CVE-2024-42011 by (0xRushy - Abdullah Al-Harbi)
Find me here!
1 - Analyze the Spotify binary for insecure functions:
otool -Vt /path/to/Spotify.app/Spotify | grep -E 'strcat|strcpy|sprintf|gets|memcpy|memmove|strncpy|snprintf|vsprintf|vsnprintf|bcopy|scanf|fscanf|sscanf'2 - Identify the location of strcat using the otool output:
0000000101931c3c b 0x10772e930 ; symbol stub for: _strcat