This article focuses on a weakness in the Telegram application on macOS that allows for the injection of a Dynamic Library (or Dylib for short). The article will cover several basic concepts in macOS to provide the relevant background that will help the reader understand the process of identifying the weakness and writing an exploit that will gain a local privilege escalation by getting access to the camera through the permissions that were previously granted to the Telegram application.
ff2c92c6de4309a150cf45e77231bdbfd2d4e121543c5abfa55fd4e59bdc5704
This blog post discusses a local privilege escalation vulnerability discovered within the macOS Videostream application. They author walks you through the process of identifying the vulnerability and shares how they crafted an exploit to leverage it for gaining escalated local privileges.
3002fbeabb52c31d66e7c2256d465be61d929766d1ffad4af54f345f3647cbe0