LiveOverflow | Local Root Exploit in HospitalRun Software @LiveOverflow | Uploaded 1 year ago | Updated 5 hours ago
Let's talk about a "security flaw in hospital software that allows full access to medical devices". This issue was disclosed on LinkedIn and included a full exploit code. Let's use this app as an example on how to find a macOS privilege escalation and learn how local root exploits can work.
Print BINGO sheet: twitter.com/liveoverflow/status/1682650394227351552
Sources:
Original LinkedIn Post: web.archive.org/web/20230424004137/linkedin.com/posts/jeanpereira00_sicherheitsl%C3%BCcke-in-krankenhaus-software-activity-7055185115584303104-2eZr
The Exploit code: https://0day.today/exploit/38531
"The project has been deprecated for 2 years. Version 1.0.0-beta has been an EOL for at least 5 years" - developer statement: twitter.com/tehkapa/status/1650059269939552256
My references finding priv esc issues in macOS apps:
github.com/cure53/Publications/blob/master/summary-report_tunnelbear.pdf
github.com/cure53/Publications/blob/master/summary-report_tunnelbear_2018.pdf
github.com/cure53/Publications/blob/master/summary-report_tunnelbear_2019.pdf
github.com/cure53/Publications/blob/master/pentest-report_IVPN.pdf
Help me pay for any legal trouble in case somebody wants to sue me (advertisement): shop.liveoverflow.com
Chapters:
00:00 - Intro: Practice Research with Existing Issues
01:45 - HospitalRun Functionality
03:07 - What is a Local Root Exploit?
05:49 - Typical macOS Priviledge Escalation Issues
09:23 - Looking for Priviledged Helper in HospitalRun
10:10 - My Experience in finding Local Root Exploits on macOS
11:46 - Threat Modeling and Common Deployments
13:11 - Was this an April Fools Joke?
14:18 - Analysing and Cleaning Up The Exploit Code
17:51 - Reading Comments on LinkedIn
19:29 - BINGO!
=[ ❤️ Support ]=
→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
2nd Channel: youtube.com/LiveUnderflow
=[ 🐕 Social ]=
→ Twitter: twitter.com/LiveOverflow
→ Streaming: https://twitch.tvLiveOverflow/
→ TikTok: tiktok.com/@liveoverflow_
→ Instagram: instagram.com/LiveOverflow
→ Blog: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow
Let's talk about a "security flaw in hospital software that allows full access to medical devices". This issue was disclosed on LinkedIn and included a full exploit code. Let's use this app as an example on how to find a macOS privilege escalation and learn how local root exploits can work.
Print BINGO sheet: twitter.com/liveoverflow/status/1682650394227351552
Sources:
Original LinkedIn Post: web.archive.org/web/20230424004137/linkedin.com/posts/jeanpereira00_sicherheitsl%C3%BCcke-in-krankenhaus-software-activity-7055185115584303104-2eZr
The Exploit code: https://0day.today/exploit/38531
"The project has been deprecated for 2 years. Version 1.0.0-beta has been an EOL for at least 5 years" - developer statement: twitter.com/tehkapa/status/1650059269939552256
My references finding priv esc issues in macOS apps:
github.com/cure53/Publications/blob/master/summary-report_tunnelbear.pdf
github.com/cure53/Publications/blob/master/summary-report_tunnelbear_2018.pdf
github.com/cure53/Publications/blob/master/summary-report_tunnelbear_2019.pdf
github.com/cure53/Publications/blob/master/pentest-report_IVPN.pdf
Help me pay for any legal trouble in case somebody wants to sue me (advertisement): shop.liveoverflow.com
Chapters:
00:00 - Intro: Practice Research with Existing Issues
01:45 - HospitalRun Functionality
03:07 - What is a Local Root Exploit?
05:49 - Typical macOS Priviledge Escalation Issues
09:23 - Looking for Priviledged Helper in HospitalRun
10:10 - My Experience in finding Local Root Exploits on macOS
11:46 - Threat Modeling and Common Deployments
13:11 - Was this an April Fools Joke?
14:18 - Analysing and Cleaning Up The Exploit Code
17:51 - Reading Comments on LinkedIn
19:29 - BINGO!
=[ ❤️ Support ]=
→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
2nd Channel: youtube.com/LiveUnderflow
=[ 🐕 Social ]=
→ Twitter: twitter.com/LiveOverflow
→ Streaming: https://twitch.tvLiveOverflow/
→ TikTok: tiktok.com/@liveoverflow_
→ Instagram: instagram.com/LiveOverflow
→ Blog: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow
