In Notion Web Clipper 1.0.3(7), a .nib file is susceptible to the Dirty NIB attack. NIB files can be manipulated to execute arbitrary commands. Additionally, even if a NIB file is modified within an application, Gatekeeper may still permit the execution of the application, enabling the execution of arbitrary commands within the application's context.
Attackers could exploit this vulnerability to execute unauthorized commands within the Notion application, potentially compromising sensitive user data or performing malicious actions.
- First, you need create de malicious NIB
More details in: https://blog.xpnsec.com/dirtynib/
- Notion Application
- Copy malicious nib to app
- Open the malicous application
Thanks to Giovanni Lima, Cyber Security Engineer and friend. We worked together to reproduce de Dirty Nib PoC 😎
https://book.hacktricks.xyz/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-dirty-nib
https://www.notion.so/web-clipper