Multiple TCC bypasses via SQLite environment variables

Overview These vulnerabilities were disclosed at Black Hat Europe 2022 in the talk Knockout Win Against TCC - 20+ fresh Ways to Bypass Your MacOS Privacy Mechanisms. The method relied on an SQLite environment variable respected by libsqlite3.dylib which made apps utilizing the standard SQLite strategy API log all the SQL queries. As specified queries may contain delicate user data usually protected by the TCC - I started researching all the problematic occurrences.