Asia-24-Fitzl-Wojciech-Unlimited-ways-to-bypass-your-macOS-privacy-mechanisms.pdf

《Asia-24-Fitzl-Wojciech-Unlimited-ways-to-bypass-your-macOS-privacy-mechanisms.pdf》由会员分享，可在线阅读，更多相关《Asia-24-Fitzl-Wojciech-Unlimited-ways-to-bypass-your-macOS-privacy-mechanisms.pdf（68页珍藏版）》请在三个皮匠报告上搜索。

1、#BHASIA BlackHatEventsTHE FINAL*CHAPTERUNLIMITED WAYS TO BYPASS YOUR MACOS PRIVACY MECHANISMSCSABA FITZL&WOJCIECH REGUA#BHASIA BlackHatEventsNSFullUserName()Wojciech Regua Head of Mobile Security SecuRing Certified iOS Application Security Engineer(iASE)author Focused on iOS/macOS#appsec Blogger htt

2、ps:/wojciechregula.blog#BHASIA BlackHatEventsNSFullUserName()Csaba Fitzl Principal macOS Security Researcher Kandji Former creator of macOS Exploitation&Pentesting Training Ex red/blue teamer 80+CVEs from Apple Blog:https:/theevilbit.github.io/#BHASIA BlackHatEventsOur previous Black Hat TCC talks#B

3、HASIA BlackHatEventsAgenda1.TCC/Privacy fundamentals(quick recap)2.TCC bypassesInfo leaksSysadminctlcom.apple.Safari.SandboxBrokerInstallAssistant.pkgcpldiagnoseQuartzCore frameworkCFNetworkREDACTED3.Dead and dying techniques4.TCC/Security improvements in macOS SonomaOpenAI:generate Polish and Hunga

4、rian grilling an apple#BHASIA BlackHatEventsTCC/privacy fundamentals#BHASIA BlackHatEventsTCC/Privacy fundamentalsSystem Integrity Protection(SIP)Based on Sandbox kernel extension Restricts access to many directories on macOS Denies debugger attachments to processes signed directly by Apple Also kno

5、wn as rootless,because even root cannot do the above-mentioned operations when the SIP is turned on#BHASIA BlackHatEventsTCC/Privacy fundamentalsTransparency,Consent&Control(TCC):Protects users privacy Not even root can approve TCC permissions From macOS Ventura TCC protects also containers of sandb

6、oxed apps#BHASIA BlackHatEventsTCC/Privacy fundamentalsThe number of protected resources still increases#BHASIA BlackHatEventsTCC/Privacy fundamentals#BHASIA BlackHatEventsTCC bypasses#BHASIA BlackHatEventsTCC bypasses via info leaks Grepping since 2020.Now Apple is grepping as well.:D Still finding