Detecting Race Conditions on macOS
Olivia Gallucci
BSidesSF 2026 · Day 1 · AMC Theatre 07
In her BSides SF talk, Olivia Gallucci of Data Dog delved into the critical topic of detecting race conditions on macOS, with a particular focus on how the misuse of **Grand Central Dispatch (GCD)** can lead to severe vulnerabilities in privileged system services. The presentation meticulously breaks down the intricacies of concurrency on Apple's operating system, highlighting how subtle misconfigurations in dispatch queues and Quality of Service (QoS) classes can create exploitable timing windows. This talk is essential for security researchers, macOS developers, and detection engineers seeking to understand and mitigate a class of bugs that, while often perceived as mere reliability issues, can become potent vectors for privilege escalation and arbitrary code execution in sensitive contexts.
AI review
A competent, well-structured survey of GCD concurrency pitfalls and their security implications, anchored by a real CVE. Solid educational content for a BSides audience, but it reads more as a curated synthesis than original research — the CVE is from 2018 and belongs to someone else, and the detection heuristics, while sensible, aren't novel.