Michael Cowell

Cybersecurity Engineer

Michael Cowell


Michael Cowell is a cybersecurity engineer and researcher specialising in the iOS and macOS ecosystems with experience in the public and private sector.


In this brief talk we'll discuss macOS user privacy protections and a logic bug in the PackageKit framework which leads to a complete SIP/TCC bypass ( CVE-2023-38609 ) on macOS Ventura. The talk will cover initial discovery, automating variant discovery and chaining with a patched privilege escalation to achieve unrestricted access from a regular user context.