Broken Isolation: Draining Credentials from Popular macOS Password Managers

Explore a security-focused conference talk that reveals critical vulnerabilities in macOS password managers through an examination of isolation enforcement weaknesses. Delve into how basic isolation assumptions can be exploited, as security expert Wojciech Regula demonstrates various techniques and zero-day vulnerabilities that allow low-privileged malware to compromise popular password management applications. Learn about the theoretical foundations of macOS application isolation through notarization and sandboxing, and understand why these security measures often prove ineffective in practice. Gain insights from Regula's extensive experience in Apple device security, including his work as Principal IT Security Specialist at SecuRing and his contributions to platforms like iOS Security Suite. The 28-minute presentation includes detailed technical analysis supported by comprehensive slides, making it valuable for security professionals and developers interested in macOS application security.