In a blog post, Trellix outlined the findings of the Foundation flaw, which include “a large new class of bugs that allow bypassing code signing to execute arbitrary code in the context of several platform applications, leading to escalation of privileges and sandbox escape on both macOS and iOS.” The bug originates from the so-called FORCEDENTRY Sandbox Escape flaw that exploited Apple’s NSPredicate class and was patched in September. CVE-2023-23531: Austin Emmitt, Senior Security Researcher at Trellix ARC. CVE-2023-23530: Austin Emmitt, Senior Security Researcher at Trellix ARC.Description: The issue was addressed with improved memory handling.Impact: An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.Description: A race condition was addressed with additional validation.Impact: A user may be able to read arbitrary files as root.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |