vulnerability

This blog post covers a boring local privilege escalation bug in iStat Menus due to a misconfigured folder permission. I was honestly surprised this was overlooked, since there were other recently disclosed vulnerabilities, one of which was way more interesting. Read here. TL;dr Insecure world-writable folder allowing privilege escalation Affected versions < 7.20.5 with Install Helper component No profit (a reboot is required) A CVE has been requested Description In my day-to-day job I occasionally review software for security issues....

Update: Fixed proof of concept link. Background This research project started back in July 2023, at around the same time when a critical vulnerability in a popular file-sharing software called MoveIt Transfer was disclosed. More details about that particular vulnerability can be found here and here. I was curious and looked for other similar file-sharing software with security issues. And so a few Google searches later, I found a candidate, a software for enterprises called MFT Server by JSCAPE....