Broken Isolation – Draining your credentials from popular macos password manager

In theory, theory and practice are the same. In theory, all modern macOS applications must be isolated what is enforced by notarization and sandboxing. In practice these enforcements are usually ineffective. This talk starts by explaining basic isolation assumptions and quickly shifts to exploitation. I have selected a few the most popular macOS password managers written in different technologies to prove how a low-privileged malware can abuse various tricks and 0,n-day vulnerabilities to drain your credentials. During this talk you will: - learn how macOS hardened runtime, sandboxing, and TCC app management privilege work - see 0,n-day vulnerabilities and architectonical problems I have found in popular macOS password managers - understand why software distributed via websites is sometimes more secure than from the Apple Mac App Store - see my exploits and a lot of demos After the talk, the audience should be able to explain macOS isolation mechanisms (in)security, check their password managers for presented vulnerabilities, and effectively support their macOS blue/red teams.