CVE-2024-31127: Zscaler Client Connector 4.1.500.3 NSXPC Local Privilege escalation
It was possible to achieve local privilege escalation (LPE) through the following high level abuse steps:
Recent posts
CVE-2024-30165: Finding and Exploiting the AWS Client VPN on macOS for Local Privilege Escalation
AWS Client VPN 3.9.0 allows a local attacker to maliciously kill the VPN connection, revert/fix the DNS settings and completely uninstall the AWS Client VPN ...
NO-CVE 0day: Logitech Logi Capture 2.08.12 macOS Local Privilege Escalation (CoreMediaIO)
It was possible to achieve local privilege escalation (LPE) through the following high level abuse steps: Identification of weak POSIX directory and file ...
NO-CVE 0day: Logitech Logi Capture 2.08.12 macOS Local Privilege Escalation (LogiFacecamService)
It was possible to achieve local privilege escalation (LPE) through the following high level abuse steps: Identification of weak POSIX directory and file ...
NO-CVE: Upwork 5.8.0.33 TCC Bypass Through Hardened Runtime Bypass
It was possible for an attacker to load an unsigned malicious dylib into the /Applications/Upwork.app/Contents/MacOS/Upwork Mach-O and inherit entitlements w...