In this presentation I will tell my story how I found a zero-click vulnerability in macOS Calendar, which allows an attacker to add or delete arbitrary files inside the Calendar sandbox environment.This will directly lead to arbitrary code execution. I will demonstrate how this can be combined with Gatekeeper evasion and TCC evasion with Photos to compromise user sensitive Photos iCloud data.
First part of the vulnerability chain was covered on my presentation at Disobey 2023. Now with macOS Sonoma, all the chained vulnerabilities are fixed and I can finally share all the details.
Mikko Kenttälä (Turmio)
Since I remember, I have hacked, built and broken stuff, and that landed me a career in cybersecurity over 10 years ago. I have done technical security audits, hunted bug bounties, and now also built security products as CEO of SensorFu. Hacking still makes me happy, I enjoy blue and red teaming in exercises, and I am interested in defending electronic freedoms and privacy in our digital society.