 Yeah, hello DevCon. We have only 20 minutes, so let's get started. My today's talk is Electronizing Mac OS privacy a new weapon in your red teaming Amory My name is Vojtek Regua, and I'm a head of mobile security at Securing Where I'm mostly focused on Mac OS and iOS application security in my free time I run a blog VojtekRegua.blog, which is of course about Apple security And somebody of you may also know me from iOS security suite that I'm a creator of it's a free and open source Swift library that helps developers make sure that their applications on I run on secure iPhones And recently I'm also engaged in the Mac OS environment security assessments So the plan for today's talk is that at first I'm gonna introduce you to TCC and privacy Fundamentals on Mac OS that will be a really quick introduction and Then we're gonna start talking about two problems. The first problem is with electron applications then the problem with TCC in general and as a Conclusion of those two problems. I'm gonna show you my new tool That's Electronizer and it will be released shortly after after my talk. So Watch my Twitter and and LinkedIn and at the end because I'm releasing a new tool that helps red teaming Exploitation I will also Say something about detections Yeah, so let's start from the TCC and privacy fundamentals Yesterday you could hear about sip and From from from JBO and and to other friends from from Microsoft But let me quickly introduce you to a system integrity protection for the for those who are not familiar System integrity protection is a mechanism that is turned on on every Mac OS by default And on Mac OS even if you have root permissions, you are not a gut You cannot do everything you want with with your machine Because of the system integrity protection that will prevent you from modifying some Crucial operating system parts for example Even if you are root you cannot Debug Apple sign processes or process with hard and runtime or for example You cannot Modify some files some some directories that are part of of Mac OS And when the system protection is turned on the TCC comes into play the privacy framework that I'm About to the about to talk about so when you open for example a terminal or any other application and you'll try to List address book or documents or desktop or get access to any other privacy sensitive resource on Mac OS You will see a prompt in this example on on the slide you can see that terminal I will terminal would like to access your contacts and Apple wanted to make sure that even if you are a root user you cannot skip this prompt if Somehow you are able to skip this prompt. It means that you just found a TCC bypass so even if you are able to perform synthetic clicks and your synthetic mouse clicks on the Okay button nothing will happen Apple wanted to make sure that physical user clicks on the okay button and then the TCC permission is granted You can find the TCC permissions in settings and privacy at security tab and as you can see there are many many Resources that are now protected by the TCC and TCC is really granular So if you go for example to to automation you can see that TCC is that granular that even you can specify which application could control which other application and Yeah, every major Mac OS version introduces new TCC protections new resources that are considered as privacy sensitive. So this is certain huge development From our hackers perspective that TCC Stores the the permissions and SQLite free databases And there is one global TCC database in library application support come up with this directory And per each created Mac as user there will be a separate database because for example one Mac can be used by for example two people and one has a broad two of them have for example Google Chrome and The first one wants to give Chrome Access to your camera, but the second user doesn't so you know to solve this problem for each user There will be a separate TCC database and of course those databases are protected by SIP So even if you are rude, you cannot modify directly those databases without a special permission a special day The global one cannot be modified And as I said TCC databases are SQLite free So you can open SQLite tool and do a select and as you can see we have foreign columns the first one have Permission name the second one client has Bundle identifiers and sometimes in this column you can find a full path to the applications that have permissions granted How value of course and CS rec and CS rec stands for a code signing requirement and you might ask why are there? Question marks and the question marks are there because the code signing requirements are binary blobs So, you know you cannot treat them with with just a simple select, but we will decode them later All right now. Let's start talking about Electron and the problems with electron As you probably know a lot of applications now are our electron based So for example Slack, Twitch, Visual Studio Code, Discord, Notion, Teams, Wordpress or GitHub But there are many many more so you probably if you have Mac and you download desktop Applications you probably will have at least one electron up installed and just to introduce you how electron technology works It can't be considered as an Embedded web browser with Website that runs in the context of that web browser So as any other Website, a website needs to have an HTML files CSS files and JavaScript files the problem starts When the JavaScript files have a bridge to your system API And election apps needs that bridge because as they are applications they may be sometimes want to move a file or save a file or Write write something to a playlist or to a user defaults or something. So yeah, they actually need that OS API bridge and as you may also Notice in the past there are a lot of vulnerabilities that led to remote code execution And the usually it was about Executing a simple XSS right cross-site scripting vulnerability But we are not talking about web security on this talk. We are talking about Mac OS security So let me introduce you to another problem with electron applications and the problem is that on Mac OS popular election applications require also granting them to see permissions for example install Microsoft Teams and they will instantly Ask you for your camera access for your microphone access or a screen sharing access those all, you know asks are about TCC permissions And in back in 2019. I made a blog post abusing electron apps to bypass Mac OS security controls where I showed that election applications may be abused and And a malicious application may take over the TCC permissions that have been already granted by users So I showed in the blog post that If you have a simple vulnerable electron application Which as you can see on the screen on the screenshot has access to my camera because that's me and Save something to the to the Mac OS keychain So it's a simple electron application with with with this bridge To system API is because we have camera access and keychain access. I Prove that if you do echo with whatever you want and override the base HTML file It will of course break the signature of the whole application because we modified one of its files But what happens if you run this? broken signature application Nothing happens as you can see the code has been has it has been injected but you can see my arm which means that the camera is still on and You can see that the keychain 3 is still reachable from that application And why is that the problem here lies with Mac OS which verifies only which verified only the signature of the main executable and as we are not modifying the main executable because we modified HTML file everything is fine and With that trick you could for example execute any JavaScript code within the electron apps context now you could load a dynamic library or you can spawn a calculator, right? but It's the past Mac OS Ventura fixed this technique. So now if you open terminal unprivileged terminal You go to applications and you'll try to for example modify any file within the Electron apps context or with an electron apps directory You will see that the operation was not permitted and there will be Notification that terminal was prevented from modifying apps on your Mac and that's good That's that's Apple's fix for the general problem of modifying app resources now when you Open an application for the first time its directory is being locked So only the application signed with the same developer ID is able to modify itself That's reasonable because for example applications need somehow to update themselves. So that's that's reasonable So I wanted to Develop something new to get code execution within an electron applications, but now let's talk about TCC permissions inheritance So TCC permissions inheritance is really really complicated and led to many vulnerabilities in the past and Please make a notice that This slide may not be always accurate because Apple is still changing the implementation of TCC inheritance. So yeah, that may change and General speaking which not always may be true But general speaking when an application have when an application has private TCC entitlements That the children that are spawned by these applications Will not have that TCC permissions inherited but when you download an application from the internet and You grant that downloaded for for the download application at TCC permission It asked for it asked for for your permission that TCC permissions will be granted to its children Fortunately for us for us hackers, of course Electron apps are the second case, right? So those are downloaded from the internet or from the App Store and You grant the TCC permissions. So Every every children spawned is found by electron application will have its permissions inherited So if there was only a technique that doesn't break the MacOS Ventura app protection mechanism We could get the takeover of the TCC permissions and That's when I introduced my my new tool called Electronizer and Electronizer abuses the fact that electron apps are as I said at the beginning native browsers with embedded websites and Every browser has a developer tools, right? You you click control I and you can execute JavaScript within the context of the of the web page The same thing is with Electron. You can spawn them with Inspect flag and under the hood the the electron applications will open a web socket to which you can connect and Execute JavaScript code within the context of those electron apps and as I said All the children spawned by those applications will inherit our TCC permissions and Electronizer connects to this spawns those applications with inspect flag connects via web socket and spawns You know our malicious payloads So let's take a look on visual studio code Which usually has access to your desktop document download because it's a you know code editor So it needs to have such access Let's see the demo. So we open Electronizer with Inject parameter. We want to inject to visual studio code with predefined script Bind shell so visual studio code under the hood will spawn a bashe shell and we can access the web The shell via NC, but let's first verify that we cannot indeed access the desktop files As you can see the operation has not been permitted But now let's use the shell that we've just found It's in the context of the visual studio code visual studio codes pound that shell. So that's the children of visual studio code That's a child for visual studio code. Now. Let's use TCC checker swift Which is a cool red teaming tool created by Cedric Owens which enumerate directories to which we have already access to without raising any TCC prompt So it's still and now let's cut the secret txt and it succeeded which means that we have been able to Successfully take over visual studio codes permissions now let's Do the same thing but with Microsoft Teams, but now we are not going to get access to files But to your camera So we use the predefined script take selfie and as you can see TMP selfie dot jpeg has been created and let's now open the the file That's me, which means that we have taken over Microsoft Teams camera access But what if the electron application disabled inspect flag You may ask Why those vulnerabilities I presented are are zero days and are not zero days in the very same time because Because there is no such option for now to fix them even if you disable inspect flag and let's like take slack for example if you open NPX tool and read app Applications like you will see that the flag enable no CLI inspect arguments are disabled. So it means that Electron application, I'm sorry a slack application will not respect the inspect flag There is another problem, but with the TCC Do you remember the question marks? I told you about if you use the following code You can decode those code signing requirements the human readable version and The human readable version Defines the code signing requirement as of course said and as you can see This code signing requirement defines only The information about the certificate that was used to Sign slack right There is no information about the slug version So you can use a typical downgrade attack Do to abuse the TCC? So let's inject electroneyser to an older version of slack So we have one slack the newest version already installed But but we as a red teamers with the we're gonna deliver an old version of the slack and from the Maca's perspective That will be the same slack so electroneyser inject Volumes because it's mounted slack and Predefined script screenshot Give it a while And as you can see in TMP screenshot, we'll have our screen shot Yeah, so as you can see the screen shot has me open Yeah, so regarding the detections As now on MacaS we have endpoint security framework The easiest way to detect such such a technique is to filter for ES even type notify exec because in the Context parameter you will have all the flags passed to two applications that are in spawn So if you detect there is an inspect flag used to to spawn an election application you may you know You may expect that something bad happened So summing everything up. I showed you that The TCC permissions inheritance is possible to children spawned is found by election applications And even if we have a Maca's Ventura or any other modern Maca's version that already has the up protection mechanism we can still abuse electron applications to take over the permissions and even if you Find an electron application with TCC permissions granted and you want to abuse them But the inspect flag is is disabled you can still as a red teamer Download under the hood and older version of the version application with the inspect flag respectable and still Take over the TCC permissions. So that's it for now. Thank you very much