Six years ago, since the advent of System Integrity Protection (SIP) framework on macOS Yosemite, a protection mechanism protects files from being modified even with elevated privileges, which Apple deeply trusts to stop systems being maliciously tampered with or having data being stolen. Apple does not believe in empowering the users and went down a road of taking away privileges from users.

However, during these six years, we have seen more and more attacks allowing bypassing SIP to make modification to crucial files within the system. Moreover, multiple articles on the Internet instruct you to disable SIP entirely. We will introduce multiple bypasses for SIP in this session, and how Apple implemented this protection in the first place.

In this research, we discovered and disclosed multiple vulnerabilities in most of the DDS (Data Distrubiton Service) implementations. DDS enables crucial technologies, such as autonomous driving, military tactical systems, or time-sensitive machineries. We approached DDS from the bottom up, and we'll show you how we dissected, fuzzing with and without source code, then found multiple vulnerabilities within it, including a standard-level vulnerability and others, including remote code execution and DoS.