phirk
commented
1 year ago Should have occurred to me before, but I removed all existing code from function limera1n_exploit in file limera1n.c and replaced it by simply return 0; (since I'm not interested in using the limera1n exploit anyway).
Now Microsoft Defender no longer deletes the executable.
Yesterday (August 9, 2023) Microsoft updated its definition for MacOS/LimeRain.D!MTB; Microsoft Defender now detects this exploit in
idevicerestoreand immediately deletes the executable...What can we do about this? (If anything?)
(I work on a managed Mac provided by my company; Defender is installed by default and I cannot modify its settings)