"ThereIsNoPrivacy.app" would like to access the camera and spy on you, and access all of your private data.
In this talk we return for a third time to talk about bypassing macOS's privacy mechanisms. In the last 4 years we submitted over 100 vulnerabilities to Apple which allowed us to either fully or partially bypass macOS's privacy protection framework (TCC). We gave talks about our findings and various techniques in previous BlackHat conferences.
We will start by briefly explaining how the privacy framework works on macOS, how various databases, configuration files and the Sandbox play various roles in fulfilling a single goal - protecting your private data.
Then we will switch gears and show many new vulnerabilities and a couple of new techniques and ideas which allowed us to bypass privacy protection. As usual, you may expect full exploits, tons of demos and a lot of fun. Believe it or not but we bypassed the TCC again with /usr/bin/grep… multiple times.
Finally, we will talk about how Apple improved the privacy framework over the years, what new features were added in macOS Ventura, Sonoma, since the last time we talked about this topic. We will briefly review a few techniques, which we consider mostly dead due to new mitigations and fixes.
By:
Csaba Fitzl | Principal macOS Security Researcher, Kandji
Wojciech Reguła | Principal Security Consultant, SecuRing
Full Abstract & Presentation Materials:
www.blackhat.c...