Most XPC services will check its connection client before doing any actual work, so does SMJobBlessHelper. It runs as root and no-sandbox are applied, and hosts an XPC service named SMJobBlessHelper(). 0x2 AnalysisĬom. within /Library/PrivilegedHelperTools/ is one of the components of Adobe Acrobat Reader DC, responsible for software updating. Good news, popular software with high privileged services are new good target in addition to macOS built-in services, so Adobe Acrobat Reader DC catch my attention. They are no longer the king, they imprison themselves in a cage based on declarative sandbox profile rules. However in modern macOS, root processes outside of sandbox are rare, most macOS built-in services run within a sandbox. The root process has superpowers, it almost can do anything, reading/writing all sensitive files/databases such as Images/Calendars. In this blog, I will analyze the details of vulnerabilities and show how to exploit them. A normal user on macOS(with SIP enabled) can locally exploit this vulnerabilities chain to elevate privilege to the ROOT without a user being aware. The only requirement needed to trigger the vulnerabilities is that Adobe Acrobat Reader DC has been installed. Today, Adobe Acrobat Reader DC for macOS patched three critical vulnerabilities(CVE-2020-9615, CVE-2020-9614, CVE-2020-9613) I reported. Yuebin Sun( of Tencent Security Xuanwu Lab 0x0 Summary
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |