From c824f07d9105e1fee027e71a14152a098f27f7e1 Mon Sep 17 00:00:00 2001 From: CPol Date: Mon, 16 Oct 2023 12:46:58 +0000 Subject: [PATCH] GITBOOK-4130: change request with no subject merged in GitBook --- SUMMARY.md | 2 +- .../macos-security-protections/macos-gatekeeper.md | 8 +++----- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/SUMMARY.md b/SUMMARY.md index 419e9b7c..f907bb31 100644 --- a/SUMMARY.md +++ b/SUMMARY.md @@ -178,7 +178,7 @@ * [macOS Dyld Hijacking & DYLD\_INSERT\_LIBRARIES](macos-hardening/macos-security-and-privilege-escalation/macos-dyld-hijacking-and-dyld\_insert\_libraries.md) * [macOS .Net Applications Injection](macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-.net-applications-injection.md) * [macOS Security Protections](macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/README.md) - * [macOS Gatekeeper](macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-gatekeeper.md) + * [macOS Gatekeeper / Quarantine / XProtect](macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-gatekeeper.md) * [macOS Launch/Environment Constraints](macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-launch-environment-constraints.md) * [macOS Sandbox](macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sandbox/README.md) * [macOS Default Sandbox Debug](macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sandbox/macos-default-sandbox-debug.md) diff --git a/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-gatekeeper.md b/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-gatekeeper.md index abd83c16..6a669193 100644 --- a/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-gatekeeper.md +++ b/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-gatekeeper.md @@ -1,4 +1,4 @@ -# macOS Gatekeeper +# macOS Gatekeeper / Quarantine / XProtect
@@ -253,7 +253,7 @@ XProtect is located on. SIP protected location at **/Library/Apple/System/Librar * **`XProtect.bundle/Contents/Resources/XProtect.yara`**: Yara rules to detect malware. * **`XProtect.bundle/Contents/Resources/gk.db`**: SQLite3 database with hashes of blocked applications and TeamIDs. -Note that there is another App in **`/Library/Apple/System/Library/CoreServices/XProtect.app`** related to XProtect that isn't involved when an app is run. +Note that there is another App in **`/Library/Apple/System/Library/CoreServices/XProtect.app`** related to XProtect that isn't involved with the Gatekeeper process.. ## Gatekeeper Bypasses @@ -319,12 +319,10 @@ python3 -m http.server Check the [**original report**](https://www.microsoft.com/en-us/security/blog/2022/12/19/gatekeepers-achilles-heel-unearthing-a-macos-vulnerability/) for more information. -## [2023-27943](https://blog.f-secure.com/discovery-of-gatekeeper-bypass-cve-2023-27943/) +### [CVE-2023-27943](https://blog.f-secure.com/discovery-of-gatekeeper-bypass-cve-2023-27943/) It was discovered that **Google Chrome wasn't setting the quarantine attribute** to downloaded files because of some macOS internal problems. - -
☁️ HackTricks Cloud ☁️ -🐦 Twitter 🐦 - 🎙️ Twitch 🎙️ - 🎥 Youtube 🎥