Hello, welcome to the Wednesday, January 3rd, 2018 edition of the Sansonet Storm Center's Stormcast.

My name is Johannes Ulrich and I'm recording from Jacksonville, Florida.

One rather common social engineering technique is the use of URLs inside PDF's documents.

Now, a lot of spam filters aren't able to really extract them and filter PDFs properly,

so DDA came up with Python script to do that for you.

Now originally Didier talked about this in a diary that he published on the 24th, but he got

quite a bit of feedback based on that blog post. So today he kind of updated that by adding a video

with a walkthrough to the tools that he's using in order to accomplish this.

And this weekend, a security researcher who goes by the pseudonym of Sigusa published

an exploit for a privilege escalation vulnerability in Mac OS.

According to him, the exploit works for any version

of OS10 or macOS back to 2002, possibly earlier ones. Guess he hasn't tested any earlier ones yet.

This exploit takes advantage of vulnerability in the I.O.H.D. family macOS

kernel driver. Now, to take advantage of this vulnerability, an attacker has to have already

local user access to the system in order to launch the exploit. These type of exploits are very common in pretty much

all operating systems. If you remember for Windows, for example, there's usually a whole

set of kernel driver vulnerabilities that can lead to escalation in every monthly update.

Sadly, Apple was not notified of this vulnerability prior to the release of the exploit.

Now, since this is only a local approach escalation vulnerability, I don't think Apple will make

this a huge priority and expect an update with any of the

next few regular updates, I would think, sort of over the course of this year. That's at least

my guess how Apple would address vulnerability like this. Now, over the last week, there was also

...