Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Bypassing Signature Verification and Kernel Exploitation in macOS System Updates

Objective-See Foundation via YouTube

Overview

Watch a detailed 39-minute security conference talk from Objective-See Foundation where independent security researcher Mickey Jin reveals critical vulnerabilities discovered in Apple's over-the-air (OTA) update process. Learn about CVE-2022-42791, CVE-2022-46722, and other vulnerabilities that could allow attackers to bypass signature verification, infect OS kernels, and execute arbitrary code. Explore how Intel Macs without T2 chips were vulnerable to System Integrity Protection (SIP) and Signed System Volume (SSV) protection bypasses, enabling kernel-level code execution. Discover the technical details of how crafted system updates could potentially infect devices and inject malicious code without user awareness, including a vulnerability allowing pre-kernel boot code execution. Gain insights from Jin's extensive vulnerability research experience, which has led to the discovery of over 100 CVEs acknowledged by Apple.

Syllabus

#OBTS v6.0 "Bypassing the Signature Verification and Pwning the Kernel" - Mickey Jin

Taught by

Objective-See Foundation

Reviews

Start your review of Bypassing Signature Verification and Kernel Exploitation in macOS System Updates

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.