This article focuses on a weakness in the Telegram application on macOS that allows for the injection of a Dynamic Library (or Dylib for short). The article will cover several basic concepts in macOS to provide the relevant background that will help the reader understand the process of identifying the weakness and writing an exploit that will gain a local privilege escalation by getting access to the camera through the permissions that were previously granted to the Telegram application.
ff2c92c6de4309a150cf45e77231bdbfd2d4e121543c5abfa55fd4e59bdc5704This blog post discusses a local privilege escalation vulnerability discovered within the macOS Videostream application. They author walks you through the process of identifying the vulnerability and shares how they crafted an exploit to leverage it for gaining escalated local privileges.
3002fbeabb52c31d66e7c2256d465be61d929766d1ffad4af54f345f3647cbe0
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed