Broken isolation – draining your credentials from popular macOS password managers
Broken isolation – draining your credentials from popular macOS password managers
Author: Wojciech Reguła, iOS/macOS app security researcher (+70 CVE in Apple)
In theory, all modern macOS applications should be isolated—enforced by notarization and sandboxing. In practice, these protections are often ineffective.
In this talk, Wojciech begins by outlining the basic assumptions behind macOS isolation and quickly transitions into exploitation. He has analyzed several of the most popular macOS password managers, each built with different technologies, to demonstrate how low-privileged malware can exploit architectural flaws, n-day vulnerabilities, and even 0-days to extract credentials.
During this session, Wojciech will:
- Explain how macOS hardened runtime, sandboxing, and TCC app management privileges work.
- Showcase 0-day and n-day vulnerabilities, along with architectural issues found in popular macOS password managers.
- Discuss why software distributed via websites can sometimes be more secure than apps from the Mac App Store.
- Present his exploits through live demos.
Wojciech Reguła is a Principal IT Security Specialist at SecuRing, specializing in application security for Apple platforms. He is the creator of the iOS Security Suite, an open-source anti-tampering framework. A Bugcrowd MVP, Wojciech has discovered vulnerabilities in Apple, Facebook, Slack, Atlassian, Malwarebytes, and more.
He shares his research on his infosec blog and has spoken at leading security conferences including Typhoon, Black Hat US & EU, DEF CON, Objective by the Sea, NULLCON, and CONFidence.
Presented at: No Hat 2024
Head of Mobile Security
