Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore a critical security vulnerability in Apple's CDHash-based revocation system through this 27-minute conference talk from Objective-By-The-Sea v8.0. Discover how macOS Gatekeeper bypasses can circumvent Apple's runtime enforcement mechanisms, allowing previously revoked malicious applications to execute without requiring re-signing. Learn about the technical details of how recent macOS malware has exploited flaws in Apple's revocation system, effectively bringing "dead" code back to life and undermining the assumption that revocation serves as a definitive kill switch. Examine real-world examples of ad-hoc signed malware that has been blocked by Apple yet continues to run through these bypass techniques. Gain insights into detection strategies for identifying these sophisticated bypasses in production environments, and understand the broader implications for macOS security architecture. The presentation includes detailed analysis of Gatekeeper weaknesses, CDHash enforcement failures, and practical approaches for threat hunters and security researchers working to identify and mitigate these advanced evasion techniques.
