All Your Macs Are Belong To Us: The Story of CVE-2021-30657

Presented at Objective by the Sea version 4.0 (2021), Sept. 30, 2021, 10:40 a.m. (50 minutes).

A recent vulnerability, CVE-2021-30657, neatly bypassed a myriad of foundational macOS security features such as File Quarantine, Gatekeeper, and Notarization. Armed with this capability attackers could (and were!) hacking macOS systems with a simple user (double)-click. Yikes!

In this joint presentation we'll first highlight the discovery of the flaw and how it could be deployed to unsuspecting Mac users. Following this, we'll dig deep into the bowels of macOS to uncover the root cause of the bug: a subtle logic flaw in the complex and undocumented policy subsystem.

Next, we'll highlight the discovery of malware exploiting this bug in the wild, as an 0day. To wrap up, we'll peek at Apple's patch, as well as discuss novel methods of both detection and prevention.


Presenters:

  • Jaron Bradley - macOS Detections, Team Lead at Jamf
    Jaron has a background in incident response and threat hunting across Unix based platforms. He currently works as the macOS detections lead for Jamf Protect. As an OG, he was the first ever speaker at the Objective By the Sea conferences and he makes sure to remind everyone about that each year. Although the conferences are always a blast, he primarily attends for the super ono Hawaiian food.
  • Patrick Wardle - Founder of Objective-See
    Patrick Wardle is the founder of Objective-See. Having worked at NASA and the NSA, as well as presented at countless security conferences, he is intimately familiar with aliens, spies, and talking nerdy. Patrick is passionate about all things related to macOS security and thus spends his days finding Apple 0days, analyzing macOS malware and writing free open-source security tools to protect Mac users.
  • Cedric Owens - Offensive Security Engineer
    Cedric is currently a red teamer who came from a blue team background. His passion revolves around red teams and blue teams working closely together to improve each other's tradecraft. Cedric enjoys writing useful red team and blue team utilities and periodically writing posts that are of interest on his blog at https://medium.com/red-teaming-with-a-blue-team-mentaility.

Links:

Similar Presentations: