DefenderYara/Exploit/MacOS/CVE-2022-46689/Exploit_MacOS_CVE-2022-46689_A_MTB.yar

rule Exploit_MacOS_CVE-2022-46689_A_MTB{
	meta:
		description = "Exploit:MacOS/CVE-2022-46689.A!MTB,SIGNATURE_TYPE_MACHOHSTR_EXT,03 00 03 00 03 00 00 01 00 "
		
	strings :
		$a_01_0 = {63 6f 6d 2e 77 6f 72 74 68 64 6f 69 6e 67 62 61 64 6c 79 2e 66 75 6c 6c 64 69 73 6b 61 63 63 65 73 73 } //01 00  com.worthdoingbadly.fulldiskaccess
		$a_01_1 = {63 6f 6d 2e 61 70 70 6c 65 2e 61 70 70 2d 73 61 6e 64 62 6f 78 2e 72 65 61 64 2d 77 72 69 74 65 } //01 00  com.apple.app-sandbox.read-write
		$a_01_2 = {43 56 45 2d 32 30 32 32 2d 34 36 36 38 39 } //00 00  CVE-2022-46689
	condition:
		any of ($a_*)
 
}