The presentation at POC2024 discusses macOS sandbox vulnerabilities and how attackers can escape the sandbox to gain broader access. By reviewing existing issues, the author uncovered overlooked attack surfaces and a novel attack technique, leading to the discovery of multiple new sandbox escape vulnerabilities. Different types of sandboxes, such as the App Sandbox and Service Sandbox, are explained in detail. The author highlights a unique attack method involving XPC services in the PID domain, providing examples of vulnerabilities like CVE-2023-27944. Several new vulnerabilities and their exploits are discussed, including beta-only vulnerabilities in macOS Sonoma Beta. Apple’s swift response to patching these vulnerabilities is also noted.
https://jhftss.github.io/A-New-Era-of-macOS-Sandbox-Escapes/