Let’s talk about a “security flaw in hospital software that allows full access to medical devices“. This issue was disclosed on LinkedIn and included a full exploit code. Let’s use this app as an example on how to find a macOS privilege escalation and learn how local root exploits can work.
Print BINGO sheet:
Sources:
Original LinkedIn Post: ://ücke-in-krankenhaus-software-activity-7055185115584303104-2eZr
The Exploit code:
“The project has been deprecated for 2 years. Version has been an EOL for at least 5 years“ - developer statement:
My references finding priv esc issues in macOS apps:
Help me pay for any legal trouble in case somebody wants to sue me (advertisement):
Chapters:
00:00 - Intro: Practice Research with Existing Issues
01:45 - HospitalRun Functionality
03:07 - What is a Local Root Exploit?
05:49 - Typical macOS Priviledge Escalation Issues
09:23 - Looking for Priviledged Helper in HospitalRun
10:10 - My Experience in finding Local Root Exploits on macOS
11:46 - Threat Modeling and Common Deployments
13:11 - Was this an April Fools Joke?
14:18 - Analysing and Cleaning Up The Exploit Code
17:51 - Reading Comments on LinkedIn
19:29 - BINGO!
=[ ❤️ Support ]=
→ per Video:
→ per Month:
2nd Channel:
=[ 🐕 Social ]=
→ Twitter:
→ Streaming:
→ TikTok: @liveoverflow_
→ Instagram:
→ Blog:
→ Subreddit:
→ Facebook:
1 view
0
0
2 months ago 00:01:09 1
Israeli strikes on school and hospital kill dozens in Gaza
3 months ago 00:05:45 1
How the NYC Subway Has Been Running for Over 120 Years | The Extra Mile
3 months ago 00:00:00 1
Watch live: White farmer on trial charged with attempting to murder Black boy, 6, over stolen orange
3 months ago 00:01:53 1
Meet mini ponies touring hospitals and schools to give therapeutic cuddles | SWNS
3 months ago 00:49:59 1
Classic Cars Shines at Santa Monica Pier to Benefit Local Youth Programs