The Future of AI-Driven Security Research
Bridging the gap between vulnerability and security, ZeroClicks is a research blog dedicated to the security community. We unveil new Zero Day findings and vulnerabilities, all discovered with the aid of AI. The concept of "Zero Clicks" embodies the dual nature of cybersecurity, representing both the threats we face and the solutions we seek.
"Zero Clicks" symbolizes two contrasting facets of cybersecurity. On one side of the coin, we have threat actors striving to achieve the ultimate Zero Day compromise - a "Zero Click" threat. These threats are particularly insidious as they require no interaction from the user, making them incredibly difficult to detect and prevent.
On the flip side, we have ethical researchers and organizations working tirelessly to enhance security measures. Our goal is to leverage AI to automate security to such an extent that, even when humans are asleep, with "Zero Clicks" on any platform, AI is vigilantly working in the background to protect against emerging risks.
Research & Discovery Blog
Intersection of Cybersecurity and Artificial Intelligence
Escalated Chain Attack
"ECA"
26 Sep 2023
'ECA: FileSteal' is an instance of an Escalated Chain Attack (ECA) uncovered in the fileproviderctl binary for macOS's FileProvider.framework. We coined the term Escalated Chain Attack, as the "ECA" leverages a combination of vulnerabilities that might be benign on their own, but when chained together, pose a critical threat. This specific ECA (CVE-2023-41980) chains together multiple issues in FileProvider.framework, turning a low-severity listing of files into a full takeover of user documents. This ECA provides unauthorized access to files in a user's Documents, Desktop, and various cloud storage providers such as iCloud Drive, Google Drive, Dropbox, OneDrive and others. Exposed data can range from personal documents, API keys, Apple Wallet passes, cryptographic private keys, encrypted social media chats, and emergency kits from password managers. The unique aspect of this discovery was the use of Artificial Intelligence in pinpointing the combined potential of these discrete vulnerabilities. Given the rapidly evolving threat landscape, AI's capability to identify, diagnose, and suggest remediations for vulnerability chains becomes a crucial advantage. 'ECA: FileSteal' serves as an example to these capabilities, emphasizing the significance of AI-driven vulnerability detection in countering advanced cyber threats.
"We discovered a vulnerability in a command-line utility for the macOS framework used by cloud storage services like iCloud Drive, Google Drive, and Dropbox. The issue lies in fileproviderctl, found on all users of Macs globally running macOS, with a hidden interface, which likely was meant for Apple's internal debugging.
As a result, an attacker (via this debugging tool) can bypass privacy prompts and access your screenshots, backed up documents, video files, contacts, and other sensitive content stored in your Desktop, Documents, and iCloud Drive without you even knowing. This interface lacks the modern transparency and consent controls such as approval pop-ups found in most of the system. Apple most likely overlooked it while uplifting other components.
Examples of how this could impact unpatched users is that the attacker could gain access to your unencrypted WhatsApp backups, through to backup recovery key files from your password managers, digital wallet backups, all your cloud documents and photos and so much more -- Essentially, it would be a full "customer cloud compromise"
It's important for users to update their software to patch this zero day vulnerability ASAP, and as ethical researchers, we look forward to further helping safeguard Apple's systems for their customers worldwide. We appreciate working with Apple's Elite Security Engineering and Architecture Team and look forward to continuing our collaboration."