MacOS Penetration Test Reveals Three Zero-Day Vulnerabilities

  • 256
  •  
  •  
  •  
  •  
  •  
  •  
    256
    Shares

Recently, DropBox undertook a Pen Test to highlight potential vulnerabilities with Mac OS. Syndis, a Cyber Security firm was engaged by DropBox to perform this pen test. The entire process was reportedly spearheaded by Chris Evans, the Head of Security for DropBox. During the course of the test, the team of Ethical Hackers unveiled 3 Zero-Day vulnerabilities in Apple.

Need for Pen Test

DropBox, a cloud-based backup service provider was the most recent to conduct a pen test. As a matter of fact, this IT firm is burdened with the responsibility of safeguarding the data of its clients.

Evans has reportedly stated

“We know that we are targeted by adversaries that could develop and use zero-day exploits against us, and we need to protect ourselves accordingly”

With a multitude of ongoing security threats, a large number of IT companies are counting on pen tests conducted by Red Teams in order to boost their security and achieve higher standards.

This particular pen test conducted for DropBox involved detection of existing vulnerabilities and also discreet placement of malicious code within the DropBox environment.

The Findings

As a result of this Pen Test, Syndis uncovered three critical Zero-Day vulnerabilities in the Mac OS platform. These include CVE-2017-13890, CVE-2018-4176, CVE-2018-4175. The findings reportedly indicated towards the possibility of a cyber attack, if the hacker knew of these three vulnerabilities and exploited them together.

In other words, if a hacker designs malicious code and induces a DropBox employee to visit the same from a Safari Browser, the cyber attack could be successful.

DropBox duteously informed this to Apple, which in turn fixed these issues in less than a month, whereas, it is not uncommon for other IT Giants to take at least 90 days, which is the maximum timeframe given for an IT company to either release a patch, or to declare the shortcomings to the public, at large.

The following two tabs change content below.
Avatar

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]
Avatar

Latest posts by Unallocated Author (see all)

Avatar

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Do NOT follow this link or you will be banned from the site!