Bundles of Joy - Breaking macOS via Subverted Applications Bundles

Explore a critical macOS vulnerability (CVE-2021-30657) that bypassed key security features like File Quarantine, Gatekeeper, and Notarization in this 40-minute conference talk from Ekoparty 2021. Dive deep into the macOS policy subsystem to uncover the root cause of the bug, examine malware exploiting it as a zero-day, and learn about Apple's patch. Discover novel detection and prevention methods for this vulnerability that allowed attackers to compromise macOS systems with a simple user double-click. Gain insights from security expert Patrick Wardle, founder of Objective-See, as he shares his expertise on macOS security and malware analysis.

Bundles of Joy: Breaking macOS via Subverted Applications Bundles ▪ Patrick Wardle ▪ Ekoparty 2021