MacOS Security - Escaping The Sandbox & Bypassing TCC
Hack In The Box Security Conference via YouTube
Master Windows Internals - Kernel Programming, Debugging & Architecture
Build AI Apps with Azure, Copilot, and Generative AI — Microsoft Certified
Overview
Build a Learning Habit
Download Class Central's free printable study calendar
Download for Free
Explore macOS security mechanisms, focusing on sandboxing and Transparency, Consent, and Control (TCC) in this 55-minute conference talk from the Hack In The Box Security Conference. Dive into the evolution of macOS security features, including the introduction of sandbox-like restrictions for non-sandboxed apps in macOS Catalina. Examine the new security boundaries created by these measures and the potential vulnerabilities they introduce. Learn about the challenges developers face in safeguarding app permissions and the importance of understanding these new security models. Discover techniques for bypassing protections in third-party applications and analyze real-world vulnerabilities that allowed sandbox escapes, TCC permission theft, and privilege escalation. Gain insights from security researchers Thijs Alkemade and Daan Keuper as they share their findings on macOS and iOS security, including specific CVEs in macOS and Adobe Reader.
Syllabus
#HITB2021AMS D1T1 - MacOS Security: Escaping The Sandbox & Bypassing TCC - T. Alkemade and D. Keuper
Taught by
Hack In The Box Security Conference