Local Root Exploit in HospitalRun Software

Let's talk about a "security flaw in hospital software that allows full access to medical devices". This issue was disclosed on LinkedIn and included a full exploit code. Let's use this app as an example on how to find a macOS privilege escalation and learn how local root exploits can work.
Print BINGO sheet:   / 1682650394227351552  


Sources:
Original LinkedIn Post: https://web.archive.org/web/202304240...
The Exploit code: https://0day.today/exploit/38531
"The project has been deprecated for 2 years. Version 1.0.0-beta has been an EOL for at least 5 years" - developer statement:   / 1650059269939552256  

My references finding priv esc issues in macOS apps:
https://github.com/cure53/Publication...
https://github.com/cure53/Publication...
https://github.com/cure53/Publication...
https://github.com/cure53/Publication...

Help me pay for any legal trouble in case somebody wants to sue me (advertisement): https://shop.liveoverflow.com/

Chapters:
00:00 - Intro: Practice Research with Existing Issues
01:45 - HospitalRun Functionality
03:07 - What is a Local Root Exploit?
05:49 - Typical macOS Priviledge Escalation Issues
09:23 - Looking for Priviledged Helper in HospitalRun
10:10 - My Experience in finding Local Root Exploits on macOS
11:46 - Threat Modeling and Common Deployments
13:11 - Was this an April Fools Joke?
14:18 - Analysing and Cleaning Up The Exploit Code
17:51 - Reading Comments on LinkedIn
19:29 - BINGO!

=[ ❤️ Support ]=

→ per Video:   / liveoverflow  
→ per Month:    / @liveoverflow  

2nd Channel:    / liveunderflow  

=[ 🐕 Social ]=

→ Twitter:   / liveoverflow  
→ Streaming: https://twitch.tvLiveOverflow/
→ TikTok:   / liveoverflow_  
→ Instagram:   / liveoverflow  
→ Blog: https://liveoverflow.com/
→ Subreddit:   / liveoverflow  
→ Facebook:   / liveoverflow