Entitlements and code signing TL;DR: Entitlement plist binds a privilege to a signed binary; abuse comes from inheritance and lax signing. Stub — to be filled in. What it is TODO Preconditions / where it applies TODO Technique TODO Detection and defence TODO References TODO