tags: macospath_traversal original link: Zero-Click Calendar invite — Critical zero-click vulnerability chain in macOS newsletter link: exploits.club Weekly Newsletter 39 - bug.directory, Fuzzing Successes, SLUB Internals, and More


Exploits Club Summary:

What do you get when you don’t sanitize the file path associated with Calendar invites? Well, as it turns out, 0-click RCE. This new post from @Turmio_ demonstrates how he was able to do just that, walking through the initial vulnerabilities and all the shenanigans required to escalate it to code exec, bypassing GateKeeper and TCC along the way. It’s a quick read, but certainly one you want to add to your backlog if you plan on doing MacOS research.