Overview
Syllabus
Intro
whoami
agenda
POSIX model - scenarios
flag modifiers
sticky bit
Access Control Lists
sandbox example (mds)
static method
dynamic method
general idea
problems
controlling content
Install History.plist file - Arbitrary file overwrite vulnerability (CVE-2020-3830)
Adobe Reader macOS installer - arbitrary file overwrite vulnerability (CVE-2020-3763)
Grant group write access to plist files via Diagnostic Messages History.plist (CVE-2020-3835)
macOS fontmover - file disclosure vulnerability (CVE-2019-8837)
exploitation
fix
macOS Diagnostic Messages arbitrary file overwrite vulnerability (CVE-2020-3855)
Adobe Reader macOS installer - LPE (CVE-2020-3762)
macOS periodic scripts - 320.whatis script LPE (CVE-2019-8802)
makewhatis
whatis database
OverSight
Installers
move operation
Objective-C
Taught by
Hack In The Box Security Conference