The Final Chapter: Unlimited ways to bypass your macOS privacy mechanisms

Published: 16 September 2024
on channel: Black Hat
1,037
38

"ThereIsNoPrivacy.app" would like to access the camera and spy on you, and access all of your private data.

In this talk we return for a third time to talk about bypassing macOS's privacy mechanisms. In the last 4 years we submitted over 100 vulnerabilities to Apple which allowed us to either fully or partially bypass macOS's privacy protection framework (TCC). We gave talks about our findings and various techniques in previous BlackHat conferences.
We will start by briefly explaining how the privacy framework works on macOS, how various databases, configuration files and the Sandbox play various roles in fulfilling a single goal - protecting your private data.

Then we will switch gears and show many new vulnerabilities and a couple of new techniques and ideas which allowed us to bypass privacy protection. As usual, you may expect full exploits, tons of demos and a lot of fun. Believe it or not but we bypassed the TCC again with /usr/bin/grep… multiple times.

Finally, we will talk about how Apple improved the privacy framework over the years, what new features were added in macOS Ventura, Sonoma, since the last time we talked about this topic. We will briefly review a few techniques, which we consider mostly dead due to new mitigations and fixes.

By:
Csaba Fitzl | Principal macOS Security Researcher, Kandji
Wojciech Reguła | Principal Security Consultant, SecuRing

Full Abstract & Presentation Materials:
https://www.blackhat.com/asia-24/brie...


Watch video The Final Chapter: Unlimited ways to bypass your macOS privacy mechanisms online without registration, duration hours minute second in high quality. This video was added by user Black Hat 16 September 2024, don't forget to share it with your friends and acquaintances, it has been viewed on our site 1,03 once and liked it 3 people.