RSS

Design-Based Vulnerabilities on macOS: Oops, Not a One-Shot Fix

speckx1 pts0 comments

Design-Based Vulnerabilities on macOS: Oops, Not a One-Shot Fix | Zhongquan Li’s blogs

Preface

0. macOS Userland : Based on Old Apple Bug Bounty<br>0.1 Userland Root LPE

0.2 General / Full TCC Bypass

0.3 SIP : System Integrity Protection

1. Remote Full TCC Bypass And Persistence<br>1.1 Threat model

1.2 package_script_service

1.3 Data Vault

1.4 Persistence

1.5 Easter Eggs in My Black Hat USA 2024 Presentation

1.6 How Apple Verifies / Protects the Integrity of An App

1.7 Exploit Steps<br>1.7.1 Trigger the Signature Verification Silently?

1.7.2 New in macOS 14.0 : gktool

1.7.3 Bypass AppBundle TCC and Inject Payload

1.7.4 DirtyNIB

1.7.5 My own implementation of DirtyNIB

1.8 Exploit

1.9 Some Tricks to Hide the App Icon at Launch

1.10 Say Goodbye to AppleEvent TCC

1.11 Bad Outcome: Addressed silently

1.12 Design-Based Vulnerabilities: Easy Fix Part and Hard Fix Part

2. Non-Atomic Operation Security Protection on macOS<br>2.1 GuluBadAtomic: OE19245085643318

2.2 XIP<br>2.2.1 GuluBadAtomic2 : CVE-2024-40823

2.2.2 GuluBadXIP : CVE-2024-44216

2.2.2.1 Patch

2.2.2.2 Bug bounty? Have a guess

2.3 Core Strategy of Non-Atomic Protection<br>2.3.1 GuluBadXip2 : OE1102040964834

2.3.2 GuluBadAtomic4 : CVE-2025-43260

2.3.2.1 Fsid and Inode Number

2.3.2.2 Patch

2.3.3 GuluBadAppBundle7 : CVE-2025-43404

2.3.4 GuluBadAppBundle8 : CVE-2025-43406

3. Easter Egg Time : MACL<br>3.1 GuluBadMacl : CVE-2024-44125

3.2 Patch : GuluBadPatch

3.3 Patch

3.4 A Simple Summary

3.5 Debate of Design-based Vulnerability: Apple’s side

3.6 Debate of Design-based Vulnerability: My View

4. New Era of Apple Security Bug Bounty Program<br>4.1 My Thoughts on Apple’s Security Bug Bounty Program

4.2 Why do I say that? GuluJack

4.3 Lower the Bounty of macOS Only Local Bugs

5 The End

Preface

This presentation was first presented at OffensiveCon2026 .

Download the PDF here: https://github.com/guluisacat/MySlides/tree/main/OffensiveCon2026

3 years ago, in 2023, I was an Android security researcher and my proposal Dive into Android Trusted Application Bug hunting and fuzzing was selected by offensiveCon, but I coudn’t come here so I had to cancel that presentation.

Today I will share a new proposal in macOS security as a macOS security researcher, and I’m glad that I had a fun experience in macOS security.

The vulnerabilities disclosed in this talk is my research during 2024-2025. I disclose them today because most of them are design-based vulnerabilities, Apple often spends more time on pathcing, sometimes 1 year or 2 years. Till today, still have some unpatched vulnerabilities, the longest one is more than two and a half years. This is years, not months or weeks.

Honestly I wanna dislocse some of them earlier but I found it was very hard. Because many design-based vulnerabilities are chaining to other attack surfaces or unpatched vulnerabilities. I had to wait for the patch of the relevant vulnerabilities.

And when I was preparing the offensiveCon presentation, I found this is a long time so that even I found the vulnerability, I may still almost forget some of these details.

A feature of design-based vulnerability is how we find them rather than how we exploit them. If I just share the attack surface to you, you guys will find how to exploit very quickly but if I don’t disclose, they will be just there.

And if we wanna exploit a UAF vulnerability to extract the raw fingerprint images in Android TEE, we need to solve the debug or simulation environment first. But if it’s just a design-based vulnerability, we find, we success.

The most funny part of this process is: we will try to chain two or more unrelated security protections or features to bypass one security protection.

And in this talk, I will share some useful tricks and some security mechanisms that can be abused as stepping stones

0. macOS Userland : Based on Old Apple Bug Bounty

0.1 Userland Root LPE

macOS is different from Linux.

On Linux, even we have have the userland root access, we are the god. But on macOS, it’s not.

Sometimes even we have the userland root access, we still can’t do any meaningful things, E.G.: access the private files of any 3rd sandxboed apps, like WeChat and Whatsapp.

0.2 General / Full TCC Bypass

TCC is the core permission on macOS. If we have it, we can access the user sensitive files, access the camera, microphone and other things.

Based on the old bug bounty, we can see that : Apple was cared about the General TCC Bypass more than userland root LPE, the bug bounty was doubled.

I think maybe this is the main reason why PWN2OWN doesn’t accept the macOS userland Root LPE because in most of time, we can’t exploit it independently, more likely chain it with other vulnerabilities to gain SIP bypass or general TCC bypass or abuse the root access as a stepping stone to attack the kernel.

0.3 SIP : System Integrity Protection

It’s the core foundation of security protection on macOS.

It Prevents modification of system files so we can’t gain...

macos based security vulnerabilities design userland

Related Articles

Amazon, Facebook, FBI have access to a private intelligence-sharing network

root-parent18 ptsseattle prism shield network private intelligence

SpaceX not the behemoth everyone thought

kaycebasques13 pts_blockquote instagram data vars text media

Elevated error rates on requests to multiple models

recroad9 ptsclaude incident islands rates elevated error

Donald Trump and sons to be 'forever' exempt from tax audits

doener9 ptsdigital access newsletters premium financial times

PopuLoRA: Co-Evolving LLM Populations for Reasoning Self- Play

AMavorParker8 ptstasks model training self populora play
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.