Posted by: David Harley | August 24, 2017

Insecure macOS API. Still.

Michael Mimoso for Kaspersky ThreatPost: DEPRECATED, INSECURE APPLE AUTHORIZATION API CAN BE ABUSED TO RUN CODE AT ROOT.  Quote from the blog:

A deprecated Apple authorization API, invoked by third-party installers, is still developers’ preferred choice for updating apps and services on macOS … The situation is known and was raised again last month during DEF CON by noted Mac security researcher Patrick Wardle, chief security researcher at Synack.

David Harley

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: