> Until apple starts doing any checksum checks on these files I doubt this method will break anytime soon.
Watch as this is used for malware persistence through a code execution exploit. Then Apple will start verifying the file content.
> Until apple starts doing any checksum checks on these files I doubt this method will break anytime soon.
Watch as this is used for malware persistence through a code execution exploit. Then Apple will start verifying the file content.
.scr files are untrusted for this very reason.
.scr files are untrusted because they're plain PE executables. You don't need to exploit anything to get code execution because all they do is execute code.
If they were just video files, they wouldn't be such a vector for malware.
You still need to priv esc