Simplified, a code signature is a cryptographic proof of two things: that the software you have downloaded comes from the author you expect it to (demonstrating authenticity) and that it has not been tampered with on its way from the author's computer to your computer (demonstrating integrity). One important piece of the security puzzle in a modern operating system is a code signature. The security expectations of a modern consumer operating system have advanced along with the evolution of the software industry. MacOS, the operating system that powers Apple's Mac computers, is a general-purpose operating system in the sense that Apple does not control what software the user runs. This post details how I found the bug and the simple proof of concept I made to exploit it. The vulnerability was fixed in macOS Big Sur 11.3 and Security Update 2021-002 Catalina. The effect of this was that it was possible to execute unsigned binaries on macOS despite Gatekeeper enforcement of code signatures, which would be of particular interest to targeted attackers who would want to execute a custom implant on such systems. When extracted by Archive Utility, file paths longer than 886 characters would fail to inherit the extended attribute, making it possible to bypass Gatekeeper for those files.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |