File Quarantine Handling in macOS Apps

Presented at Objective by the Sea version 3.0 (2020), March 12, 2020, 3:45 p.m. (50 minutes)

File Quarantine is a foundational security mechanism of macOS that aims to protect macOS users from a variety of network-based attacks. In this talk we'll first explore File Quarantine internals. Following this, we'll identify a variety of popular 3rd-party applications that fail to utilize this securiy mechanism, opening up macOS users to remote exploitation. We'll end by demonstrating various exploit chains that abuse the oversight by these applications.

Presenters:

• Vladimir Metnew - AppSec engineer at Grammarly
  Vladimir works at Grammarly, where he is working on application security. He focuses on macOS, static code analysis, browser security, and underlying engineering concepts required for an in-depth understanding of these fields.

Links:

• https://objectivebythesea.org/v3/content.html#vMetnew
• https://objectivebythesea.org/v3/talks/OBTS_v3_vMetnew.pdf

Similar Presentations:

• DEF CON 30 (2022) / Process injection: breaking all macOS security layers with a single vulnerability
• DEF CON 29 (2021) / Bundles of Joy: Breaking macOS via Subverted Applications Bundles
• Objective by the Sea version 4.0 (2021) / All Your Macs Are Belong To Us: The Story of CVE-2021-30657