Since Apple released its own powerful M-series chips, Mac products have become more and more popular for ordinary users, and hence more and more attractive for hackers. Both zero-click and one-click attacking are eligible for a generous bug bounty.
However, it is not easy to do that. Because there are many significant security features to protect your Mac from attacking, such as GateKeeper, System Integrity Protection (aka SIP), TCC (Transparency, Consent, and Control), and so on.
In this talk, I will share a chain of vulnerabilities (CVE-2022-22616, CVE-2022-22639, CVE-2022-22617, and more …) to bypass all above security features and make the one-click exploit chain successfully work on both Apple Silicon and Intel Mac devices. I will talk about how I found these vulnerabilities, the root cause, and how I exploited them. Of course there will be an awesome demo for the whole exploit chain: from one-click to complete take over.