Syndis conducted an attack simulation as part of a red team exercise with Dropbox. Syndis, found vulnerabilities in Apple software used by Dropbox that didn’t just affect their MacOS fleet, it affected all Safari users running the latest version at the time—a so-called zero-day vulnerability.
Dropbox published an article about the engagement and the cooperation with Syndis.
”This engagement was a win for us, for Apple, and for internet users on various levels. Not only did we get to test our defensive posture, we also made the internet safer by identifying and reporting vulnerabilities in macOS. Syndis went above and beyond in finding this exploit chain during our engagement, and using it during our attack simulation exercise allowed us to test our readiness against attacks using zero-day vulnerabilities. This is an excellent example of the security community becoming stronger because of good actors doing the right thing.”
Full details about the breach from Dropbox can be found here.