XPC Exploitation series Learn XPC exploitation - Part 1: Broken cryptography Learn XPC exploitation - Part 2: Say no to the PID! Learn XPC exploitation - Part 3: Code injections Intro The last technique I showed in my presentation during Objective by the Sea v3 conference was abusing privileged XPC services using different code injections. In many apps I exploited, I observed that developers are aware that privileged XPC services have to verify incoming connections.| wojciechregula.blog
XPC Exploitation series Learn XPC exploitation - Part 1: Broken cryptography Learn XPC exploitation - Part 2: Say no to the PID! Learn XPC exploitation - Part 3: Code injections After my talk on Objective by the Sea v3 I received a lot of questions regarding XPC exploitation. I think summing it up in a blog post series is a good idea, so here you have the first one! A post covering how to secure XPC services is planned in the nearest future.| wojciechregula.blog