Overview
Discover how to exploit vulnerabilities in MacOS devices through a comprehensive conference talk from the Hack In The Box Security Conference. Explore a chain of vulnerabilities (CVE-2022-22616, CVE-2022-22639, CVE-2022-22617, and more) that bypass key security features like GateKeeper, System Integrity Protection (SIP), and Transparency, Consent, and Control (TCC). Learn about the discovery process, root causes, and exploitation techniques for these vulnerabilities, applicable to both Apple Silicon and Intel Mac devices. Witness a live demonstration of the complete exploit chain, showcasing the journey from a single click to full device takeover. Gain insights from Mickey Jin, a Trend Micro threat researcher with expertise in malware analysis, threat campaign research, and vulnerability research, who has been credited for discovering numerous CVEs across various platforms.
Syllabus
#HITB2022SIN One-Click To Completely Takeover A MacOS Device - Mickey Jin
Taught by
Hack In The Box Security Conference