In this presentation, the speaker will disclose several macOS design-based vulnerabilities. Compared with code-level bugs, design-based vulnerabilities are often hard to fix in a single shot. A piece of vulnerable code might only be exploitable on macOS, but the same code can exist across Apple platforms (macOS, iOS, watchOS, etc.). That means Apple may need to refactor an entire framework to fully address the root cause, which is obviously time-consuming. In practice, they’re more likely to ship a temporary mitigation that blocks a specific exploit gadget, but as long as we can find a new exploitation path, we can reach the target again. This makes these attack surfaces highly valuable to real-world attackers: they don’t have to worry that “the vendor patched one of my findings, and now I need to find a new bug to chain with other 0-days.”
Independent security researcher. Focused on Apple, Android, IoT and Web3 security. Speaker at Black Hat USA 2024, KCon 2024, and Kanxue 2023.
