Intro Link to heading
CVE-2023-40424 is a vulnerability that allows a root-level user to create a new user with a custom Transparency Consent and Control (TCC) database in macOS, which can then be used to access other users’ private data.
First discovered back in 2022, the vulnerability was fixed by Apple in 2023 in macOS Sonoma’s initial release. But it was not fixed in earlier versions of macOS—one more reason users and admins should update their Mac computers to Sonoma.
Wojciech Regula and I delivered a talk about this vulnerability at BlackHat Asia 2024. Here are the details.
…
The full blog was published at my company’s (Kandji) website: https://blog.kandji.io/malware-bypass-tcc