2022-07-24, 15:00–15:50, Battery 🔋
My journey to find vulnerabilities in macOS. During 2020 and 2021 I found two major vulnerabilities from macOS. In this presentation I walk you through the whole exploit chain to compromise users' sensitive data with one click. I will also explain my methodology to find logic bugs.
My journey to find vulnerabilities in macOS. During 2020 and 2021 I found two major vulnerabilities from macOS. In this presentation I walk you through the whole exploit chain to compromise users' sensitive data with one click.
I will walk you through how I solved the following steps:
- Fundamentals how I find vulnerabilities
- Basics about the "extra" security protections in macOS
- How to get payload delivered with one click
- Code execution with arbitrary mount
- Gatekeepper evasion
- TCC protection evasion
- SIP -protection evasion
- Timeline
- How Apple will credit the researches
I have been working in InfoSec since 2009. As a profession I have concentrated on building cyber security solutions. I also still love to get technical and I do vulnerability research as a hobby.
As said in my Twitter bio:
Im interested about Hacking, Cyber and politics.
Founder and CEO of @SensorFu
Board member: @KyberVPK / @JK_ry
InfoSec Specialist: @effi_ry (Electronic Frontier Finland)
https://twitter.com/turmio_
https://mikko-kenttala.medium.com/
http://www.happyhacking.org/HH/