TCC Bypass in Claude Desktop for macOS
#macos#tcc#electron#vulnerability
Product Claude Desktop for macOS Tested Version 1.1.673 Type TCC Bypass Status Disclosed, WontFix/Informative Summary The release of Cowork (Claude Desktop’s research preview, general-purpose agent mode for day-to-day tasks) got me interested in poking at Claude Desktop. It brings the workflow people learned to love in the Claude Code CLI into a GUI, and under the hood it ships a full VM image that boots and mounts host folders to provide tool access in agent mode.
January 24, 2026
Dissecting Droid: Reversing Bun Executables
#bun#reverse-engineering#tooling
Motivation I was bouncing around various CLI coding agent harnesses (Claude Code, OpenCode, Droid by Factory, etc.). Droid appeared to be closed source, and I was curious about the implementation. I opened it in Binary Ninja and noticed references to V8 and some embedded JS. After poking around a bit more, I realized it was built with Bun. I went to the Bun source to see how it packages standalone executables.
January 12, 2026
CVE-2022-26711: Integer Overflow in Apple's ImageIO Framework
#macos#ios#imageio#integer-overflow#cve
Motivation This is a writeup I’ve been meaning to publish for a while. Back in mid 2021, I was hunting for bugs in ImageIO. I’d been following some of the work Project Zero had done on Apple’s image parsing, particularly Samuel Groß’s Fuzzing ImageIO research from 2020, and figured it was worth pointing my own fuzzer at it. If you’re not familiar, ImageIO is Apple’s image parsing framework. It handles decoding for essentially every image format on macOS and iOS.
January 1, 2025
CVE-2024-41997: RCE in Warp Terminal
Motivation Earlier this year, I had decided to take a look at Warp Terminal. Warp promises to bring the power of an AI assistant to your conventional terminal workflow. Privacy concerns aside, feature rich terminal emulators always bring with them a host of excellent attack surface. Finding a way to achieve remote code execution via a terminal emulator is a fantastic (read: flashy) way to achieve initial access during a Red Team operation, and the installation population (power users) would likely overlap with targets who have valuable internal access.
December 20, 2024
Bypassing TCC With iTerm2
Motivation When landing a shell in MacOS environments, you’ll frequently want access to the files under your victim’s home folder. Some of these locations are TCC protected. Specifically ~/Documents/, ~/Downloads/, ~/Desktop/ all require their own approvals which correspond to the kTCCServiceSystemPolicyDocumentsFolder, kTCCServiceSystemPolicyDownloadsFolder, kTCCServiceSystemPolicyDesktopFolder service categories respectively. Depending on how you landed your initial access, you may not have the necessary TCC approvals. If your target has iTerm2 installed and they use it for day-to-day work, you may have a simple way around these TCC restrictions.
December 8, 2021
Looting Electron Apps Via The V8 Inspector
What Is The V8 Inspector? V8 is the JavaScript engine that ships as part of both Chromium (and derivatives) as well as Node (which is in turn included in Electron). V8 provides a debugging interface that implements a subset of the Chrome DevTools Protocol (hereafter referred to as CDP). In Chromium, Chrome, and other Blink based browsers, methods from all Domains of CDP are exposed through the stub (see the “tip-of-tree” or “stable” protocol versions).
August 29, 2021
Hijacking Web Traffic On MacOS and iOS With MDM Profiles
What Are MDM Profiles? MDM profiles allow organizations to deploy common device configurations across MacOS and iOS devices. They can be deployed by hand, or via 3rd party MDM solutions such as Jamf or Munki. They’re deployed as .mobileconfig files, which are just XML under the hood. Here’s an example config that enforces a wallpaper setting: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>HasRemovalPasscode</key> <false/> <key>PayloadContent</key> <array> <dict> <key>PayloadDisplayName</key> <string>Desktop Picture</string> <key>PayloadIdentifier</key> <string>com.
December 18, 2019
Leveraging Application Verifier for Function Hooking and Persistence
Introduction to Application Verifier Function hooking is a powerful tool for attackers. The ability to inspect and modify data structures as they’re passed between functions within a program gives an attacker lots of options for session riding, credential theft, parameter modification, etc. We’re going to take a look at an excellent tool that is provided to us by Microsoft called Application Verifier, which can be leveraged to perform hooking(and persistence) in a trivial, yet powerful manner by letting us run code in the context of an arbitrary unmanaged(native) application.
June 2, 2017