Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 6 subscribers
  • Views 15539 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Rootpipe exploit

brvx

"And now we also know that the bug has been discovered by what seems to be a Chinese APT actor and was already exploited in the wild (although only affecting < 10.8)."

The link I want to post for this doesn't work because the Sophos nanny insists on bleeping out "bs." So find it from this--"How to fix rootpipe...." It appears in comments in that article.

https://reverse.put.as/?s=rootpipe

Question: Any kind of protection from this from Sophos? Will Sophos be able to identify any files that contain such a payload?

:1020662


This thread was automatically locked due to age.
Parents
  • 0

    And from that same article:

    There is malware from 2014 that was already exploiting this vulnerability. Found by noar, the following sample contains the exploit code for both Mavericks and older versions. It uses the exploit to activate the Accessibility API. See, we don’’’’t even need to wait for new malware, it was already being exploited in the wild. The malware sample is described by FireEye here, but they totally miss the zero day there. They just lightly describe the result but not the technique.

    :1020667
Reply
  • 0

    And from that same article:

    There is malware from 2014 that was already exploiting this vulnerability. Found by noar, the following sample contains the exploit code for both Mavericks and older versions. It uses the exploit to activate the Accessibility API. See, we don’’’’t even need to wait for new malware, it was already being exploited in the wild. The malware sample is described by FireEye here, but they totally miss the zero day there. They just lightly describe the result but not the technique.

    :1020667
Children
No Data
Unfiltered HTML