Who Cares Where Waldo Is. Locating macOS Users Without Their Consent

Where is Waldo? You’ve probably experienced how challenging it can be to spot him in the popular illustrations shared on social media. But is determining a macOS user’s location just as difficult? This presentation will demonstrate that it’s surprisingly easy.

We’ll begin by exploring the macOS privacy framework, focusing on why location services are treated as a distinct privacy subsystem. The talk will delve into how location permissions are stored on macOS and examine architectural weaknesses in the location database. We’ll also discuss the attack surface of location services, side-channel attacks, and techniques for obtaining non-precise location data.

Building on this foundation, I will share insights into my previous and newly discovered vulnerabilities that lead to precise location data leaks. We’ll review Apple’s patches for these issues and outline directions for future research in this area.

Finally, we’ll discuss how attackers might not even need macOS zero-days to compromise a user’s location. I’ll reveal how certain third-party macOS applications willingly share location data with any app that requests it. For blue teams, the talk will provide actionable detection strategies to mitigate these risks.

Full Abstract Available:
https://www.blackhat.com/asia-25/briefings/schedule/#who-cares-where-waldo-is-locating-macos-users-without-their-consent-44563Black HatRead More