You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There is a report from a dedicated user that Proxyman Helper Tool (PrivilegedHelperTools)could be exploited to change the System Proxy from unsigned apps.
EvenBetterAuthorizationSample does good job to demonstrate how to install/uninstall the Help Tool and provide a mechanism to verify which app is authorized to do it. However, it doesn't validate the authenticity of the connections.
As a result, Any apps could exploited by sending the connection to Helper Tool, which has the same ExportProtocol.
We should fix it
馃憫 Criteria
Validate the codesign of connections before performing any System Change
Make sure one Helper Tool could verify and accept the Proxyman's Connection.
Use POC sample code to verify that the new Helper Tool will reject the unauthorized connections
The text was updated successfully, but these errors were encountered:
馃惗 Brief
There is a report from a dedicated user that Proxyman Helper Tool (PrivilegedHelperTools)could be exploited to change the System Proxy from unsigned apps.
Basically, it's the same issue with Little Snitch CVE-2019-13013 since Proxyman and Little Snitch use a same EvenBetterAuthorizationSample and we don't validate the codesign of incoming NSXPCConnection.
EvenBetterAuthorizationSample does good job to demonstrate how to install/uninstall the Help Tool and provide a mechanism to verify which app is authorized to do it. However, it doesn't validate the authenticity of the connections.
As a result, Any apps could exploited by sending the connection to Helper Tool, which has the same ExportProtocol.
We should fix it
馃憫 Criteria
The text was updated successfully, but these errors were encountered: