Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

The Price of Compatibility - Defeating macOS Kernel Using Extended File Attributes

Black Hat via YouTube

Overview

Explore a Black Hat conference talk that delves into exploiting macOS kernel vulnerabilities through extended file attributes in the FAT filesystem. Discover how compatibility features in macOS can lead to security flaws, allowing attackers to breach system boundaries. Learn about the surprising support for advanced features like symbolic links in the msdos FAT filesystem and how Apple's implementation of these features creates potential attack vectors. Gain insights into memory disclosure, kernel privilege escalation, and the impact on iOS. Examine the exploit process, including flash drive attacks and file system vulnerabilities. Understand the implications of these findings for macOS security and the challenges of maintaining compatibility while ensuring system integrity.

Syllabus

Intro
Who am I
Agenda
Finder
File
XML
Disk Utility
File System
xctr
AmpleFile
File Parsing
Code Audit
The Problem
Memory Disclosure
Location Kernel
Kernel Privilege Exclusion
What can ob slam do
Ob slam side effects
Perfect UAF
Slapback Operation
Exploit Strategy
Key erqc
Impact on iOS
The vulnerability
Exploit process
Flash drive attack
File C vulnerability
Outro

Taught by

Black Hat

Reviews

Start your review of The Price of Compatibility - Defeating macOS Kernel Using Extended File Attributes

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.