09-13, 09:50–10:35 (Europe/Stockholm), Main hall
In theory, theory and practice are the same. In theory, all modern macOS applications must be isolated what is enforced by notarization and sandboxing. In practice these enforcements are usually ineffective. This talk starts by explaining basic isolation assumptions and quickly shifts to exploitation. I have selected a few the most popular macOS password managers written in different technologies to prove how a low-privileged malware can abuse various tricks and 0,n-day vulnerabilities to drain your credentials.
During this talk you will:
- learn how macOS hardened runtime, sandboxing, and TCC app management privilege work
- see 0,n-day vulnerabilities and architectonical problems I have found in popular macOS password managers
- understand why software distributed via websites is sometimes more secure than from the Apple Mac App Store
- see my exploits and a lot of demos
After the talk, the audience should be able to explain macOS isolation mechanisms (in)security, check their password managers for presented vulnerabilities, and effectively support their macOS blue/red teams.
Wojciech Regula is a Principal IT Security Specialist working at SecuRing. He specializes in application security on Apple devices. He has created the iOS Security Suite - an open-source anti-tampering framework. Bugcrowd MVP, has found vulnerabilities in Apple, Facebook, Malwarebytes, Slack, Atlassian, and others. In his free time, he runs an infosec blog - https://wojciechregula.blog. He has shared his research at, among others, Typhoon, Black Hat US & EU, DEF CON, Objective by the Sea.