Hunting for macOS Application Logic Bugs - Local Privilege Escalation Vulnerabilities

Explore a 29-minute conference talk from x33fcon that delves into bug hunting experiences on macOS targets between December 2023 and January 2023, focusing on persistent security vulnerabilities. Learn about Local Privilege Escalation bugs affecting major products from Amazon AWS, Zscaler, Logitech, and Netskope. Discover how the research journey began with a third-party Zero Trust Network Access client assessment, leading to the discovery of multiple zero-day vulnerabilities. Gain insights into bug exploitation methodologies, understand the Indicators of Compromise (IOCs) generated during exploitation, and learn how defenders can enhance their detection capabilities for both known and unknown vulnerabilities. Follow along with detailed walk-throughs of the discovered bugs, with potential unredacted examples depending on vendor timelines.