> Until apple starts doing any checksum checks on these files I doubt this metho... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		ronsor 15 days ago \| parent \| context \| favorite \| on: Show HN: I reverse engineered macOS to allow custo... > Until apple starts doing any checksum checks on these files I doubt this method will break anytime soon. Watch as this is used for malware persistence through a code execution exploit. Then Apple will start verifying the file content.

1970-01-01 15 days ago [–]

.scr files are untrusted for this very reason.

jeroenhd 15 days ago | [–]

.scr files are untrusted because they're plain PE executables. You don't need to exploit anything to get code execution because all they do is execute code.

If they were just video files, they wouldn't be such a vector for malware.

1970-01-01 15 days ago | | [–]

You still need to priv esc

Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact