tags:macoslpe original link: CVE-2024-27822: macOS PackageKit Privilege Escalation newsletter link: exploits.club Weekly Newsletter 24
Exploits Club Summary:
A fun macOS privesc from @khronokernel. The post is pretty short and to the point, but boy is it effective. The core idea is that PackageKit will load the usersÂ
.zshrc as root, allowing malicious payloads to be embedded into it for an easy privesc. The write-up also takes a look at Appleâs fix by reversing the patch and understanding how it works.