HospitalRun Local Root Exploit

Let's talk about a “security flaw in hospital software that allows full access to medical devices“. This issue was disclosed on LinkedIn and included a full exploit code. Let's use this app as an example on how to find a macOS privilege escalation and learn how local root exploits can work. Print BINGO sheet: Sources: Original LinkedIn Post: ://%C3%BCcke-in-krankenhaus-software-activity-7055185115584303104-2eZr The Exploit code: “The project has been deprecated for 2 years. Version has been an EOL for at least 5 years“ - developer statement: My references finding priv esc issues in macOS apps: Help me pay for any legal trouble in case somebody wants to sue me (advertisement): Chapters: 00:00 - Intro: Practice Research with Existing Issues 01:45 - HospitalRun Functionality 03:07 - What is a Local Root Exploit? 05:49 - Typical macOS Priviledge Escalation Issues 09:23 - Looking for Priviledged Helper in HospitalRun 10:10 - My Experience in finding Local Root Exploits on macOS 11:46 - Threat Modeling and Common Deployments 13:11 - Was this an April Fools Joke? 14:18 - Analysing and Cleaning Up The Exploit Code 17:51 - Reading Comments on LinkedIn 19:29 - BINGO! =[ ❤️ Support ]= → per Video: → per Month: 2nd Channel: =[ 🐕 Social ]= → Twitter: → Streaming: → TikTok: @liveoverflow_ → Instagram: → Blog: → Subreddit: → Facebook: