My journey to find vulnerabilities in macOS (MCH2022)

My journey to find vulnerabilities in macOS. During 2020 and 2021 I found two major vulnerabilities from macOS. In this presentation I walk you through the whole exploit chain to compromise users' sensitive data with one click. I will also explain my methodology to find logic bugs. My journey to find vulnerabilities in macOS. During 2020 and 2021 I found two major vulnerabilities from macOS. In this presentation I walk you through the whole exploit chain to compromise users' sensitive data with one click. I will walk you through how I solved the following steps: - Fundamentals how I find vulnerabilities - Basics about the "extra" security protections in macOS - How to get payload delivered with one click - Code execution with arbitrary mount - Gatekeepper evasion - TCC protection evasion - SIP -protection evasion - Timeline - How Apple will credit the researches about this event: https://program.mch2022.org/mch2022/talk/973QGG/