Unexpected, Unreasonable, Unfixable: Filesystem Attacks on macOS

Presented at Objective by the Sea version 6.0 (2023), Oct. 13, 2023, 3:25 p.m. (25 minutes).

Over the past year, I dove deep into the macOS file API, embarking on a seemingly ludicrous quest to find bugs. Surprisingly this far-fetched idea lead me to remarkably effective techniques. I discovered numerous tricks, invented some of my own, and developed a methodology. Through logic bugs alone, I managed to breach every significant macOS security boundary from userspace. \n\n The haul so far is 7 zero-days: 3 LPEs to root, 3 full TCC bypasses, and 1 sandbox escape. Apple paid me handsomely for all of this, and now I get to talk about it publicly. \n\n Join me on my journey of the past year and see for yourself all the insanity, the techniques, the tricks, the bugs, and the epic fails. Bugs so trivial and hilarious that you will curse yourself for not looking for them, and at the end of it all if you don't leave laughing you will leave in a daze, asking what I have been asking myself for the past 12 months: How the FSCK is this even possible!?.

Presenters:

  • Gergely Kalman - Independent Security Researcher
    Independent Security Researcher.

Links:

Similar Presentations: