Blog Archives

Vulnerabilities in Evoko products

Update (20190213): Since the beginning of last year, TrueSec has worked closely together with the development team to improve security in both Evoko Liso and Evoko Home. All the vulnerabilities described in this post, with the exception of booting from

Posted in Hacking, Security

Speaking at Security Summit in Stockholm

My colleagues at TrueSec and I, are inviting you to a dedicated Security Summit the 24th of November 2015 at Hotel Rival in Stockholm. A conference day full of practical and eye-opening demos. We will teach you all about the

Tagged with: ,
Posted in Hacking

How to develop more secure software

My colleagues and I are inviting you to a conference day full of practical and eye-opening sessions aiming to make you develop more secure code. For the second year, TrueSec invites you to a dedicated security day at Øredev. Our security experts

Tagged with: , ,
Posted in General

Exploiting rootpipe again

Background and acknowledgement This full disclosure is based on my discovery of a privilege escalation vulnerability in Apple OS X called rootpipe. Read my full disclosure on rootpipe here for some background info. Big thanks to Patrick Wardle who inspired

Tagged with: , ,
Posted in General

OS X 10.10.3 still vulnerable

I just wanted to notify our readers interested in OS X security about a new finding that Patrick Wardle has made. He stated in his blog that he’s able to exploit rootpipe on a fully patched OS X 10.10.3! If

Tagged with: , , ,
Posted in Hacking

Hidden backdoor API to root privileges in Apple OS X

TL;DR The Admin framework in Apple OS X contains a hidden backdoor API to root privileges. It’s been there for several years (at least since 2011), I found it in October 2014 and it can be exploited to escalate privileges

Tagged with: , ,
Posted in Hacking
Categories