Pulse of Truth

1658 readers

64 users here now

Cyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).

This community is automagically fed by an instance of Dittybopper.

founded 2 years ago

MODERATORS

krogoth

macOS vulnerability allowed Keychain and iOS app decryption without a password (www.helpnetsecurity.com)

submitted 1 month ago by lemmydev2 to c/pulse_of_truth

0 comments fedilink hide all child comments

Today at Nullcon Berlin, a researcher disclosed a macOS vulnerability (CVE-2025-24204) that allowed attackers to read the memory of any process, even with System Integrity Protection (SIP) enabled. The issue stems from Apple mistakenly granting the /usr/bin/gcore utility the com.apple.system-task-ports.read entitlement in macOS 15.0 (Sequoia). Apple removed the entitlement in macOS 15.3. Koh M. Nakagawa speaking at Nullcon Berlin 2025 This entitlement gave gcore the ability to read the memory of any process on the … More → The post macOS vulnerability allowed Keychain and iOS app decryption without a password appeared first on Help Net Security.

no comments (yet)

sorted by: hot top controversial new old

there doesn't seem to be anything here