Recent macOS Threat Research I've been looking at

None of this is mine, just some things I’ve been looking at closely recently. New user, so limited to 2 links. Objective-See and @cedowens put out great work detailing the recent Gatekeeper Bypass, and bradleyjkemp[.]dev found another interesting issue with /usr/local/bin permissions and file integrity/execution.

Press 5 keys and become r00t aka CVE-2021-30655
(4) ConfiantIntel on Twitter: “OSX/Bundlore Loader found (0 detections in VT) compiled for ARM (targeting the new M1 MacBook!) , and notarized by Apple …:scream::space_invader: It was delivered through malvertising. Downloads Bundlor and an unknown payload Developer ID Application: Bobbie Miller (PX3WCCP368) https://t.co/SjrIEv6wcu” / Twitter

2 Likes

It looks like I found another attack vector, again, trying to engineer detection after some malware analysis. DM if looking for info. I’m in disclosure process with Apple, don’t wanna risk a bounty if qualified