XPC or cross process communication is a way for OSX and iOS processes to communicate with one another and share information. One use for this is to elevate privileges using a daemon who listens as a XPC service. While Apple has released a coding guideline it is all to often ignored or incorrectly implemented in third-party applications. One striking example of this is the Privileged Helper Tool.
In this talk I am going to dive into what a Privileged Helper Tool is and why you should care about it. I will show the viewers how to locate these on an OSX computer and walk through the reverse engineering steps needed to identify if the service is vulnerable. We will then set up communications via Objective-C to deliver a privilege escalation attack. I will be showcasing twenty plus vulnerabilities in at least five products. All tooling and code will be released with the talk!
Hi I am Tyler and I work for the Cisco Talos vulnerability research team. I have been working on OSX research for the past three years and thoroughly enjoy all things operating systems related. I have released vulnerabilities in large amounts of software including a few large impact ones inside of iOS and OSX (CVE-2016-4631, CVE-2016-4637) as well as many others. Since then I have shifted my focus inside of the OSX kernel and brought some new ideas to an old attack surface. I have a passion for learning and make an effort to follow all the latest research inside of the OSX space. I would love to discuss more with you so if you see me around please stop to chat!