The Achilles Heel of the macOS Gatekeeper

Explore the vulnerabilities of macOS Gatekeeper in this 48-minute conference talk from Nullcon Berlin 2023. Delve into the inner workings of Gatekeeper, Apple's strict security mechanism designed to prevent non-notarized downloaded binaries from executing on macOS systems. Examine recent Gatekeeper bypasses and discover a novel 0day bypass reported to Apple in 2022. Learn about the heuristics for detection offered by Microsoft Defender for Endpoint on macOS, gaining valuable insights into macOS security, vulnerabilities, and infosec practices. This talk by Jonathan Bar Or provides a comprehensive look at the challenges faced by one of Apple's most crucial hardening mechanisms.