flash Player +2 macos malware backdoor exfiltration persistence

3r 6t Jan 3, 2024

high advisory

macOS Local Privilege Escalation via Dylib Hijacking in App Store Applications

3 rules 2 TTPs

A local privilege escalation vulnerability in macOS allows attackers to gain root privileges by hijacking dylibs in applications installed from the Mac App Store.

Tresorit +3 dylib-hijacking privilege-escalation macos

3r 2t Jan 3, 2024

medium advisory

macOS Kernel-to-Userland Process Creation Notification via undocumented kev_msg_post

2 rules

The kev_msg_post function can be abused by malware to broadcast process creation notifications from a kernel extension (kext) to a user-mode application, potentially bypassing security tools that rely on standard APIs and leading to undetected malicious activity.

BlockBlock kernel-extension kev_msg_post macos process-monitoring

2r Jan 3, 2024

medium advisory

macOS File Monitoring via Endpoint Security Framework

2 rules 1 TTP

Objective-See details how to create a file monitor for macOS 10.15 using Apple's Endpoint Security Framework to capture file I/O events and process information.

macOS +6 file-monitoring endpoint-security

2r 1t Jan 2, 2024