Microsoft Reveals macOS Vulnerability that Bypasses Privacy Controls in Safari Browser

Microsoft has disclosed details about a now-patched security flaw in Apple's Transparency, Consent, and Control TCC framework in macOS that has likely come under exploitation to get around a user's privacy preferences and access data. The shortcoming, codenamed HM Surf by the tech giant, is track...

Apple Mac OSX (Lion) - Directory Services Security Bypass

source: https://www.securityfocus.com/bid/49676/info Apple Mac OS X Lion is prone to multiple security-bypass vulnerabilities. Local attackers can exploit these issues to obtain sensitive information or change the password of other users on the computer, without sufficient privileges. $ dscl...

Get OS X 10.7 Hashes

Added: 07/14/2011 Background This tool attempts to retrieve the SHA 512 password hashes stored by OS X Lion 10.7.x Acounts are enumerated using dscl . list /Users/ and password hashes are eunmerated using dscl . read /Users/ Limitations A connection to the target is required to run this tool. The...

Get OS X 10.7 Hashes

Added: 07/14/2011 Background This tool attempts to retrieve the SHA 512 password hashes stored by OS X Lion 10.7.x Acounts are enumerated using dscl . list /Users/ and password hashes are eunmerated using dscl . read /Users/ Limitations A connection to the target is required to run this tool. The...

Get OS X 10.7 Hashes

Added: 07/14/2011 Background This tool attempts to retrieve the SHA 512 password hashes stored by OS X Lion 10.7.x Acounts are enumerated using dscl . list /Users/ and password hashes are eunmerated using dscl . read /Users/ Limitations A connection to the target is required to run this tool. The...

CVE-2009-0013

CVE-2009-0013 affects Apple Mac OS X 10.4.11 and 10.5.6 where the dscl tool in DS Tools requires that passwords be provided as command line arguments. This allows local users to gain privileges by listing processes and extracting the password, enabling privilege escalation. The issue is part of A...