Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore a critical race condition vulnerability in Apple's core file-copy APIs that affects nearly all Apple devices including macOS, iOS, and watchOS in this 33-minute conference presentation. Discover how researchers uncovered a security flaw that Apple documented but dismissed as unexploitable due to its microscopic time window. Learn about the innovative exploitation techniques developed to reliably abuse this vulnerability in privileged system services to steal arbitrary user secrets. Examine Apple's file copying mechanisms, from NSFileManager to foundational C-language APIs, and understand why these ubiquitous methods pose security risks. Analyze the insufficient initial patch for CVE-2024-54566 and the bypass techniques that necessitated a second fix. Gain insights into Apple's final security solutions and the broader implications for system-level vulnerabilities that vendors consider theoretically unexploitable.
