BSidesVienna 0x7EA

XPC Client Validation? Music to my ears!
06-27, 15:05–16:05 (Europe/Vienna), Kreativraum 3.1 (Track 3 - Women4Cyber/Rookie)

This talk examines how established macOS exploitation techniques can be applied to a largely overlooked attack surface: audio plugin installers. By analyzing installers from multiple major vendors, I demonstrate how common design and implementation flaws can be leveraged to achieve local privilege escalation. The presentation covers nine CVEs across five different vendors, highlighting recurring vulnerability patterns, exploitation strategies, and the security implications for both developers and end users. Attendees will gain insight into the intersection of macOS installer security and the audio software ecosystem, along with practical lessons for identifying and mitigating similar issues.

Florian Haselsteiner is a Security Consultant, Penetration Tester, and Red Teamer at SEC Consult, specializing in offensive security and advanced security assessments. With several years of experience in penetration testing, vulnerability management, and adversary simulation, he helps organizations identify and mitigate complex security risks across enterprise environments.

His primary area of expertise is macOS security, which was also the focus of his master's research in Information Security (Dipl.-Ing.). His work led to the discovery and responsible disclosure of nine CVEs affecting five different vendors, contributing to improvements in the security of the Apple ecosystem and related technologies.

He holds a BSc. in Information and Software Engineering and industry-recognized certifications including CWES, CPTS, OSCP, and COAE. His interests include macOS internals, offensive security research, red teaming, and vulnerability discovery.