top | item 31697385

(no title)

jprx | 3 years ago

Additionally, if can find a way to trick a user into installing a malicious kext, why even bother with PACMAN? You already have arbitrary kernel code execution!

discuss

throwaway290|3 years ago

Perhaps the kext with the overflow may not necessarily look malicious? It can serve as an actually useful kext and pass review.

aenis|3 years ago

These days all kexts look malicious.

shp0ngle|3 years ago

yeah but if you can trick the user to do that, you can already trick him to do more

sgjohnson|3 years ago

First you need to trick Apple into signing that kext (which is getting more difficult by the day even for legitimate uses), or get the user to disable SIP first.

throwaway290|3 years ago

Didn't many tools require disabling SIP, like Homebrew? Is this no longer true?