Explore over 20 new techniques to bypass MacOS privacy mechanisms in this 40-minute Black Hat conference talk. Gain an in-depth understanding of the TCC (Transparency, Consent, and Control) framework, its components, and how it restricts application access to private data. Examine the various databases utilized by TCC and delve into the distinction between user consent and user intent. Learn about diverse bypass methods, including regression vulnerabilities, code injections, logic bugs, and the misuse of built-in sysadmin tools. Compare the security improvements (or lack thereof) between MacOS Monterey and Big Sur versions. Presented by security experts Csaba Fitzl and Wojciech Regula, this talk offers valuable insights for cybersecurity professionals and MacOS enthusiasts alike.
Overview
Syllabus
Knockout Win Against TCC - 20+ NEW Ways to Bypass Your MacOS Privacy Mechanisms
Taught by
Black Hat