Close Menu
Nigeria Info
    What's Hot

    Zelensky was strongly condemned after protest at Vinnitsa

    August 3, 2025

    Russian airport has introduced limitations on flights

    August 3, 2025

    Musk does not deny that people can become a hero simulating with anyone developing

    August 3, 2025
    Facebook X (Twitter) Instagram
    Nigeria Info
    • Home
    • Nigeria
    • Army
    • Economy
    • Society
    • Tech
    • World
    • Press
    Nigeria Info
    Home»Tech»New hole in macOS: Libaplearchive allows you to walk around the gatekeeper
    Tech

    New hole in macOS: Libaplearchive allows you to walk around the gatekeeper

    April 25, 20252 Mins Read
    Share
    Facebook Twitter Pinterest Reddit WhatsApp Email

    Apple once again received the news due to its vulnerability-time in its Libapplearchive library, used to work with .aar archive documents. Researcher Snuli Keffabert has found an important distance (CVE-2024-27876, CVSS 8.1), allowing not only to record files in arbitrary disk positions, but also ignore the gatekeeper.

    New hole in macOS: Libaplearchive allows you to walk around the gatekeeper

    It all started with the fact that Keffababer wrote his own syntax analysis – LibNeoaplearchive – to study the behavior of Apple storage on Linux.

    Working with the logic of simultaneous handling, he noticed the strange: Archives can be extracted so that one of the output files turned out to be … Simlylka in any other folder on the system.

    The next experiment ShowThat during the decompression process, there is a “racial condition). The library first checks if the directory of the desired folder exists, and only then tries to create it.

    If at this time put a Simlink on another folder, Libapplearchive will still think that the portfolio has been created and will continue to write the files there. Therefore, the data will fall into the address designated by Simlink – completely under the control of the attacker.

    By repeating the structure from SIMS and files in the storage many times, Keffaber significantly increased the success percentage of the attack.

    He did not stop there: the next purpose was to ignore the gatekeeper. Turns out, the first standard storage utility has decompressed the files into the temporary folder and only then hangs the quarantine marks on them. If, with the help of the gap, the Libapplearchive force to extract the file outside this folder, it will go around quarantine and will be able to start without warning – of course, this is very dangerous.

    The gap not only affects macOS. Libapplearchive is used at work (shortcut), flexmusickit, clipService, as well as in iOS files, can also extract .aar. Even when monitoring tests like Pathisvalid () are included, the race still allows them to travel.

    Keffaber published POC, proving that the attack is quite realistic, although it requires knowledge of details like $ TMPDIR.

    Apple has closed a gap in new updates, so emergency updates – the gap is serious and the exploitation is available online.

    Share. Facebook Twitter Pinterest LinkedIn WhatsApp Reddit Email
    Previous ArticleEye in evaluation sp
    Next Article The Viking's negotiations have not been conducted

    Related Posts

    Musk does not deny that people can become a hero simulating with anyone developing

    August 3, 2025

    Scientists accidentally discovered a new form of life

    August 3, 2025

    Why is heart cancer a rare disease?

    August 2, 2025

    NASA highly appreciated the meeting of the heads of the spatial parts of the Russian and the United States

    August 2, 2025

    The medieval tomb of a high knight was found under a cafe building in Poland

    August 2, 2025

    In Russia, they introduced a Huawei smartphone with a unique telephoto lens

    August 1, 2025
    Picks

    Zelensky was strongly condemned after protest at Vinnitsa

    August 3, 2025

    Russian airport has introduced limitations on flights

    August 3, 2025

    Musk does not deny that people can become a hero simulating with anyone developing

    August 3, 2025

    US non -agricultural employment data is published

    August 3, 2025

    Around the five thunder explosions on Sochi

    August 3, 2025

    Whitker: Providing weapons for Ukraine will push Russia into negotiations

    August 3, 2025

    Kadyrov lost a party for Bi -A for his son Adam and promised to take revenge on

    August 3, 2025

    Scientists accidentally discovered a new form of life

    August 3, 2025
    • Home
    • Nigeria
    • Army
    • Economy
    • Society
    • Tech
    • World
    • Press release
    © 2025 NIGERIA INFO

    Type above and press Enter to search. Press Esc to cancel.