CVE-2023-26818 – Bypass TCC with Telegram in macOS

The following article will focus on a weakness in the Telegram application on macOS that allows for the injection of a Dynamic Library (or Dylib for short). The article will cover several basic concepts in macOS to provide the relevant background that will help the reader understand the process of identifying the weakness and writing an exploit that will gain access to the camera through the permissions of the Telegram application.

It should be noted that even the Root user on macOS does not have permission to access the microphone or record the screen (etc.) unless the application has received direct Consent from the user during the initial access of the application (or by manually opening the permissions through the UI in System Preferences).

We will go over several basic concepts in macOS and then continue to see how we can identify the weakness in the application. After that, we will write the Dylib that will be used in the exploit to perform the recording from the camera and save it to a file. Additionally, we will see how we can bypass the Sandbox of the terminal using LaunchAgent.

This post was created with our nice and easy submission form. Create your post!

What do you think?

Posted by SH

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

Zucchini – Zyxel VPN Firewall Pre-Auth RCE (CVE-2023-28771)

CVE-2023-25690 Exploit Code Released