{"guid":"b40aa68e-fb82-59ab-9057-ca72d97b0e7c","title":"My journey to find vulnerabilities in macOS","subtitle":null,"slug":"mch2022-291-my-journey-to-find-vulnerabilities-in-macos","link":"https://program.mch2022.org/mch2022/talk/973QGG/","description":"My journey to find vulnerabilities in macOS. During 2020 and 2021 I found two major vulnerabilities from macOS. In this presentation I walk you through the whole exploit chain to compromise users' sensitive data with one click. I will also explain my methodology to find logic bugs.\n\nMy journey to find vulnerabilities in macOS. During 2020 and 2021 I found two major vulnerabilities from macOS. In this presentation I walk you through the whole exploit chain to compromise users' sensitive data with one click.\n\nI will walk you through how I solved the following steps:\n- Fundamentals how I find vulnerabilities\n- Basics about the \"extra\" security protections in macOS\n- How to get payload delivered with one click\n- Code execution with arbitrary mount\n- Gatekeepper evasion\n- TCC protection evasion\n- SIP -protection evasion\n- Timeline\n- How Apple will credit the researches","original_language":"eng","persons":["Turmio / Mikko Kenttälä"],"tags":["mch2022","291","2022","MCH2022 Curated content"],"view_count":269,"promoted":false,"date":"2022-07-24T15:00:00.000+02:00","release_date":"2022-07-25T00:00:00.000+02:00","updated_at":"2026-03-26T14:15:05.523+01:00","length":2379,"duration":2379,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/291-b40aa68e-fb82-59ab-9057-ca72d97b0e7c.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/291-b40aa68e-fb82-59ab-9057-ca72d97b0e7c_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/291-b40aa68e-fb82-59ab-9057-ca72d97b0e7c.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/291-b40aa68e-fb82-59ab-9057-ca72d97b0e7c.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-291-my-journey-to-find-vulnerabilities-in-macos","url":"https://api.media.ccc.de/public/events/b40aa68e-fb82-59ab-9057-ca72d97b0e7c","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[],"recordings":[{"size":222,"length":2379,"mime_type":"video/webm","language":"eng","filename":"mch2022-291-eng-My_journey_to_find_vulnerabilities_in_macOS_webm-hd.webm","state":"new","folder":"webm-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2022-07-25T14:33:11.284+02:00","recording_url":"https://cdn.media.ccc.de/events/MCH2022/webm-hd/mch2022-291-eng-My_journey_to_find_vulnerabilities_in_macOS_webm-hd.webm","url":"https://api.media.ccc.de/public/recordings/60397","event_url":"https://api.media.ccc.de/public/events/b40aa68e-fb82-59ab-9057-ca72d97b0e7c","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022"},{"size":98,"length":2379,"mime_type":"video/webm","language":"eng","filename":"mch2022-291-eng-My_journey_to_find_vulnerabilities_in_macOS_webm-sd.webm","state":"new","folder":"webm-sd","high_quality":false,"width":720,"height":576,"updated_at":"2022-07-25T13:20:18.449+02:00","recording_url":"https://cdn.media.ccc.de/events/MCH2022/webm-sd/mch2022-291-eng-My_journey_to_find_vulnerabilities_in_macOS_webm-sd.webm","url":"https://api.media.ccc.de/public/recordings/60388","event_url":"https://api.media.ccc.de/public/events/b40aa68e-fb82-59ab-9057-ca72d97b0e7c","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022"},{"size":85,"length":2379,"mime_type":"video/mp4","language":"eng","filename":"mch2022-291-eng-My_journey_to_find_vulnerabilities_in_macOS_sd.mp4","state":"new","folder":"h264-sd","high_quality":false,"width":720,"height":576,"updated_at":"2022-07-25T13:17:06.125+02:00","recording_url":"https://cdn.media.ccc.de/events/MCH2022/h264-sd/mch2022-291-eng-My_journey_to_find_vulnerabilities_in_macOS_sd.mp4","url":"https://api.media.ccc.de/public/recordings/60387","event_url":"https://api.media.ccc.de/public/events/b40aa68e-fb82-59ab-9057-ca72d97b0e7c","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022"},{"size":26,"length":2379,"mime_type":"audio/opus","language":"eng","filename":"mch2022-291-eng-My_journey_to_find_vulnerabilities_in_macOS_opus.opus","state":"new","folder":"opus","high_quality":false,"width":0,"height":0,"updated_at":"2022-07-25T13:16:03.842+02:00","recording_url":"https://cdn.media.ccc.de/events/MCH2022/opus/mch2022-291-eng-My_journey_to_find_vulnerabilities_in_macOS_opus.opus","url":"https://api.media.ccc.de/public/recordings/60386","event_url":"https://api.media.ccc.de/public/events/b40aa68e-fb82-59ab-9057-ca72d97b0e7c","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022"},{"size":36,"length":2379,"mime_type":"audio/mpeg","language":"eng","filename":"mch2022-291-eng-My_journey_to_find_vulnerabilities_in_macOS_mp3.mp3","state":"new","folder":"mp3","high_quality":false,"width":0,"height":0,"updated_at":"2022-07-25T13:13:04.224+02:00","recording_url":"https://cdn.media.ccc.de/events/MCH2022/mp3/mch2022-291-eng-My_journey_to_find_vulnerabilities_in_macOS_mp3.mp3","url":"https://api.media.ccc.de/public/recordings/60383","event_url":"https://api.media.ccc.de/public/events/b40aa68e-fb82-59ab-9057-ca72d97b0e7c","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022"},{"size":258,"length":2379,"mime_type":"video/mp4","language":"eng","filename":"mch2022-291-eng-My_journey_to_find_vulnerabilities_in_macOS_hd.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2022-07-25T11:21:15.923+02:00","recording_url":"https://cdn.media.ccc.de/events/MCH2022/h264-hd/mch2022-291-eng-My_journey_to_find_vulnerabilities_in_macOS_hd.mp4","url":"https://api.media.ccc.de/public/recordings/60356","event_url":"https://api.media.ccc.de/public/events/b40aa68e-fb82-59ab-9057-ca72d97b0e7c","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022"}]}