FileMaker, dylib hijacking

Understanding the Risks and Mitigations of dylib Hijacking in macOS FileMaker Pro CVE-2023-42920 Source: https://fm-security.com/posts/dylib/ CVE macOS FileMaker Pro CVE-2023-42920 Menu Introduction The dylib hijacking vulnerability for macOS is well known and studied. But from a FileMaker developer’s point of view, I have not seen any analysis of this problem. I will begin a little bit from afar. Embedding into someone else’s

Deciphering the FileMaker Server keystore

Unlocking the Secrets of the FileMaker Server Keystore: A Cryptographic Exploration Source: https://davidhamann.de/2023/05/29/deciphering-the-filemaker-keystore/ Introduction  On This Page While checking out how the FileMaker Pro to Server upload feature worked, I noticed that credentials were encrypted using a RSA public key before being sent to the server. I looked into FileMaker Server’s installation directory and found that