Welcome to the Off-Shore Club

The #1 Social Engineering Project in the world since 2004 !

Important Notice:

✅UPGRADE YOUR ACCOUNT TODAY TO ACCESS ALL OFF-SHORE FORUMS✅

[New]Telegram Channel

In case our domain name changes, we advise you to subscribe to our new TG channel to always be aware of all events and updates -
https://t.me/rtmsechannel

OFF-SHORE Staff Announcement: 30% Bonus on ALL Wallet Deposit this week


For example, if you deposit $1000, your RTM Advertising Balance will be $1300 that can be used to purchase eligible products and service on forums or request withdrawal. The limit deposit to get the 30% bonus is $10,000 for a $3000 Marketplace wallet balance Bonus.

Deposit Now and claim 30% more balance ! - BTC/LTC/XMR


Always use a Mixer to keep Maximum anonimity ! - BTC to BTC or BTC to XMR

🗂️Keep in Mind Microsoft Discovered a Major Security Flaw With Safari on Mac

⚠️Always Remember to keep your identity safe by using a Zero-KYC Zero-AML like https://coinshift.money⚠️

Gold

_=*Croft*=_

Business Club
💰 Business Club
USDT(TRC-20)
$0.0
When Apple dropped macOS Sequoia last month, it added new features like window snapping and the ability to control your iPhone from your Mac. In addition to surface-level changes, however, the new update also introduced a lengthy series of patches for security vulnerabilities. As it happens, one of these vulnerabilities was discovered by none other than Microsoft, and is quite concerning for Macs used within organizations.

How Safari's TCC flaw works​


Microsoft described its findings in a blog post on Oct. 17, just about one month after the Sept. 16 release of macOS Sequoia. The company calls the flaw "HM Surf," named after the teachable move in the Pokémon series, which they discovered allows bad actors to bypass Apple's Transparency, Consent, and Control platform for Safari. TCC typically ensures that apps without proper permission cannot access services like your location, camera, or microphone. It's essential for preserving your privacy from apps that would otherwise like to abuse it.

However, Apple gives some of its own apps entitlements that allow them to bypass these TCC roadblocks. It's Apple's app, after all, so the company knows it isn't malicious. In Safari's case, Microsoft found the app has access to your Mac's address book, camera, and microphone, among other services, without needing to go through TCC checks first.

All that said, you still encounter TCC checks while using Safari across websites: That's what happens when you load a page, and a pop-up asks if you'll allow the site access to something like your camera. Those TCC settings per website are saved to a directory on your Mac under ~/Library/Safari.

This is where the exploit comes in: Microsoft discovered you can change this directory to a different location, which removes the TCC protections. Then, you can modify sensitive files in the real home directory, then change the directory back, so Safari pulls from the modified files you put in place. Congratulations: You're now able to bypass TCC protections, and take a picture with the Mac's webcam, as well as access location information for the machine.

Microsoft says there are a number of actions bad actors could potentially take from this situation, including saving the webcam picture somewhere they can access it later; record video from your webcam; stream audio from your microphone to an outside source; and run Safari in a small window, so you don't notice its activity. Importantly, third-party browsers are not affected here, as they have to deal with Apple's TCC requirements, and do not have Safari's entitlements to bypass them.

While Microsoft did find suspicious activity in its investigation that might indicate this vulnerability has been exploited, it could not say for sure.

This vulnerability only affects MDM-managed Macs​


After reading Microsoft's report, ou might be worried about the prospect of bad actors snooping on your Mac through Safari. However, what isn't made explicit here is this vulnerability only affects MDM-managed Macs, i.e. Macs belonging to organizations controlled by a central IT service. That includes Macs issued to you from your job, or a computer belonging to your school.

Apple confirms as much in its security notes for macOS Sequoia, in a rather brief entry considering the privacy and security implications:

apple security notes

Credit: Apple

Of course, the flaw is still serious, but it is much more limited. You don't have to worry about Safari on your personal Mac allowing hackers to access your webcam, microphone, and location. But if you do have a Mac issued from work or school that is MDM-managed, that is a concern, and you should install the update as soon as possible.

Patching the flaw on your MDM-managed Mac​


This flaw affects the following Macs: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later).

It's possible your organization has already issued the update for your Mac, if it's eligible. However, if your machine isn't running macOS Sequoia, check with your company or school's IT to see when an update will become available.
Full story here:
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Friendly Disclaimer We do not host or store any files on our website except thread messages, most likely your DMCA content is being hosted on a third-party website and you need to contact them. Representatives of this site ("service") are not responsible for any content created by users and for accounts. The materials presented express only the opinions of their authors.
🚨 Do not get Ripped Off ! ⚖️ Deal with approved sellers or use RTM Escrow on Telegram
Gold
Mitalk.lat official Off Shore Club Chat


Gold

Panel Title #1

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

Panel Title #2

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.
Top