MacOS policies are "more like guidelines..."

Presented at ShellCon 2021 Virtual, Oct. 8, 2021, 11 a.m. (25 minutes).

This talk will highlight areas within the MacOS ecosystem where system management policies are blatantly not enforced, and in at least 1 case, where MacOS actually ships with the tools necessary to bypass its own policies when applied in a security context. This talk will also cover Apple's response, or lack thereof, to disclosure of these vulnerabilities, and how the implications of their response may highlight that MDM is wholesale not supported as a security apparatus within the entire Apple ecosystem.

Presenters:

• Vyrus
  Angry toddler trying to smash square bits and bytes into round holes, Xcape Inc CTO, halfway between Unix neck beard and arrogant teenager.

Links:

• https://shellcon.io/talks/2021/macos-policies/

Similar Presentations:

• DEF CON 30 (2022) / Process injection: breaking all macOS security layers with a single vulnerability
• Black Hat USA 2022 / Process Injection: Breaking All macOS Security Layers With a Single Vulnerability
• Objective by the Sea version 5.0 (2022) / Process Injection: Breaking all macOS Security Layers with a Single Vulnerability