librarian (CVE-2023-38571) - a macOS TCC bypass in Music and TV

Posted on 2023-09-27 in blog • Tagged with macOS, ASB, tcc bypass, 0day

This post is a writeup of CVE-2023-38571, a macOS TCC bypass bug I found. It was supposed to be unveiled in my upcoming talk:

"Unexpected, Unreasonable, Unfixable: Filesystem Attacks on macOS" at OBTS v6,

but I needed to cut some bugs out. This is another one of them.

Background

While …


Continue reading

unnamed sandbox escape (CVE-2023-32364) - a macOS sandbox escape by mounting

Posted on 2023-09-26 in blog • Tagged with macOS, ASB, sbx, 0day

This post is a writeup of CVE-2023-32364, a macOS application sandbox escape bug I found. It was supposed to be unveiled in my upcoming talk:

"Unexpected, Unreasonable, Unfixable: Filesystem Attacks on macOS" at OBTS v6,

but I needed to cut some bugs out. This is one of them.

macOS Sandboxing …


Continue reading