利用零日漏洞破坏 macOS 应用程序和安全控制.pdf

编号:991789 PDF 46页 6.41MB 下载积分:VIP专享
下载报告请您先登录!

1、Subverting macOS Applications and Security Controls through 0-Day VulnerabilitieswhoamiRed Team Lead Pentraze CybersecurityCo-author of the Red Team program at the University of Santiago de Chile(USACH)Security ResearcherMore than 10+vulnerabilities in macOS ApplicationsAdversary Emulation Penetrati

2、on Testing Windows and macOS InternalsExploit DevelopmentReverse EngineeringAgenda XPC Fundamentals CVE-2025-7779:Acronis True Image Western Digital CVE-2025-4960:Epson Web Installer CVE-2024-7062:Nimble Commander CVE-2024-7915:Sensei CleanerWhy this talk?Present some of the key mechanisms and contr

3、ols that define the macOS security model A surprising number of applications,even well-known ones,can still be found vulnerable in real-world environments Show how to leverage these techniques during penetration tests or security research to evade defenses and escalate privilegesXPCDe facto standard

4、 for Inter Process Communication in both Mac OS X and iOS Lightweight mechanism for basic interprocess communication integrated with Grand Central Dispatch(GCD)and launchdXPC offers components and privilege separationXPC is closely integrated with MachXPC constraints that all message data be encoded

5、 as dictionariesXPC Provides public APIs on two levels:The low-level:Direct exports of xpc_*functions from libxpc.dylibFoundation wrappers:Objective-C and Swift interfaces to the underlying low-level APIsXPCCVE-2025-7779Acronis True ImageFor Western DigitalLocal Privilege Escalation and TCC(FDA)Bypa

6、ss Transparency,Consent and Control(TCC)TCC controls access to privacy-sensitive locations.This control can occur in two ways:through user consent or by detecting user intentConsent:the application displays a prompt asking the user to authorize access to a protected resource or serviceTransparency,C

友情提示

1、下载报告失败解决办法
2、PDF文件下载后,可能会被浏览器默认打开,此种情况可以点击浏览器菜单,保存网页到桌面,就可以正常下载了。
3、本站不支持迅雷下载,请使用电脑自带的IE浏览器,或者360浏览器、谷歌浏览器下载即可。
4、本站报告下载后的文档和图纸-无水印,预览文档经过压缩,下载后原文更清晰。

本文(利用零日漏洞破坏 macOS 应用程序和安全控制.pdf)为本站 (可不可以) 主动上传,三个皮匠报告文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知三个皮匠报告文库(点击联系客服),我们立即给予删除!

温馨提示:如果因为网速或其他原因下载失败请重新下载,重复下载不扣分。
客服
商务合作
小程序
服务号
折叠