Local Root Exploit in HospitalRun Software
Let's talk about a "security flaw in hospital software that allows full access to medical devices". This issue was disclosed on LinkedIn and included a full exploit code. Let's use this app as an example on how to find a macOS privilege escalation and learn how local root exploits can work.
Print BINGO sheet: / 1682650394227351552
Sources:
Original LinkedIn Post: https://web.archive.org/web/202304240...
The Exploit code: https://0day.today/exploit/38531
"The project has been deprecated for 2 years. Version 1.0.0-beta has been an EOL for at least 5 years" - developer statement: / 1650059269939552256
My references finding priv esc issues in macOS apps:
https://github.com/cure53/Publication...
https://github.com/cure53/Publication...
https://github.com/cure53/Publication...
https://github.com/cure53/Publication...
Help me pay for any legal trouble in case somebody wants to sue me (advertisement): https://shop.liveoverflow.com/
Chapters:
00:00 - Intro: Practice Research with Existing Issues
01:45 - HospitalRun Functionality
03:07 - What is a Local Root Exploit?
05:49 - Typical macOS Priviledge Escalation Issues
09:23 - Looking for Priviledged Helper in HospitalRun
10:10 - My Experience in finding Local Root Exploits on macOS
11:46 - Threat Modeling and Common Deployments
13:11 - Was this an April Fools Joke?
14:18 - Analysing and Cleaning Up The Exploit Code
17:51 - Reading Comments on LinkedIn
19:29 - BINGO!
=[ ❤️ Support ]=
→ per Video: / liveoverflow
→ per Month: / @liveoverflow
2nd Channel: / liveunderflow
=[ 🐕 Social ]=
→ Twitter: / liveoverflow
→ Streaming: https://twitch.tvLiveOverflow/
→ TikTok: / liveoverflow_
→ Instagram: / liveoverflow
→ Blog: https://liveoverflow.com/
→ Subreddit: / liveoverflow
→ Facebook: / liveoverflow
Смотрите видео Local Root Exploit in HospitalRun Software онлайн без регистрации, длительностью часов минут секунд в хорошем качестве. Это видео добавил пользователь LiveOverflow 22 Июль 2023, не забудьте поделиться им ссылкой с друзьями и знакомыми, на нашем сайте его посмотрели 69,984 раз и оно понравилось 3.3 тысяч людям.