Abusing & Securing XPC in macOS apps

Author: Wojciech Reguła
XPC is a well-known interprocess communication mechanism used on Apple devices. Abusing XPC led to many severe bugs, including those used in jailbreaks. While the XPC bugs in Apple’s components are harder and harder to exploit, did we look at non-Apple apps on macOS? As it turns out, vulnerable apps are everywhere – Anti Viruses, Messengers, Privacy tools, Firewalls, and more.

This presentation:

  • explains how XPC/NSXPC work,
  • presents you some of my findings in popular macOS apps (e.g. local privilege escalation to r00t),
  • abuses an interesting feature on Catalina allowing to inject an unsigned dylib,
  • shows you how to fix that vulnz finally!

Stay tuned!

  • Articles and free security guides
  • Reports
  • Presentations and news from conferences around the world
Providing personal data is voluntary. We will send the newsletter until the consent is withdrawn (You can withdraw your consent at any time). Your data will be processed for a period specified in the Privacy Policy available at the following URL.
The Data Controller is SecuRing SJ with the registered office at ul. Kalwaryjska 65/6, 30-504 Kraków. I have the right to withdraw my consent at any time (by sending an e-mail to the address info@SecuRing.pl or by phone: +48 (12) 425 25 75). I have the right to access, rectify, erase or limit the processing of my personal data, the right to object, the right to file a complaint with the supervisory authority and right to transfer data. The legal basis for the processing of personal data is Article 6 (1) (a) of the General Data Protection Regulation (GDPR).
The Data Controller uses various IT solutions that allow for more efficient communication and cooperates with entities supporting it in its business and IT processes (i.e. these companies are data recipients/processors). Data are not transferred outside the European Economic Area. These companies have signed appropriate contracts for entrustment of personal data processing.
Thank you for subscribing.
Something went wrong.
Please contact us by phone.