Zero Day Initiative - CVE-2024-44236: Remote Code Execution vulnerability in Apple macOS
Briefly

The article outlines the necessary steps for detecting attacks leveraging a specific vulnerability related to ICC Profile file transfers. It emphasizes the importance of monitoring traffic on designated ports such as FTP, HTTP, and SMTP, and specifically inspecting ICC Profile files' contents. The detection device must confirm that the Profile signature matches a specific byte string and evaluate the Tag Table's size. The article concludes by noting that a patch was released in October, and no incidents of exploitation have been observed since.
To detect an attack exploiting this vulnerability, detection devices must monitor specific ports, inspect ICC Profile file transfers, and validate Header signatures.
If transfers contain ICC Profile files, the detection device should verify the Header signature and process Individual Tag Structures to identify any suspicious activity.
Read at Zero Day Initiative
[
|
]