From ad9cf6ddb63d78e6ed66c6f7cdb5873e957ed063 Mon Sep 17 00:00:00 2001
From: CPol <carlospolop@gmail.com>
Date: Fri, 16 Jun 2023 00:05:01 +0000
Subject: [PATCH] GITBOOK-3988: change request with no subject merged in
 GitBook

---
 .../macos-security-protections/macos-tcc/macos-tcc-bypasses.md  | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/macos-tcc-bypasses.md b/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/macos-tcc-bypasses.md
index 0691c77c..6230108e 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/macos-tcc-bypasses.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/macos-tcc-bypasses.md
@@ -56,6 +56,8 @@ The entitlement **`com.apple.private.icloud-account-access`** it's possible to c
 
 **iMovie** and **Garageband** had this entitlement and others that allowed.
 
+For more **information** about the exploit to **get icloud tokens** from that entitlement chec the talk: [**#OBTS v5.0: "What Happens on your Mac, Stays on Apple's iCloud?!" - Wojciech Regula**](https://www.youtube.com/watch?v=\_6e2LhmxVc0)
+
 ### kTCCServiceAppleEvents / Automation
 
 An app with the **`kTCCServiceAppleEvents`** permission will be able to **control other Apps**. This means that it could be able to **abuse the permissions granted to the other Apps**.