Security Researcher Discovers Two Vulnerabilities in macOS Recovery Mode Safari
By
yaseeng
1mo ago· 10 min readenInsight
100/100
Golden Brown
Bagelometer↗
Pulled from the oven just right. Trustworthy, fact-dense, deeply satisfying.
Score100TypeanalysisSentimentneutral
Summary
A security researcher discovered two vulnerabilities in macOS Recovery Mode's Safari browser: one allowing arbitrary writes to system partitions and root persistence (CVSS 8.5), and another allowing unrestricted file reads (CVSS 4.6). The discovery occurred accidentally when the researcher's M1 MacBook Air crashed, leading them into Recovery Mode where they found these security flaws that could potentially allow attackers to compromise macOS systems.
Key quotes
· 3 pulledI accidentally discovered 2 vulnerabilities in macOS Recovery Mode's Safari: one allowing arbitrary writes to system partitions and root persistence (CVSS 8.5), the other allowing unrestricted file reads (CVSS 4.6).
It started like any other day with my M1 Macbook Air dying due to the hundreds if not thousands of Chrome tabs I had open, so I did what every normal human does and long pressed the touch id button to force a force restart.
Technical write-ups HERE and HERE.
I accidentally discovered 2 vulnerabilities in macOS Recovery Mode's Safari: one allowing arbitrary writes to system partitions and root persistence (CVSS 8.5), the other allowing unrestricted file reads (CVSS 4.6).
