SSD安全公告 – Mac OS X 10.12隔离机制绕过漏洞

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom
See our full scope at: https://blogs.securiteam.com/index.php/product_scope

漏洞概要
Mac OS X存在一个漏洞,该漏洞允许攻击者绕过Apple的隔离机制,不受任何限制执行任意JavaScript代码.

漏洞提交者
来自WeAreSegment的安全研究者Filippo Cavallarin向Beyond Security的SSD报告了该漏洞.

厂商响应

苹果公司已于2017年6月27日收到了我们的报告,并和我们进行了多次沟通。苹果公司通知我们,在即将发布的High Sierra操作系统中会修补这个漏洞。这之后,苹果公司再没有提供任何其他信息 – 既没有链接公告,也没有提供关于CVE编号分配的任何信息.

我们已经验证在Mac OS X High Sierra中已不存在该漏洞。对于该漏洞的解决办法是升级到Mac OS X High Sierra,或者移除rhtmlPlayer.html文件修复该漏洞.

Continue reading SSD安全公告 – Mac OS X 10.12隔离机制绕过漏洞

SSD Advisory – Mac OS X 10.12 Quarantine Bypass

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom
See our full scope at: https://blogs.securiteam.com/index.php/product_scope

Vulnerability summary
Mac OS X contains a vulnerability that allows bypassing of the Apple Quarantine and the execution of arbitrary JavaScript code without any restrictions.

Credit
A security researcher from WeAreSegment, Filippo Cavallarin, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
Apple has been notified on the 27th of June 2017, several correspondences were exchanged. Apple notified us that a patch has been put in place in the upcoming High Sierra version. No additional information has been provided by Apple since the notification that a patch has been made – no link to the advisory nor any information on what CVE has been assigned to this have been provided.

We have verified that Mac OS X High Sierra is no longer vulnerable to this, a solution would be to either upgrade High Sierra, or remove the rhtmlPlayer.html file (a workaround).

Continue reading SSD Advisory – Mac OS X 10.12 Quarantine Bypass