Rascals are always sociable, and the chief sign that a man has any nobility in his character is the little pleasure he takes in others company. Arthur Schopenhauer

CVE-2023-26818 - Bypass TCC with Telegram in macOS

The following article will focus on a weakness in the Telegram application on macOS that allows for the injection of a Dynamic Library (or Dylib for short). The article will cover several basic concepts in macOS to provide the relevant background that will help the reader understand the process of identifying the weakness and writing an exploit that will gain a local privilege escalation by getting access to the camera through the permissions that were prreviously ganted to the Telegram application.

It should be noted that even the Root user on macOS does not have permissions to access the microphone or record the screen (etc.) unless the application has received direct Consent from the user during the initial access of the application (or by manually opening the permissions through the UI in System Preferences). CVE-2023-26818 - Bypass TCC with Telegram in macOS