thank you for joining us!

One-Click to Completely Takeover a MacOS Device


August 25, 2022




Main Track

Since Apple released its own powerful M-series chips, Mac products have become more and more popular for ordinary users, and hence more and more attractive for hackers. Both zero-click and one-click attacking are eligible for a generous bug bounty.

However, it is not easy to do that. Because there are many significant security features to protect your Mac from attacking, such as GateKeeper, System Integrity Protection (aka SIP), TCC (Transparency, Consent, and Control), and so on.

In this talk, I will share a chain of vulnerabilities (CVE-2022-22616, CVE-2022-22639, CVE-2022-22617, and more …) to bypass all above security features and make the one-click exploit chain successfully work on both Apple Silicon and Intel Mac devices. I will talk about how I found these vulnerabilities, the root cause, and how I exploited them. Of course there will be an awesome demo for the whole exploit chain: from one-click to complete take over.


Threat Researcher

Trend Micro

Mickey Jin (@patch1t) works for Trend Micro as a threat researcher with strong interests on malware analysis, threat campaign research and vulnerability research. He has quite a lot of public reports for threat campaigns and vulnerabilities published in Trend Micro Research site. He previously discovered the 0 days used by Mac Malware XCSSET and has been publicly credited for 80+ CVEs for his research on macOS/iOS and other platforms.

Other Talks in This Track