Posted on 2024-11-24 in blog • Tagged with macOS, ASB, LPE, 0day
I recently realised that I still owe you guys some writeups, so since OBTSv7 is around the corner here's the one for badmalloc. I found this back in March 2023, and it got fixed in October.
There's a bug in MallocStackLogging, Apple's "magical" framework that allows
developers …
Posted on 2024-10-02 in blog • Tagged with tool release, fs_usage_ng, macOS, tools, security
Github repo: https://github.com/gergelykalman/fs_usage_ng
Since Apple's built-in fs_usage is amazing but occasionally falls short,
I decided to take it upon myself to improve it.
Since I suck at coming up with names, I used the old-school Open Source default: fs_usage_ng
The ng stands for …
Posted on 2024-09-12 in blog • Tagged with macOS, ASB, 0day, Alligatorcon, slides, talks, POSIX, filesystems, file APIs, security
For those of you who requested and/or couldn't make it, here are the slides from my Alligatorcon talk:
Gergely Kalman: The forgotten art of filesystem magic
It's a prequel to the guide, that is more dry and technical: The missing guide to the security of filesystems and file APIs …
Posted on 2024-08-20 in blog • Tagged with POSIX, filesystems, file APIs, security
These are the technical slides that I always have to cut from my presentations. I try to sprinkle them in, but it’s just always too much. So I decided that it’s big enough to be it’s own thing:
The missing guide to the security of filesystems and …
Posted on 2024-04-12 in blog • Tagged with macOS, 0day, VPN, Windscribe
This is a writeup about a user to root privilege escalation due to a race condition in Windscribe VPN's software.
Windscribe is a smaller VPN provider, they have about 69M users according to their tweet that was published today.
They are notorious on X/Twitter for …
Posted on 2023-12-18 in blog • Tagged with router, 0day, fiberhome, embedded, iot
For those of you who are used to reading about my Apple research, this post is
going to be a change of pace. This one is about CPE (Customer Premise Equipment)
security, basically the routers your ISP gives you.
Last year I spent some time back in my home …
Posted on 2023-12-18 in blog • Tagged with macOS, OBTS, talk
I forgot to post about my talk here, so here it is for those who missed my tweet:
Unexpected, Unreasonable, Unfixable: Filesystem Attacks on macOS by Gergely Kalman
Posted on 2023-11-15 in blog • Tagged with macOS, ASB, tcc bypass, 0day
Wow, two blogposts in two days! Is this a new writeup schedule?
No, it's not. But, since I'm presently just ill enough to not be productive, yet well enough to write, I figured I'd chip away at my horrendous (writeup) debt while I wait for the immune fairy to arrive …
Posted on 2023-11-14 in blog • Tagged with macOS, ASB, tcc bypass, 0day
Since I owe you guys a bunch of writeups from my talk ( Unexpected, Unreasonable, Unfixable: Filesystem Attacks on macOS), I decided that I'll tackle lateralus today.
It's a simple, clean bug with a quick and satisfying resolution. I have been bitching about Apple in the past blogpost (and on twitter …
Posted on 2023-10-30 in blog • Tagged with macOS, ASB, LPE, 0day
UPDATE:
A couple hours after publication the Apple Security Changelogs were updated across the board, and they added me to CVE-2022-26704. I knew this was in the works, but it's still good to see. Thank you :)
This post is a writeup of batsignal, a macOS local privilege escalation bug from …