Apple's Envy: Root once, bypass TCC

Presented at Objective by the Sea version 4.0 (2021), Sept. 30, 2021, 4:35 p.m. (25 minutes).

Have you gotten a remote foothold on macOS, even escalated to root, but still been frustrated by TCC? Yeah, me neither. But if you had, you'd want to see this talk!

I'll demonstrate a technique to grant arbitrary applications TCC rights, including Full Disk Access, from a remote compromise. I'll also share a lesser known resource for testing macOS techniques without owning a macOS device, for free.


Presenters:

  • Andy Grant - Head of Offensive Security at Zoom Video Communications, Inc.
    Andy Grant is the Head of Offensive Security at Zoom. He has more than a decade of professional experience in offensive security, and two decades of involvement in computer security. His team at Zoom is responsible for finding security vulnerabilities in the company and its products, which involves conducting security assessments, performing vulnerability research, and engaging with third-party security vendors. He is also responsible for building out a dedicated red team and leading purple team exercises. Prior to Zoom, Andy was a Technical Vice President for NCC Group and worked on a wide variety of projects over his twelve years with the company. He performed countless application assessments across many platforms and systems. He also conducted internal and external network penetration tests, architecture and design reviews, and threat modeling exercises. He worked with small tech start-ups, small and large software development groups, and large financial institutions. He has a B.S. in Computer Science and an Advanced Computer Security Certificate, both from Stanford University.

Links:

Similar Presentations: