Quick Update to #iamroot issues
Further updates in the #iamroot saga have shown a confusing set of responses from Apple that invalidate some of what I posted earlier, and also may give a false sense of security if users have not installed updates in the proper sequence and then restarted.
Identifying #iamroot issues with osquery (blank password vuln in macOS 10.13.1)
Update: Following this article's original publication, Apple released a somewhat confusing set of security updates, which invalidates some of the original content I had shared. I have posted a follow-up here and updated the version number in the determination query in this article.
Tuesday’s event of a vulnerability in macOS High Sierra (tagged #iamroot by some) was a great chance to explore the utility of using osquery in response to a previously unknown security threat. [See this post for other macos malware identification tips]
Subscribe for new posts
Popular Posts
- Building Your Cyber Security Strategy: A Step-By-Step Guide
- 8 Docker Security Best Practices To Optimize Your Container System
- SOC 2 Compliance Requirements: Essential Knowledge For Security Audits
- Intro to Osquery: Frequently Asked Questions for Beginners
- Warzone RAT comes with UAC bypass technique