CVE-2020-25533

An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can constru...

Race condition

An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can constru...

Apple macOS 10.12.3 / iOS < 10.3.2 - Userspace Entitlement Checking Race Condition

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1223 One way processes in userspace that offer mach services check whether they should perform an action on behalf of a client from which they have received a message is by checking whether the sender possesses a certain...

Apple macOS 10.12.3 iOS 10.3.2 - Userspace Entitlement Checking Race Condition

Apple macOS 10.12.3 iOS 10.3.2 - Userspace Entitlement Checking Race Condition / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1223 One way processes in userspace that offer mach services check whether they should perform an action on behalf of a client from which they have...