Mount(ain) of Bugs

Presented at Objective by the Sea version 4.0 (2021), Oct. 1, 2021, 10:10 a.m. (50 minutes)

In this talk we will dive into mount operation internals on macOS and discuss several vulnerabilities impacted the system.

In the first half we will introduce how mounting is happening, how the sandbox is tied to the mount operation. We will also discuss the diskarbitration service, which is also responsible some of the mounting which can be done by the user.

Next we will detail different bugs impacted macOS in the past, where mounting had a key role. These range from privilge esclaation to complete privacy (TCC) bypasses.

Lastly we will review how we can use the mount command for our own advantage when exploiting third party applications.

Presenters:

• Csaba Fitzl - Content developer at Offensive Security
  Csaba graduated in 2006 as a computer engineer. He worked for 6 years as a network engineer, troubleshooting and designing big networks. After that he worked for 8 years as a blue and red teamer focusing on network forensics, malware analysis, adversary simulation and defense bypasses. Currently he is working as a content developer at Offensive Security. He gave talks and workshops on various international IT security conferences, including Hacktivity, hack.lu, Troopers, SecurityFest, DEFCON, NULLCON and Objective By The Sea.

Links:

• https://objectivebythesea.org/v4/talks.html#Mount(ain) of Bugs
• https://objectivebythesea.org/v4/talks/OBTS_v4_cFitzl.pdf

Similar Presentations:

• Black Hat USA 2021 / 20+ Ways to Bypass Your macOS Privacy Mechanisms