Security

Reverse-Engineering macOS Server APNS Push Certificate Retrieval

Since many years, I’m running my own email server, based on self-written SMTP and IMAP services, a MySQL database backend and a PHP-based webmail frontend. Ever since Apple released iPhone OS supporting push e-mail, I’ve been interested in getting it to work with my own email stack. My journey led me to Apple Open Source …

Reverse-Engineering macOS Server APNS Push Certificate Retrieval Read More »

CVE-2022-31877: Privilege Escalation in MSI Center

Missing input validation and missing authentication allow attackers with the ability to connect to TCP/IP ports on localhost:26822 (e.g. any low-privileged user space process) to download and/or launch arbitraty executables with elevated privileges.