Cross-platform exploit targets Linux, Windows and macOS

New "SysJoker" cross-platform exploit now can infect machines with different OSes.

Interestingly, this exploit uses Universal Binary allowing it to run on Intel and Apple Silicon Macs. Code is signed with ad-hoc certificate. New certificates could be used in the future.

The files and directories created by SysJoker include:
/Library/MacOsServices
/Library/MacOsServices/updateMacOs
/Library/SystemNetwork
/Library/LaunchAgents/com.apple.update.plist

The persistence code is under the path LibraryLaunchAgents/com.apple.update.plist. If the files are found on a Mac, it is advised to kill off all related processes and delete the files.

AppleInsider

Reference: macOS, Windows, Linux all targeted by new cross-platform exploit

Weekend good reads for Apple developers, issue #16

Holiday season comes and this edition of weekend good reads will have a lot of interesting articles!

With this huge pack of good reads – happy holidays! And have a nice weekend!

[UPDATED] RCE 0-day exploit found in log4j

Log4j is a popular Java logging package used by many backends.

Details of the vulnerability are available here, and according to reports, also libraries or solutions using Apache log4j (we are talking about Steam, iCloud or Minecraft servers) are also vulnerable. Solutions using the Struts library are also probably vulnerable.

Affected log4j versions: 2.0 <= Apache log4j <= 2.14.1

Weekend good reads for Apple developers, issue #2

We're continuing good reads digest. This issue covers Swift, SwiftUI and other development topics on Apple platforms.

That's it for today. We'll come back with interesting reads next week!