XPC or cross process communication is a way for OSX and iOS processes to communicate with one another and share information. One use for this is to elevate privileges using a daemon who listens as a XPC service. While Apple has released a coding guideline it is all to often ignored or incorrectly implemented in third-party applications. One striking example of this is the Privileged Helper Tool.
In this talk I am going to dive into what a Privileged Helper Tool is and why you should care about it. I will show the viewers how to locate these on an OSX computer and walk through the reverse engineering steps needed to identify if the service is vulnerable. We will then set up communications via Objective-C to deliver a privilege escalation attack. I will be showcasing twenty plus vulnerabilities in at least five products. All tooling and code will be released with the talk!