Kernel Apple Vulnerability –

I have been away for some time.

In the first day of my return I have found the following vulnerability related with Apple.

It seems nasty… Although it cannot be remotely exploited it might be used in phishing campaigns that might trick the user to execute some software that takes ownership of the computer.

More info:

Exploit / Proof of concept


How to check if a used iPhone is stolen.

I confess that I just noticed this tool recently, I find it very useful, everyone should have knowledge of it.

Apple is trying to address the situation of the stolen mobile phones. It seems hard and isolated in this hard work but at least it is trying.

Apple phones have a very high demand either as used or new.

Since the release of the IOS7 that apple requires the typing of the previous Apple id activation account and password before it changes to another account.

But this is not enough, Apple now has created a tool to check a phone activation lock status. With this tool we are able to check if the used phone was stolen or not.

This might be very useful if you’re trying to get a used phone over the internet!

No one likes to buy a brick, or not being able to activate the phone with our apple id… Or, even worse, being caught with stolen property.

In order to check the phone status you will need the IMEI or the serial number (International Mobile Equipment Identifier) this numbers  are unique identifiers to each phone.

Once you get one of them you can go to the apple activation lock status website ( Apple Activation Lock Status ), type the IMEI or Serial number on the forms and fill the remaining information, press continue.

The next screen will show you if the phone has its activation lock feature enabled.

If activation lock is on, the following things might be going on:

1 – The phone is stolen and the seller can’t disable the activation lock.

2 – The seller forgot to turn off the activation lock and will be able to deactivate it in order to complete the sell.


MAC OS X file system Introduction

Knowing the hierarchical organisation of a file system of a determined operating system is very important for every person that works in security.

This is the normal structure of the Apple file system.
For this we consider that the system has the User1 created.

Hidden folders will be coloured in green.

Normal viewable folders will be coloured in Purple.

/ – the root path of the file system.
/ApplicationsThis directory is where you install apps intended for use by all users of a computer.
/Network This directory contains the list of computers in the local area network.
/SystemThis directory contains the system resources required by OS X to run.
/Users This directory contains one or more user home directories.
/Users/User1/Applications Contains user-specific apps
/Users/User1/Desktop Contains the items on the user’s desktop.
/Users/User1/DocumentsContains user documents and files.
/Users/User1/DownloadsContains files downloaded from the Internet.
/Users/User1/LibraryContains user-specific app files (hidden in OS X v10.7 and later)
/Users/User1/MoviesContains the user’s video files.
/Users/User1/Music Contains the user’s music files.
/Users/User1/PicturesContains the user’s photos.
/Users/User1/PublicContains content the user wants to share.
/Users/User1/SitesContains web pages used by the user’s personal site.

/binContains essential command-line binaries. Typically, you execute these binaries from command-line scripts.
/dev Contains essential device files, such as mount points for attached hardware.
/etc Contains host-specific configuration files.
/sbin Contains essential system binaries.
/tmp Contains temporary files created by apps and the system.
/usr Contains non-essential command-line binaries, libraries, header files, and other data.
/var Contains log files and other files whose content is variable. (Log files are typically viewed using the Console app.)

/Volumes It is the mount point of all drives connected to the system

/Private – destination of some symbolic links

/Net – shortcut access to network drives


/Cores – Directory for the Core Dumps

/Trashes – Everything that we have putted on trash

/Spotlight – Information related with spotlight

/Developer – Path to old Xcode information

There are two primary techniques for identifying the type of content in a file:

  • Uniform Type Identifiers (UTIs) – string that uniquely identifies a class of entities considered to have a “type.” UTIsprovide consistent identifiers for data that all apps and services can recognise and rely upon.
    • public.text—A public type that identifies text data.
    • public.jpeg—A public type that identifies JPEG image data.
    •—An Apple type that identifies a bundle directory.
    •—An Apple type that identifies a bundled app.
  • Filename extensions – A filename extension is a string of characters appended to the end of a file and separated from the main filename with a period.