Finding Vulnerabilities in Apple packages at Scale
Csaba Fitzl
Security Fest 2025 · Day 1 · Main Stage
This talk by Csaba Fitzl, a Principal macOS Security Researcher at Jamf, delves into the intricate world of macOS security, specifically focusing on the vulnerabilities found within Apple-signed software packages. Fitzl, a veteran bug hunter with close to 100 CVEs reported to Apple, presented a systematic approach to identifying and exploiting weaknesses in the **`systeminstalld`** daemon, which is responsible for installing these critical packages. The research highlights that despite macOS's robust security model, older, signed packages distributed through Apple's software update catalog can harbor "forever day" vulnerabilities, allowing attackers to bypass fundamental security mechanisms like **System Integrity Protection (SIP)** and **Transparency, Consent, and Control (TCC)**.