| Files.app Symbolic Link Following |
|
|
|
| CVE-2022-22616: Simple way to bypass GateKeeper, hidden for years |
|
|
|
| Technical Advisory – Apple macOS XAR – Arbitrary File Write (CVE-2022-22582) |
|
|
|
| How a macOS bug could have allowed for a serious phishing attack against users |
|
|
|
| Technical Analysis of CVE-2022-22583: Bypassing macOS System Integrity Protection (SIP) |
|
|
|
| Hacking the Apple Webcam (again) |
|
|
|
| New macOS vulnerability, “powerdir,” could lead to unauthorized user data access |
|
|
|
| doorLock: Apple HomeKit Denial of Service |
|
|
|
| Here’s How I Could Read Anyone’s Apple ID Metrics Remotely. |
|
|
|
| Sandbox escape + privilege escalation in StorePrivilegedTaskService |
|
|
|
| Bypassing the macOS Gatekeeper |
|
|
|
| Don’t Reply: A Clever Phishing Method In Apple’s Mail App |
|
|
|
| P1 _Bug in Apple that phase “old is Gold |
|
|
|
| Finding XSS on .apple.com and building a proof of concept to leak your PII information |
|
|
|
| Hacking Apple Security Report System |
|
|
|
| Write Up – Apple N/A: PII Information, Full Contact List, Main Phone No. And Main Icloud Email Extracted; Bug Patched: Arbitrary Local File Read Via Zip File And Symlinks On Ios Files App. |
|
|
|
| Exploiting CSP in Webkit to Break Authentication & Authorization |
|
|
|
| A Technical Analysis of CVE-2021-30864: Bypassing App Sandbox Restrictions |
|
|
|
| Apple XAR – Arbitrary File Write (CVE-2021-30833) |
|
|
|
| Microsoft finds new macOS vulnerability, Shrootless, that could bypass System Integrity Protection |
|
|
|
| Use-After-Free in Voice Control: CVE-2021-30902 Write-up |
|
|
|
| Accessing Apple’s internal UAT Slackbot for fun and non-profit |
|
|
|
| A short story of Content Spoofing to HTML Injection in Apple using Dangling Markup Injection |
|
|
|
| The Discovery Of Gatekeeper Bypass CVE-2021-1810 |
|
|
|
| "A tale of making internet pollution free" - Exploiting Client-Side Prototype Pollution in the wild |
|
|
|
writeups.xyz
/
Apple