Hello, welcome to the Tuesday, August 16th, 2020 edition of the Sansanet Storm Center's Stormcast. My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Just a quick follow-up on the Real Tech ECOS SDK vulnerability. Luckily, no big news and no widespread exploitation in the wild. As of now,

I just checked before I started recording. I added a presentation to the diary to help you

inform management as needed. Feel free to use the PowerPoint slides as you see fit and well,

modify them, put them in your own

templates, whatever.

Hopefully they will help.

I also added a snort signature to the post.

The snort signature is in the works for me state of quality control and feedback is welcome.

And thanks to those who noted the bad link in the show notes should be fixed now and I hope

I will get it right today.

Zoom published a security update for Mac users.

This privilege escalation vulnerability doesn't really sound like a huge deal, but

shouldn't really be overlooked.

It does allow attackers to bypass a lot of Apple's built-in security controls, not just escalate

privileges to root.

Now you wonder why, and that gets me to a blog post by Sector 7 outlining how Apple's

different security layers can be bypassed.

This includes system integrity protection or short SIP, which is sometimes also referred

to as rootless because even root does not have permission to alter certain files on the system,

and processes are also somewhat isolated from each other and don't sort of automatically inherit all the privileges of the user running it.

What a particular process is allowed to do is now regulated by entitlements that are assigned

...