AI Engineer - Learn how to integrate AI into software applications
Learn AI, Data Science & Business — Earn Certificates That Get You Hired
Overview
Google, IBM & Meta Certificates – 40% Off
One plan covers every Professional Certificate on Coursera.
Unlock All Certificates
Watch a detailed security conference talk exploring how XPC technology in Apple's operating systems can be exploited through audit token spoofing. Dive into the mechanics of XPC implementation over mach messages and discover how multiple-sender scenarios can potentially bypass authorization checks. Learn about a specific vulnerability (CVE-2023-32405) in macOS's smd service that enables privilege escalation through this technique. Presented by Thijs Alkemade, a two-time Pwn2Own winner and security researcher at Computest, who brings deep expertise in mathematics, computer science, and operating system security to explain complex security concepts in accessible terms.
Syllabus
#OBTS v6.0: "Elevating Privileges on macOS by Audit Token Spoofing" - Thijs Alkemade
Taught by
Objective-See Foundation