The Price of Compatibility - Defeating macOS Kernel Using Extended File Attributes

Explore a Black Hat conference talk that delves into exploiting macOS kernel vulnerabilities through extended file attributes in the FAT filesystem. Discover how compatibility features in macOS can lead to security flaws, allowing attackers to breach system boundaries. Learn about the surprising support for advanced features like symbolic links in the msdos FAT filesystem and how Apple's implementation of these features creates potential attack vectors. Gain insights into memory disclosure, kernel privilege escalation, and the impact on iOS. Examine the exploit process, including flash drive attacks and file system vulnerabilities. Understand the implications of these findings for macOS security and the challenges of maintaining compatibility while ensuring system integrity.

Intro
Who am I
Agenda
Finder
File
XML
Disk Utility
File System
xctr
AmpleFile
File Parsing
Code Audit
The Problem
Memory Disclosure
Location Kernel
Kernel Privilege Exclusion
What can ob slam do
Ob slam side effects
Perfect UAF
Slapback Operation
Exploit Strategy
Key erqc
Impact on iOS
The vulnerability
Exploit process
Flash drive attack
File C vulnerability
Outro