{"id":3230,"date":"2021-05-25T14:10:00","date_gmt":"2021-05-25T12:10:00","guid":{"rendered":"https:\/\/fr.koddos.net\/blog\/?p=3230"},"modified":"2021-05-27T14:12:21","modified_gmt":"2021-05-27T12:12:21","slug":"les-hackers-exploitent-la-faille-zero-day-de-macos-et-contournent-linvite-de-permission","status":"publish","type":"post","link":"https:\/\/fr.koddos.net\/blog\/les-hackers-exploitent-la-faille-zero-day-de-macos-et-contournent-linvite-de-permission\/","title":{"rendered":"LES HACKERS EXPLOITENT LA FAILLE ZERO-DAY DE MACOS ET CONTOURNENT L&rsquo;INVITE DE PERMISSION"},"content":{"rendered":"\n<p>Apple a r\u00e9cemment corrig\u00e9 une vuln\u00e9rabilit\u00e9 zero-day qui permet aux auteurs de menaces d&rsquo;enregistrer des vid\u00e9os ou de faire des captures d&rsquo;\u00e9cran de l&rsquo;utilisateur. Selon les chercheurs en s\u00e9curit\u00e9 de Jamf, qui ont \u00e9t\u00e9 les premiers \u00e0 d\u00e9couvrir la faille, les hackers ont contourn\u00e9 le consentement \u00e0 la transparence d&rsquo;Apple pour mener leur attaque.<\/p>\n\n\n\n<p>L&rsquo;\u00e9quipe de s\u00e9curit\u00e9 a r\u00e9affirm\u00e9 que la faille peut avoir \u00e9t\u00e9 d\u00e9j\u00e0 exploit\u00e9e dans le large. Par cons\u00e9quent, elle laisse les syst\u00e8mes des utilisateurs concern\u00e9s ouverts \u00e0 <strong><a href=\"https:\/\/blog.koddos.net\/more-than-500-schools-in-america-have-been-affected-by-ransomware-attacks-in-2019\/\">d&rsquo;autres attaques<\/a><\/strong>.<\/p>\n\n\n\n<p>La <strong><a href=\"https:\/\/techcrunch.com\/2021\/05\/24\/malware-xcsset-macos\/\">vuln\u00e9rabilit\u00e9<\/a><\/strong> a \u00e9t\u00e9 d\u00e9couverte alors que Jamf \u00e9tait \u00e0 la recherche d&rsquo;une souche de logiciel malveillant pour Mac nomm\u00e9e XCSSET, qui utilise des projets Xcode infect\u00e9s pour cibler les d\u00e9veloppeurs macOS.<\/p>\n\n\n\n<p>Selon les chercheurs, la faille pourrait permettre \u00e0 un acteur de la menace de s&#8217;emparer des permissions accord\u00e9es \u00e0 d&rsquo;autres apps. Par exemple, un hacker peut utiliser une application malveillante pour d\u00e9tourner l&rsquo;application Zoom, qui dispose d\u00e9j\u00e0 d&rsquo;autorisations de recodage. Il peut ensuite l&rsquo;utiliser pour enregistrer l&rsquo;\u00e9cran de l&rsquo;utilisateur.<\/p>\n\n\n\n<p>Le logiciel malveillant XCSSET a \u00e9t\u00e9 d\u00e9couvert pour la premi\u00e8re fois l&rsquo;ann\u00e9e derni\u00e8re par Trend Micro, qui l&rsquo;a vu cibler des d\u00e9veloppeurs Apple.<\/p>\n\n\n\n<p>Mais l&rsquo;impact de cette d\u00e9couverte remonte au mois de mars, lorsque des chercheurs de SentinelOne ont d\u00e9couvert une nouvelle biblioth\u00e8que de code trojanis\u00e9 qui installait le logiciel malveillant de surveillance XCSSET sur des Macs de d\u00e9veloppeurs.<\/p>\n\n\n\n<p><strong>Les logiciels malveillants se greffent sur des applications parentales<\/strong><\/p>\n\n\n\n<p>Dans une interview, Jaron Bradley, chercheur chez Jamf, a d\u00e9clar\u00e9 que certains d\u00e9veloppeurs con\u00e7oivent leurs applications en y installant des applications plus petites. Mais les acteurs de la menace implantent leurs logiciels malveillants de mani\u00e8re \u00e0 ce qu&rsquo;ils se greffent sur les applications m\u00e8res.<\/p>\n\n\n\n<p>Par cons\u00e9quent, les d\u00e9veloppeurs distribuent sans le savoir le <strong><a href=\"https:\/\/blog.koddos.net\/linkedin-users-targeted-by-malware-campaign-via-fake-job-offers\/\">logiciel malveillant<\/a><\/strong> \u00e0 leurs clients puisque les projets ont d\u00e9j\u00e0 \u00e9t\u00e9 infect\u00e9s par le logiciel malveillant.<\/p>\n\n\n\n<p>Les chercheurs de Trend Micro ont qualifi\u00e9 le processus du logiciel malveillant d'\u00a0\u00bbattaque de type cha\u00eene d&rsquo;approvisionnement\u00a0\u00bb. Selon les chercheurs, les acteurs malveillants continuent de proposer r\u00e9guli\u00e8rement de nouvelles souches du logiciel malveillant, les variantes les plus r\u00e9centes ciblant les Macs \u00e9quip\u00e9s de la puce M1.<\/p>\n\n\n\n<p>Le logiciel malveillant utilise deux zero day lorsqu&rsquo;il commence \u00e0 s&rsquo;ex\u00e9cuter sur l&rsquo;ordinateur de la victime : le premier consiste \u00e0 acc\u00e9der aux comptes en ligne de la victime en volant les cookies du navigateur Safari. Le second consiste \u00e0 installer une version de d\u00e9veloppement de Safari en arri\u00e8re-plan, ce qui permet aux acteurs de la menace de modifier presque tous les types de sites Web.<\/p>\n\n\n\n<p>D&rsquo;une mani\u00e8re g\u00e9n\u00e9rale, macOS devrait demander \u00e0 l&rsquo;utilisateur une autorisation avant d&rsquo;autoriser toute application, qu&rsquo;elle soit malveillante ou non.<\/p>\n\n\n\n<p>Si l&rsquo;application veut ouvrir le stockage de l&rsquo;utilisateur, acc\u00e9der \u00e0 la webcam ou au microphone, ou enregistrer l&rsquo;\u00e9cran, l&rsquo;utilisateur est invit\u00e9 \u00e0 donner son autorisation avant l&rsquo;ex\u00e9cution de l&rsquo;une de ces actions. Cependant, le logiciel malveillant a contourn\u00e9 la demande d&rsquo;autorisation en se cachant et en <strong><a href=\"https:\/\/blog.koddos.net\/vigilante-hacker-steals-and-publishes-cyberespionage-groups-data\/\">infectant des applications l\u00e9gitimes<\/a><\/strong> avec du code malveillant.<\/p>\n\n\n\n<p><strong>Un logiciel malveillant \u00e9chappe aux d\u00e9fenses de s\u00e9curit\u00e9 de MacOs<\/strong><\/p>\n\n\n\n<p>Selon les chercheurs de Jamf &#8211; Stuart Ashenbrenner, Ferdous Saljooki et Jaron Bradley &#8211; le logiciel malveillant <strong><a href=\"https:\/\/arstechnica.com\/gadgets\/2021\/05\/hackers-exploit-a-macos-0day-that-allows-them-to-screenshot-infected-macs\/?comments=1\">recherche<\/a><\/strong> \u00e9galement d&rsquo;autres applications sur l&rsquo;ordinateur de la victime. Ces applications, telles que Slack, WhatApp et Zoom, peuvent \u00e9galement \u00eatre contourn\u00e9es sans qu&rsquo;aucune permission ne soit demand\u00e9e.<\/p>\n\n\n\n<p>Ensuite, le logiciel malveillant tente d&rsquo;\u00e9viter d&rsquo;\u00eatre rep\u00e9r\u00e9 en signant un nouveau certificat sur le nouveau paquet d&rsquo;applications. Cela permet de contourner automatiquement les d\u00e9fenses de s\u00e9curit\u00e9 int\u00e9gr\u00e9es de macOS.<\/p>\n\n\n\n<p>Le contournement de l&rsquo;invite de permission a \u00e9t\u00e9 utilis\u00e9 par les acteurs de la menace pour prendre des captures d&rsquo;\u00e9cran du bureau de l&rsquo;utilisateur. En dehors de ces actions, le logiciel malveillant peut \u00e9galement mener d&rsquo;autres activit\u00e9s sur l&rsquo;ordinateur de la victime, car il peut \u00eatre utilis\u00e9 pour acc\u00e9der \u00e0 ses num\u00e9ros de carte de cr\u00e9dit par le biais d&rsquo;un enregistreur de frappe.<\/p>\n\n\n\n<p><strong>La vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e<\/strong><\/p>\n\n\n\n<p>Selon les chercheurs, les acteurs malveillants ont d\u00e9j\u00e0 infect\u00e9 plusieurs Mac en utilisant cette technique, mais le nombre r\u00e9el de victimes n&rsquo;est pas connu. Cependant, Apple a d\u00e9clar\u00e9 que la vuln\u00e9rabilit\u00e9 dans macOS 11.4 a \u00e9t\u00e9 corrig\u00e9e et mise \u00e0 disposition des utilisateurs sous forme de mise \u00e0 jour.<\/p>\n\n\n\n<p>L&rsquo;attaque a pris la forme de projets malveillants que l&rsquo;acteur de la menace a \u00e9crits pour Xcode. Un Xcode est un r\u00e9f\u00e9rentiel d&rsquo;informations, de ressources et de tous les fichiers n\u00e9cessaires \u00e0 la cr\u00e9ation d&rsquo;une application. Apple fournit cet outil gratuitement aux d\u00e9veloppeurs qui con\u00e7oivent des applications MacOS.<\/p>\n\n\n\n<p>Lorsque l&rsquo;un des projets XCSSET est ex\u00e9cut\u00e9, le code malveillant commence \u00e0 s&rsquo;ex\u00e9cuter sur les Macs des d\u00e9veloppeurs.<\/p>\n\n\n\n<p>La faille provenait d&rsquo;une erreur de logique qui permettait \u00e0 XCSSET de se lancer dans le r\u00e9pertoire d&rsquo;une application install\u00e9e. Cela a donn\u00e9 au logiciel malveillant le passage complet pour h\u00e9riter des autorisations de capture d&rsquo;\u00e9cran et d&rsquo;autres privil\u00e8ges.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Apple a r\u00e9cemment corrig\u00e9 une vuln\u00e9rabilit\u00e9 zero-day qui permet aux auteurs de menaces d&rsquo;enregistrer des vid\u00e9os ou de faire des captures d&rsquo;\u00e9cran de l&rsquo;utilisateur. Selon les chercheurs en s\u00e9curit\u00e9 de Jamf, qui ont \u00e9t\u00e9 les premiers \u00e0 d\u00e9couvrir la faille, les hackers ont contourn\u00e9 le consentement \u00e0 la transparence d&rsquo;Apple pour mener leur attaque. L&rsquo;\u00e9quipe &hellip; <a href=\"https:\/\/fr.koddos.net\/blog\/les-hackers-exploitent-la-faille-zero-day-de-macos-et-contournent-linvite-de-permission\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">LES HACKERS EXPLOITENT LA FAILLE ZERO-DAY DE MACOS ET CONTOURNENT L&rsquo;INVITE DE PERMISSION<\/span><\/a><\/p>\n","protected":false},"author":5,"featured_media":383,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[6],"tags":[],"class_list":["post-3230","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-actualite"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.7 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>LES HACKERS EXPLOITENT LA FAILLE ZERO-DAY DE MACOS ET CONTOURNENT L&#039;INVITE DE PERMISSION - Blog KoDDoS<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/fr.koddos.net\/blog\/les-hackers-exploitent-la-faille-zero-day-de-macos-et-contournent-linvite-de-permission\/\" \/>\n<meta property=\"og:locale\" content=\"fr_FR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"LES HACKERS EXPLOITENT LA FAILLE ZERO-DAY DE MACOS ET CONTOURNENT L&#039;INVITE DE PERMISSION - Blog KoDDoS\" \/>\n<meta property=\"og:description\" content=\"Apple a r\u00e9cemment corrig\u00e9 une vuln\u00e9rabilit\u00e9 zero-day qui permet aux auteurs de menaces d&rsquo;enregistrer des vid\u00e9os ou de faire des captures d&rsquo;\u00e9cran de l&rsquo;utilisateur. Selon les chercheurs en s\u00e9curit\u00e9 de Jamf, qui ont \u00e9t\u00e9 les premiers \u00e0 d\u00e9couvrir la faille, les hackers ont contourn\u00e9 le consentement \u00e0 la transparence d&rsquo;Apple pour mener leur attaque. L&rsquo;\u00e9quipe &hellip; Continue reading LES HACKERS EXPLOITENT LA FAILLE ZERO-DAY DE MACOS ET CONTOURNENT L&rsquo;INVITE DE PERMISSION\" \/>\n<meta property=\"og:url\" content=\"https:\/\/fr.koddos.net\/blog\/les-hackers-exploitent-la-faille-zero-day-de-macos-et-contournent-linvite-de-permission\/\" \/>\n<meta property=\"og:site_name\" content=\"Blog KoDDoS\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/koddosCom\" \/>\n<meta property=\"article:published_time\" content=\"2021-05-25T12:10:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-05-27T12:12:21+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/i2.wp.com\/fr.koddos.net\/blog\/wp-content\/uploads\/2019\/01\/Warning-for-Apple-Users-Due-to-Increase-in-Mac-Malware.jpg?fit=668%2C334&ssl=1\" \/>\n\t<meta property=\"og:image:width\" content=\"668\" \/>\n\t<meta property=\"og:image:height\" content=\"334\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"KoDDoS\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@koddoscom\" \/>\n<meta name=\"twitter:site\" content=\"@koddoscom\" \/>\n<meta name=\"twitter:label1\" content=\"\u00c9crit par\" \/>\n\t<meta name=\"twitter:data1\" content=\"KoDDoS\" \/>\n\t<meta name=\"twitter:label2\" content=\"Dur\u00e9e de lecture estim\u00e9e\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/fr.koddos.net\\\/blog\\\/les-hackers-exploitent-la-faille-zero-day-de-macos-et-contournent-linvite-de-permission\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/fr.koddos.net\\\/blog\\\/les-hackers-exploitent-la-faille-zero-day-de-macos-et-contournent-linvite-de-permission\\\/\"},\"author\":{\"name\":\"KoDDoS\",\"@id\":\"https:\\\/\\\/fr.koddos.net\\\/blog\\\/#\\\/schema\\\/person\\\/d22f7fb31dc4d117c9eb5c9cfe533f85\"},\"headline\":\"LES HACKERS EXPLOITENT LA FAILLE ZERO-DAY DE MACOS ET CONTOURNENT L&rsquo;INVITE DE PERMISSION\",\"datePublished\":\"2021-05-25T12:10:00+00:00\",\"dateModified\":\"2021-05-27T12:12:21+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/fr.koddos.net\\\/blog\\\/les-hackers-exploitent-la-faille-zero-day-de-macos-et-contournent-linvite-de-permission\\\/\"},\"wordCount\":927,\"publisher\":{\"@id\":\"https:\\\/\\\/fr.koddos.net\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/fr.koddos.net\\\/blog\\\/les-hackers-exploitent-la-faille-zero-day-de-macos-et-contournent-linvite-de-permission\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/i0.wp.com\\\/fr.koddos.net\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/01\\\/Warning-for-Apple-Users-Due-to-Increase-in-Mac-Malware.jpg?fit=668%2C334&ssl=1\",\"articleSection\":[\"Actualit\u00e9s\"],\"inLanguage\":\"fr-FR\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/fr.koddos.net\\\/blog\\\/les-hackers-exploitent-la-faille-zero-day-de-macos-et-contournent-linvite-de-permission\\\/\",\"url\":\"https:\\\/\\\/fr.koddos.net\\\/blog\\\/les-hackers-exploitent-la-faille-zero-day-de-macos-et-contournent-linvite-de-permission\\\/\",\"name\":\"LES HACKERS EXPLOITENT LA FAILLE ZERO-DAY DE MACOS ET CONTOURNENT L'INVITE DE PERMISSION - Blog KoDDoS\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/fr.koddos.net\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/fr.koddos.net\\\/blog\\\/les-hackers-exploitent-la-faille-zero-day-de-macos-et-contournent-linvite-de-permission\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/fr.koddos.net\\\/blog\\\/les-hackers-exploitent-la-faille-zero-day-de-macos-et-contournent-linvite-de-permission\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/i0.wp.com\\\/fr.koddos.net\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/01\\\/Warning-for-Apple-Users-Due-to-Increase-in-Mac-Malware.jpg?fit=668%2C334&ssl=1\",\"datePublished\":\"2021-05-25T12:10:00+00:00\",\"dateModified\":\"2021-05-27T12:12:21+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/fr.koddos.net\\\/blog\\\/les-hackers-exploitent-la-faille-zero-day-de-macos-et-contournent-linvite-de-permission\\\/#breadcrumb\"},\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/fr.koddos.net\\\/blog\\\/les-hackers-exploitent-la-faille-zero-day-de-macos-et-contournent-linvite-de-permission\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\\\/\\\/fr.koddos.net\\\/blog\\\/les-hackers-exploitent-la-faille-zero-day-de-macos-et-contournent-linvite-de-permission\\\/#primaryimage\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/fr.koddos.net\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/01\\\/Warning-for-Apple-Users-Due-to-Increase-in-Mac-Malware.jpg?fit=668%2C334&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/fr.koddos.net\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/01\\\/Warning-for-Apple-Users-Due-to-Increase-in-Mac-Malware.jpg?fit=668%2C334&ssl=1\",\"width\":668,\"height\":334},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/fr.koddos.net\\\/blog\\\/les-hackers-exploitent-la-faille-zero-day-de-macos-et-contournent-linvite-de-permission\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\\\/\\\/fr.koddos.net\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"LES HACKERS EXPLOITENT LA FAILLE ZERO-DAY DE MACOS ET CONTOURNENT L&rsquo;INVITE DE PERMISSION\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/fr.koddos.net\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/fr.koddos.net\\\/blog\\\/\",\"name\":\"Blog KoDDoS\",\"description\":\"Blog KoDDoS est un blog d\u2019information et d\u2019actualit\u00e9 focalis\u00e9 sur le hacking, la cyber criminalit\u00e9, la vie priv\u00e9e et la surveillance.\",\"publisher\":{\"@id\":\"https:\\\/\\\/fr.koddos.net\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/fr.koddos.net\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"fr-FR\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/fr.koddos.net\\\/blog\\\/#organization\",\"name\":\"KoDDoS\",\"url\":\"https:\\\/\\\/fr.koddos.net\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\\\/\\\/fr.koddos.net\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/i1.wp.com\\\/fr.koddos.net\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/02\\\/logo.png?fit=258%2C55&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i1.wp.com\\\/fr.koddos.net\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/02\\\/logo.png?fit=258%2C55&ssl=1\",\"width\":258,\"height\":55,\"caption\":\"KoDDoS\"},\"image\":{\"@id\":\"https:\\\/\\\/fr.koddos.net\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/koddosCom\",\"https:\\\/\\\/x.com\\\/koddoscom\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/fr.koddos.net\\\/blog\\\/#\\\/schema\\\/person\\\/d22f7fb31dc4d117c9eb5c9cfe533f85\",\"name\":\"KoDDoS\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/239872ddb935e40a5bf46e7421e0fdd8419ae8e91164a61d84219911f7648c73?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/239872ddb935e40a5bf46e7421e0fdd8419ae8e91164a61d84219911f7648c73?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/239872ddb935e40a5bf46e7421e0fdd8419ae8e91164a61d84219911f7648c73?s=96&d=mm&r=g\",\"caption\":\"KoDDoS\"},\"url\":\"https:\\\/\\\/fr.koddos.net\\\/blog\\\/author\\\/oiyndjepop\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"LES HACKERS EXPLOITENT LA FAILLE ZERO-DAY DE MACOS ET CONTOURNENT L'INVITE DE PERMISSION - Blog KoDDoS","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/fr.koddos.net\/blog\/les-hackers-exploitent-la-faille-zero-day-de-macos-et-contournent-linvite-de-permission\/","og_locale":"fr_FR","og_type":"article","og_title":"LES HACKERS EXPLOITENT LA FAILLE ZERO-DAY DE MACOS ET CONTOURNENT L'INVITE DE PERMISSION - Blog KoDDoS","og_description":"Apple a r\u00e9cemment corrig\u00e9 une vuln\u00e9rabilit\u00e9 zero-day qui permet aux auteurs de menaces d&rsquo;enregistrer des vid\u00e9os ou de faire des captures d&rsquo;\u00e9cran de l&rsquo;utilisateur. Selon les chercheurs en s\u00e9curit\u00e9 de Jamf, qui ont \u00e9t\u00e9 les premiers \u00e0 d\u00e9couvrir la faille, les hackers ont contourn\u00e9 le consentement \u00e0 la transparence d&rsquo;Apple pour mener leur attaque. L&rsquo;\u00e9quipe &hellip; Continue reading LES HACKERS EXPLOITENT LA FAILLE ZERO-DAY DE MACOS ET CONTOURNENT L&rsquo;INVITE DE PERMISSION","og_url":"https:\/\/fr.koddos.net\/blog\/les-hackers-exploitent-la-faille-zero-day-de-macos-et-contournent-linvite-de-permission\/","og_site_name":"Blog KoDDoS","article_publisher":"https:\/\/www.facebook.com\/koddosCom","article_published_time":"2021-05-25T12:10:00+00:00","article_modified_time":"2021-05-27T12:12:21+00:00","og_image":[{"width":668,"height":334,"url":"https:\/\/i2.wp.com\/fr.koddos.net\/blog\/wp-content\/uploads\/2019\/01\/Warning-for-Apple-Users-Due-to-Increase-in-Mac-Malware.jpg?fit=668%2C334&ssl=1","type":"image\/jpeg"}],"author":"KoDDoS","twitter_card":"summary_large_image","twitter_creator":"@koddoscom","twitter_site":"@koddoscom","twitter_misc":{"\u00c9crit par":"KoDDoS","Dur\u00e9e de lecture estim\u00e9e":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/fr.koddos.net\/blog\/les-hackers-exploitent-la-faille-zero-day-de-macos-et-contournent-linvite-de-permission\/#article","isPartOf":{"@id":"https:\/\/fr.koddos.net\/blog\/les-hackers-exploitent-la-faille-zero-day-de-macos-et-contournent-linvite-de-permission\/"},"author":{"name":"KoDDoS","@id":"https:\/\/fr.koddos.net\/blog\/#\/schema\/person\/d22f7fb31dc4d117c9eb5c9cfe533f85"},"headline":"LES HACKERS EXPLOITENT LA FAILLE ZERO-DAY DE MACOS ET CONTOURNENT L&rsquo;INVITE DE PERMISSION","datePublished":"2021-05-25T12:10:00+00:00","dateModified":"2021-05-27T12:12:21+00:00","mainEntityOfPage":{"@id":"https:\/\/fr.koddos.net\/blog\/les-hackers-exploitent-la-faille-zero-day-de-macos-et-contournent-linvite-de-permission\/"},"wordCount":927,"publisher":{"@id":"https:\/\/fr.koddos.net\/blog\/#organization"},"image":{"@id":"https:\/\/fr.koddos.net\/blog\/les-hackers-exploitent-la-faille-zero-day-de-macos-et-contournent-linvite-de-permission\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/fr.koddos.net\/blog\/wp-content\/uploads\/2019\/01\/Warning-for-Apple-Users-Due-to-Increase-in-Mac-Malware.jpg?fit=668%2C334&ssl=1","articleSection":["Actualit\u00e9s"],"inLanguage":"fr-FR"},{"@type":"WebPage","@id":"https:\/\/fr.koddos.net\/blog\/les-hackers-exploitent-la-faille-zero-day-de-macos-et-contournent-linvite-de-permission\/","url":"https:\/\/fr.koddos.net\/blog\/les-hackers-exploitent-la-faille-zero-day-de-macos-et-contournent-linvite-de-permission\/","name":"LES HACKERS EXPLOITENT LA FAILLE ZERO-DAY DE MACOS ET CONTOURNENT L'INVITE DE PERMISSION - Blog KoDDoS","isPartOf":{"@id":"https:\/\/fr.koddos.net\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/fr.koddos.net\/blog\/les-hackers-exploitent-la-faille-zero-day-de-macos-et-contournent-linvite-de-permission\/#primaryimage"},"image":{"@id":"https:\/\/fr.koddos.net\/blog\/les-hackers-exploitent-la-faille-zero-day-de-macos-et-contournent-linvite-de-permission\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/fr.koddos.net\/blog\/wp-content\/uploads\/2019\/01\/Warning-for-Apple-Users-Due-to-Increase-in-Mac-Malware.jpg?fit=668%2C334&ssl=1","datePublished":"2021-05-25T12:10:00+00:00","dateModified":"2021-05-27T12:12:21+00:00","breadcrumb":{"@id":"https:\/\/fr.koddos.net\/blog\/les-hackers-exploitent-la-faille-zero-day-de-macos-et-contournent-linvite-de-permission\/#breadcrumb"},"inLanguage":"fr-FR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/fr.koddos.net\/blog\/les-hackers-exploitent-la-faille-zero-day-de-macos-et-contournent-linvite-de-permission\/"]}]},{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/fr.koddos.net\/blog\/les-hackers-exploitent-la-faille-zero-day-de-macos-et-contournent-linvite-de-permission\/#primaryimage","url":"https:\/\/i0.wp.com\/fr.koddos.net\/blog\/wp-content\/uploads\/2019\/01\/Warning-for-Apple-Users-Due-to-Increase-in-Mac-Malware.jpg?fit=668%2C334&ssl=1","contentUrl":"https:\/\/i0.wp.com\/fr.koddos.net\/blog\/wp-content\/uploads\/2019\/01\/Warning-for-Apple-Users-Due-to-Increase-in-Mac-Malware.jpg?fit=668%2C334&ssl=1","width":668,"height":334},{"@type":"BreadcrumbList","@id":"https:\/\/fr.koddos.net\/blog\/les-hackers-exploitent-la-faille-zero-day-de-macos-et-contournent-linvite-de-permission\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/fr.koddos.net\/blog\/"},{"@type":"ListItem","position":2,"name":"LES HACKERS EXPLOITENT LA FAILLE ZERO-DAY DE MACOS ET CONTOURNENT L&rsquo;INVITE DE PERMISSION"}]},{"@type":"WebSite","@id":"https:\/\/fr.koddos.net\/blog\/#website","url":"https:\/\/fr.koddos.net\/blog\/","name":"Blog KoDDoS","description":"Blog KoDDoS est un blog d\u2019information et d\u2019actualit\u00e9 focalis\u00e9 sur le hacking, la cyber criminalit\u00e9, la vie priv\u00e9e et la surveillance.","publisher":{"@id":"https:\/\/fr.koddos.net\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/fr.koddos.net\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"fr-FR"},{"@type":"Organization","@id":"https:\/\/fr.koddos.net\/blog\/#organization","name":"KoDDoS","url":"https:\/\/fr.koddos.net\/blog\/","logo":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/fr.koddos.net\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/i1.wp.com\/fr.koddos.net\/blog\/wp-content\/uploads\/2018\/02\/logo.png?fit=258%2C55&ssl=1","contentUrl":"https:\/\/i1.wp.com\/fr.koddos.net\/blog\/wp-content\/uploads\/2018\/02\/logo.png?fit=258%2C55&ssl=1","width":258,"height":55,"caption":"KoDDoS"},"image":{"@id":"https:\/\/fr.koddos.net\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/koddosCom","https:\/\/x.com\/koddoscom"]},{"@type":"Person","@id":"https:\/\/fr.koddos.net\/blog\/#\/schema\/person\/d22f7fb31dc4d117c9eb5c9cfe533f85","name":"KoDDoS","image":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/secure.gravatar.com\/avatar\/239872ddb935e40a5bf46e7421e0fdd8419ae8e91164a61d84219911f7648c73?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/239872ddb935e40a5bf46e7421e0fdd8419ae8e91164a61d84219911f7648c73?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/239872ddb935e40a5bf46e7421e0fdd8419ae8e91164a61d84219911f7648c73?s=96&d=mm&r=g","caption":"KoDDoS"},"url":"https:\/\/fr.koddos.net\/blog\/author\/oiyndjepop\/"}]}},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/fr.koddos.net\/blog\/wp-content\/uploads\/2019\/01\/Warning-for-Apple-Users-Due-to-Increase-in-Mac-Malware.jpg?fit=668%2C334&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p9DjzA-Q6","jetpack_likes_enabled":true,"_links":{"self":[{"href":"https:\/\/fr.koddos.net\/blog\/wp-json\/wp\/v2\/posts\/3230","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/fr.koddos.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/fr.koddos.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/fr.koddos.net\/blog\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/fr.koddos.net\/blog\/wp-json\/wp\/v2\/comments?post=3230"}],"version-history":[{"count":1,"href":"https:\/\/fr.koddos.net\/blog\/wp-json\/wp\/v2\/posts\/3230\/revisions"}],"predecessor-version":[{"id":3231,"href":"https:\/\/fr.koddos.net\/blog\/wp-json\/wp\/v2\/posts\/3230\/revisions\/3231"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/fr.koddos.net\/blog\/wp-json\/wp\/v2\/media\/383"}],"wp:attachment":[{"href":"https:\/\/fr.koddos.net\/blog\/wp-json\/wp\/v2\/media?parent=3230"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/fr.koddos.net\/blog\/wp-json\/wp\/v2\/categories?post=3230"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/fr.koddos.net\/blog\/wp-json\/wp\/v2\/tags?post=3230"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}