利用零日漏洞破坏 macOS 应用程序和安全控制.pdf

《利用零日漏洞破坏 macOS 应用程序和安全控制.pdf》由会员分享，可在线阅读，更多相关《利用零日漏洞破坏 macOS 应用程序和安全控制.pdf（46页珍藏版）》请在三个皮匠报告上搜索。

1、Subverting macOS Applications and Security Controls through 0-Day VulnerabilitieswhoamiRed Team Lead Pentraze CybersecurityCo-author of the Red Team program at the University of Santiago de Chile(USACH)Security ResearcherMore than 10+vulnerabilities in macOS ApplicationsAdversary Emulation Penetrati

2、on Testing Windows and macOS InternalsExploit DevelopmentReverse EngineeringAgenda XPC Fundamentals CVE-2025-7779:Acronis True Image Western Digital CVE-2025-4960:Epson Web Installer CVE-2024-7062:Nimble Commander CVE-2024-7915:Sensei CleanerWhy this talk?Present some of the key mechanisms and contr

3、ols that define the macOS security model A surprising number of applications,even well-known ones,can still be found vulnerable in real-world environments Show how to leverage these techniques during penetration tests or security research to evade defenses and escalate privilegesXPCDe facto standard

4、 for Inter Process Communication in both Mac OS X and iOS Lightweight mechanism for basic interprocess communication integrated with Grand Central Dispatch(GCD)and launchdXPC offers components and privilege separationXPC is closely integrated with MachXPC constraints that all message data be encoded

5、 as dictionariesXPC Provides public APIs on two levels:The low-level:Direct exports of xpc_*functions from libxpc.dylibFoundation wrappers:Objective-C and Swift interfaces to the underlying low-level APIsXPCCVE-2025-7779Acronis True ImageFor Western DigitalLocal Privilege Escalation and TCC(FDA)Bypa

6、ss Transparency,Consent and Control(TCC)TCC controls access to privacy-sensitive locations.This control can occur in two ways:through user consent or by detecting user intentConsent:the application displays a prompt asking the user to authorize access to a protected resource or serviceTransparency,C