SMB Flaws in macOS
· 3 min read
Supernetworks macOS SMB Client Vulnerabilities
What to Know
Supernetworks identified several vulnerabilities in macOS Sequoia’s SMB client code.
The worst of which can result in remote kernel code execution via an SMB URL delivered through any application that allows clickable URLs (e.g. messaging apps. Browsers, email client). This isn’t necessarily a one click attack, as a user may need to click through some UI elements to trigger the exploit. A privileged network position could also be used to carry out a man-in-the-middle attack against a user that typically uses SMB shares. It goes without saying that this also operates as a local privilege escalation from a non privileged user to kernel code execution.