![]() ![]() Glossing the details a little, process injection is when a process is allowed to run code inside of another process. But as Alkemade discovered, one of those locations was still using a vulnerable method of data encoding that could have allowed a malicious actor to execute a “process injection” attack. That state data gets stored in several locations on macOS. To make this possible, the OS has a functionality that saves the current state of each app whenever a user selects this option. The vulnerability has to do with the way macOS apps save their state when a user shuts down their system or when an app has been inactive for some time.Īs macOS users are no doubt aware, when you shut down a Mac, it gives you the option to reopen all of your app windows when you log back in again. The focus of the presentation was CVE-2021-30873, a vulnerability discovered by Alkemade and patched by Apple as of macOS Monterey 12.0.1. Security researcher Thijs Alkemade gave a talk entitled “Process injection: breaking all macOS security layers with a single vulnerability.” Here are some highlights from the Apple security talks at this year’s DEF CON - along with key takeaways from SecureMac’s leadership team: Process injection vulnerabilities on macOS ![]() Nevertheless, they always contain important information for everyday computer users and people with a general interest in cybersecurity. As such, the talks tend to be highly technical. ![]() DEF CON is a convention put on by security experts, for security experts. The DEF CON 2022 cybersecurity conference was held in mid-August, and as usual there were some great Apple-focused presentations at the event. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |