All your Macs are belong to us: The story of CVE-2021-30657

Learn more about the CVE-2021-30657 vulnerability.

A recent vulnerability, CVE-2021-30657, neatly bypassed a myriad of foundational macOS security features such as File Quarantine, Gatekeeper, and Notarization. Armed with this capability attackers could (and were!) hacking macOS systems with a simple user (double)-click. Yikes!
In this joint presentation, we’ll first highlight the discovery of the flaw and how it could be deployed to unsuspecting Mac users. Following this, we’ll dig deep into the bowels of macOS to uncover the root cause of the bug: a subtle logic flaw in the complex and undocumented policy subsystem. Next, we’ll highlight the discovery of malware exploiting this bug in the wild, as a 0day. To wrap up, we’ll peek at Apple’s patch, as well as discuss novel methods of both detection and prevention.