Kandji Blog

Uncovering Apple Vulnerabilities: diskarbitrationd and storagekitd Audit Part 2

Kandji's Threat Research team recently performed an audit on the macOS diskarbitrationd and storagekitd system daemons, uncovering several vulnerabilities. Our team reported all of them to Apple through their responsible disclosure program, and as these are fixed now, we are releasing the details in this blog series - this is part two. In part one we covered a vulnerability which impacted the diskarbitrationd system daemon and allowed attacks to either escape the sandbox or escalate our privileges through user file systems. In this second part, we will review a vulnerability (CVE-2024-40855) which allows someone to escape the sandbox and also fully bypass TCC by being able to mount over the user's TCC directory. This was possible by performing a directory…