MacOS Security threats.
2019-05-16, 16:00–16:40, Main Hall

Small talk about latest MacOS malware. Security patches and they issues. Examples both with well known malware samples, and with samples from own experience. This speech is like a brunch about how your Mac becomes exploited, with real cases of malware, known vulnerabilities and self-made PoC.


Agenda:
Mojave security updates.
Updates released by Apple with MacOS Mojave (10.14).
Bypassing of Safari trusted source installation.
Gatekeeper
Code-signing flaws
Bypassing gatekeeper protection.
App Store
Sandboxing
Malware Cases
Safari Extensions
Common malicious extension techniques.
CVE’s
Issues in source code of MacOS (Available on apple website)
Historical CVE's for MacOS