TCC bypass → access Photos / Camera without consent

§ Context

Assumed environment: foothold as a standard user on macOS. At least one third-party app on the system has been granted FDA. SIP enabled (default) but the attacker has user-level write to the app bundle / dylib search path.

§ Steps

1. 01
   User shellInitial Access

   T1078— Valid Accounts
2. 02
   Find app with FDA / Photos / Camera consentDiscovery

   T1087— Account Discovery
3. 03
   Exfil Photos / iMessage / DocumentsCredential Access

   T1552— Unsecured Credentials
4. 04
   Inherit entitlements → read TCC-protected dataDefense Evasion

   MAC-TCC-BYPASS— TCC Bypass
5. 05
   Dylib hijack into the consented appPrivilege Escalation

   MAC-DYLIB-HIJACK— Dylib Hijack

§ References

• T1078Valid Accounts
• T1087Account Discovery
• T1552Unsecured Credentials

§ Frequently asked

What is the "TCC bypass → access Photos / Camera without consent" attack path?

Inject into a process that already has Full Disk Access (e.g. backup utility, Terminal). Inherited TCC entitlement lets the attacker code read TCC-gated data — Photos, iMessage DB, Documents. It chains 5 steps drawn from real-world offensive-security techniques.

What starting position does this attack require?

The first step is User shell (T1078) — a initial access primitive. Assumed environment: foothold as a standard user on macOS.

What is the final impact of this kill-chain?

The final step lands on Dylib hijack into the consented app (MAC-DYLIB-HIJACK), which falls under Privilege Escalation. From here, an operator typically pivots into post-exploitation or maintains persistence.

How can defenders detect or prevent this attack?

Detection and prevention vary per step. Refer to each linked MITRE ATT&CK entry under "References" — every technique on that page lists defensive controls, detection telemetry, and known threat-actor usage.

§ Related dossiers

• Shared techniques3

  SSRF → IMDS → cloud creds → lateral

  An image-fetcher / link-preview endpoint fetches attacker-controlled URLs server-side. Pivot to the cloud metadata service and steal the instance role credentials.

• Shared techniques2

  Dev workstation → cloud backup keys → encrypted vault store (LastPass 2022)

  Attacker compromised a single LastPass DevOps engineer's home machine via outdated Plex Media Server, harvested AWS keys for the encrypted-vault backup bucket, exfiltrated production vault data.

• Shared techniques2

  z/OS TN3270 → RACF userID brute → mainframe shell

  Internet-/intranet-exposed TN3270 mainframe terminal. Userids follow predictable HR scheme. Brute-force passwords; many environments allow short / dictionary passwords for legacy reasons.

• Shared techniques2

  F5 BIG-IP iControl auth bypass (CVE-2022-1388) → root on LB

  Connection-header smuggle bypasses iControl REST auth, command-injection RCE as root. Load balancers see all traffic — recover TLS keys, session cookies, internal SSO config.

• Shared techniques2

  Slack token in CI log → DM history → vendor mailbox compromise

  A CI run echoed a Slack xoxb-/xoxp- token. Use it to read DMs, harvest password-reset links and vendor invitations, pivot into the corporate mailbox.

• Shared techniques2

  Spectre-class side-channel → cross-tenant memory leak

  Pre-mitigation cloud VM lets a co-tenant trigger speculative loads from kernel / sibling-VM memory. Cache-side-channel measurements recover sensitive data, including TLS keys + cloud creds.