What happens on your Mac, stays on Apple’s iCloud?!

Author: Wojciech Reguła

“$ sudo ls ~/Desktop: Operation not permitted”. Apple’s Transparency, Consent, and Control (TCC) framework limits access to private information like documents, a camera, a microphone, emails, and more in order to preserve your privacy. Since authorisation is required to grant such access, the mechanism key design priority was clear user consent.

At Black Hat USA 2021, I co-presented considerable research on abusing the TCC mechanisms, however, this time, we won’t be directly exploiting the TCC. Given that iCloud has tons of macOS users’ secrets, why keep attacking the TCC? The default configuration makes Mac synchronize a lot of data. Don’t you have your iMessages/Photos/Calendars/Reminders/Notes accessible from iCloud? That’s good because you take care of your privacy… but most users don’t. 🙂

The brand-new research on abusing Apple’s iCloud to gain access to users’ sensitive data will be shared during the presentation. All that from a malicious applications’ perspective without any additional permissions.

Wojciech Reguła
Wojciech Reguła Principal IT Security Consultant
Head of Mobile Security