"$ sudo ls ~/Desktop: Operation not permitted". To protect your privacy, Apple introduced Transparency, Consent, and Control (TCC) framework that restricts access to sensitive personal resources: documents, camera, microphone, emails, and more. Granting such access requires authorization, and the mechanism's main design concern was clear user consent. \n\n I have co-presented extensive research on abusing the TCC mechanisms at Black Hat USA 2021 but this time we won't be exploiting the TCC directly. Why keep attacking the TCC when iCloud stores tons of macOS users' secrets?! Default configuration makes Mac synchronize a lot of data. Don't you have your iMessages/Photos/Calendars/Reminders/Notes accessible from iCloud? Good, because you're protecting your privacy… but most users don't. :-) \n\n The presentation will share brand-new research on abusing Apple's iCloud to get access to the users' privacy-sensitive data. All that from malicious applications' perspective without any additional permissions.