GITBOOK-3970: change request with no subject merged in GitBook

SUMMARY.md

@@ -151,7 +151,7 @@
   * [macOS File Extension Apps](macos-hardening/macos-security-and-privilege-escalation/macos-file-extension-apps.md)
   * [macOS Files, Folders, Binaries & Memory](macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/README.md)
     * [macOS Bundles](macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/macos-bundles.md)
-    * [macOS Installer Packages (pkg)](macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/macos-installer-packages-pkg.md)
+    * [macOS Installers Abuse](macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/macos-installers-abuse.md)
     * [macOS Memory Dumping](macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/macos-memory-dumping.md)
     * [macOS Sensitive Locations](macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/macos-sensitive-locations.md)
     * [macOS Universal binaries & Mach-O Format](macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/universal-binaries-and-mach-o-format.md)

macos-hardening/macos-security-and-privilege-escalation/README.md

@@ -92,8 +92,8 @@ Being able to **create a file** that is going to be **used by root**, allows a u
 
 For this kind of vulnerabilities don't forget to **check vulnerable `.pkg` installers**:
 
-{% content-ref url="macos-files-folders-and-binaries/macos-installer-packages-pkg.md" %}
-[macos-installer-packages-pkg.md](macos-files-folders-and-binaries/macos-installer-packages-pkg.md)
+{% content-ref url="macos-files-folders-and-binaries/macos-installers-abuse.md" %}
+[macos-installers-abuse.md](macos-files-folders-and-binaries/macos-installers-abuse.md)
 {% endcontent-ref %}
 
 ### Entitlements and Privileges abuse via process abuse

macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/README.md

@@ -51,8 +51,8 @@ MacOS stores information such as passwords in several places:
 
 ### Vulnerable pkg installers
 
-{% content-ref url="macos-installer-packages-pkg.md" %}
-[macos-installer-packages-pkg.md](macos-installer-packages-pkg.md)
+{% content-ref url="macos-installers-abuse.md" %}
+[macos-installers-abuse.md](macos-installers-abuse.md)
 {% endcontent-ref %}
 
 ## OS X Specific Extensions

macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/macos-installers-abuse.md

@@ -1,4 +1,4 @@
-# macOS Installer Packages (pkg)
+# macOS Installers Abuse
 
 <details>
 
@@ -52,6 +52,18 @@ If a pre or post installation script is for example executing from **`/var/tmp/I
 
 <figure><img src="../../../.gitbook/assets/Pasted Graphic 5.png" alt=""><figcaption></figcaption></figure>
 
+### AuthorizationExecuteWithPrivileges
+
+This is a [public function](https://developer.apple.com/documentation/security/1540038-authorizationexecutewithprivileg) that several installers and updaters will call to **execute something as root**. This function accepts the **path** of the **file** to **execute** as parameter, however, if an attacker could **modify** this file, he will be able to **abuse** its execution with root to **escalate privileges**.
+
+```bash
+# Breakpoint in the function to check wich file is loaded
+(lldb) b AuthorizationExecuteWithPrivileges
+# You could also check FS events to find this missconfig
+```
+
+For more info check this talk: [https://www.youtube.com/watch?v=lTOItyjTTkw](https://www.youtube.com/watch?v=lTOItyjTTkw)
+
 ## References
 
 * [https://www.youtube.com/watch?v=iASSG0\_zobQ](https://www.youtube.com/watch?v=iASSG0\_zobQ)