| Zero-Click Calendar invite — Critical zero-click vulnerability chain in macOS |
|
|
|
| CVE-2023-42929: Why do we need the App Container Protection |
|
|
|
| CVE-2024-27822: macOS PackageKit Privilege Escalation |
|
|
|
| Breaking SIP With Apple-signed Packages |
|
|
|
| macOS AUHelperService Full TCC Bypass |
|
|
|
| ELECTRONizing macOS privacy |
|
|
|
| sqlol (CVE-2023-32422) - a macOS TCC bypass |
|
|
|
| lateralus (CVE-2023-32407) - a macOS TCC bypass |
|
|
|
| The Nightmare of Apple's OTA Update: Bypassing the Signature Verification and Pwning the Kernel |
|
|
|
| Demo: Brute-forcing a macOS user’s real name from a browser using mDNS |
|
|
|
| Uncovering weaknesses in Apple macOS and VMWare vCenter: 12 vulnerabilities in RPC implementation |
|
|
|
| CVE-2022-32902: Patch One Issue and Introduce Two |
|
|
|
| New macOS vulnerability, Migraine, could bypass System Integrity Protection |
|
|
|
| CVE-2023-26818 - Bypass TCC with Telegram in macOS |
|
|
|
| Finding and reporting a Gatekeeper bypass exploit with help from Mac Monitor |
|
|
|
| Alias file to rule them all — One click code execution with alias file in macOS |
|
|
|
| CVE-2023-23525: Get Root via A Fake Installer |
|
|
|
| Bypass TCC via iCloud |
|
|
|
| Trellix Advanced Research Center Discovers a New Privilege Escalation Bug Class on macOS and iOS |
|
|
|
| CVE-2022-22655 - TCC - Location Services Bypass |
|
|
|
| A Technical Analysis of CVE-2022-22583 and CVE-2022-32800 |
|
|
|
| Diving into an Old Exploit Chain and Discovering 3 new SIP-Bypass Vulnerabilities |
|
|
|
| Gatekeeper’s Achilles heel: Unearthing a macOS vulnerability |
|
|
|
| CVE-2020–9854: "Unauthd" |
|
|
|
writeups.xyz
/
Apple (MacOS)