Who Cares Where Waldo Is. Locating macOS Users Without Their Consent
Black Hat Asia 2025 · Day 1 · Briefings
This talk, presented by Vochua (Vojciech Regula) at Black Hat Asia, delves into the intricate and often overlooked security landscape of **macOS location services**. Building upon his extensive prior research on bypassing Apple's Transparency, Consent, and Control (**TCC**) framework, Vochua isolates and scrutinizes the distinct mechanisms governing location permissions. The core thesis is that, despite Apple's robust privacy efforts, fundamental architectural flaws within the location services daemon (`locationd`) and its interaction with code signing requirements can be exploited to gain unauthorized access to a user's precise location.
AI review
Vochua's talk on macOS location services is a sharp, no-nonsense dissection of a critical yet often misunderstood privacy component. By meticulously isolating `locationd` from TCC, he exposes fundamental architectural flaws, particularly the omission of versioning in code signing requirements that enables persistent downgrade attacks. This isn't just a list of CVEs; it's a deep dive into how Apple's privacy model can be subtly undermined, offering invaluable insights for anyone serious about macOS security, from red teams leveraging browser instrumentation to blue teams hardening their…