Discover how to bypass macOS privacy controls through Electron apps in this security conference talk from Objective-See Foundation. Learn about the vulnerabilities in macOS Transparency, Consent, and Control (TCC) framework that restricts access to sensitive resources like documents, camera, and microphone. Explore a new open-source tool that exploits Electron default configurations in popular apps like Microsoft Teams, Slack, and Discord to execute code and inherit their TCC permissions, even bypassing macOS Ventura App Protection. Gain insights into macOS privacy restrictions, their weaknesses, and practical red teaming techniques, while also understanding detection methods for blue teams. Principal Security Consultant Wojciech Reguła, known for creating iOS Security Suite and finding vulnerabilities in major tech companies, shares his expertise in Apple device security and demonstrates practical approaches to exploiting these security gaps.
ELECTRONizing macOS Privacy - A New Weapon in Your Red Teaming Armory
Objective-See Foundation via YouTube
Overview
Syllabus
#OBTS v6:0 "ELECTRONizing macOS Privacy - a New Weapon in Your Red Teaming Armory" - Wojciech Reguła
Taught by
Objective-See Foundation
Related Courses
-
ELECTRONizing MacOS Privacy - A New Weapon in Red Teaming Armory
-
Ways to Bypass Your macOS Privacy Mechanisms
-
Bypassing macOS Privacy Mechanisms - The Final Chapter
-
Knockout Win Against TCC - New Ways to Bypass Your MacOS Privacy Mechanisms
-
macOS Red Teaming in 2023 - Zero-Day Edition
-
The Clock is TCCing - Extending macOS Security and Privacy Features
