macOS Vulnerabilities: A Year of Security Research at Kandji

macOS Vulnerabilities: A Year of Security Research at Kandji
Kandji researchers proactively hunt for macOS vulnerabilities, reporting them to Apple to enhance security for users. Their efforts detect and mitigate various exploit scenarios, protecting customers even before official patches are available.
Affected: macOS, Apple ecosystem, Kandji customers

Keypoints :

  • Kandji focuses on discovering vulnerabilities in macOS and reports them to Apple.
  • Proactive vulnerability research benefits both Kandji customers and the wider Apple community.
  • Security researchers have identified multiple vulnerabilities in macOS daemon processes and installer packages.
  • Privacy vulnerabilities were found that allow access to user data without bypassing TCC completely.
  • Kandji develops protections for vulnerabilities even before official patches are released.
  • They also address third-party application vulnerabilities, notably in Twitch.
  • Kandji’s Vulnerability Management helps identify and patch vulnerable software on Macs.

MITRE Techniques :

  • Privilege Escalation (T1068) – Local privilege escalation vulnerabilities discovered in macOS daemons and installer packages.
  • Exploitation of Software Vulnerability (T1203) – Found vulnerabilities in macOS installer packages, allowing bypass of SIP.
  • Data Manipulation (T1565) – Access to private data via vulnerabilities like CVE-2024-54477 and CVE-2024-40783.
  • Sandbox Escape (T1086) – Multiple vulnerabilities enabling sandbox escape through diskarbitrationd and storagekitd.
  • Exploit Public-Facing Application (T1190) – Local privilege escalation found in Twitch’s privilege helper tool.

Indicator of Compromise :

  • [CVE] CVE-2024-54477
  • [CVE] CVE-2024-40783


Full Story: https://blog.kandji.io/vulnerabilities-year-review

Views: 34