»MacOS Security threats.«
2019-05-16, 16:10–16:50, Main Hall

Small talk about latest MacOS malware. Security patches and they issues. Examples both with well known malware samples, and with samples from own experience. This speech is like a brunch about how your Mac becomes exploited, with real cases of malware, known vulnerabilities and self-made PoC.

Agenda: Mojave security updates. Updates released by Apple with MacOS Mojave (10.14). Bypassing of Safari trusted source installation. Gatekeeper Code-signing flaws Bypassing gatekeeper protection. App Store Sandboxing Malware Cases Safari Extensions Common malicious extension techniques. CVE’s Issues in source code of MacOS (Available on apple website) Historical CVE's for MacOS