Hello, welcome to the Friday, January 28, 2020 edition of the Sandton and Storm Center's Stormcast.

My name is Johannes Ulrich.

And I'm recording from Jacksonville, Florida.

Quick follow-up to yesterday's Apple Patches.

We do have more details regarding one more of the patched vulnerabilities, CVE 2020-22583.

This allows bypassing of the system integrity protection mechanism.

When macOS installs files, it first extracts them in the temporary directory, and NetHacker in this case

could swap out that temporary directory that was created using digitally signed and trusted

files with unsigned files, and as a result, then essentially bypass the system integrity protection process.

So a typical case of insecure temporary directories. Now, the file name here is random, but the

attacker's script would be able to gather what the file name is, and with that, be able to impersonate the trusted files. I also put together

a little table sort of summarizing the vulnerabilities. Let me know if you like me to do this

in the future again with Apple Patch. A little bit like what we're doing with Microsoft patches.

Doesn't look quite as nice yet.

I have to fix a design a little bit, but wondering if this type of content is useful to people.

I believe you're running macOS, one little security add-on that's quite popular, and I've been using it as well is the

little snitch firewall. Now, one of the features why people like this firewall is that it's

able to alert you on outbound connections. So if you have some software, trying to either

infiltrate data for command control channel or just connecting, for example,

for advertised, when you user tracking purposes, while you may intercept that connection.

But there's an interesting vulnerability in Little Snitch that sadly cannot be patched.

The problem here is that Little snitch does only inspect the connection once payload is being transmitted.

...