CommunityNews
Process injection: breaking all macOS security layers with a single vulnerability
Process injection: breaking all macOS security layers with a single vulnerability.
If you have created a new macOS app with Xcode 13.2, you may noticed this new method in the template:
- (BOOL)applicationSupportsSecureRestorableState:(NSApplication *)app { return YES; } This was added to the Xcode template to address a process injection vulnerability we reported!
In macOS 12.0.1 Monterey, Apple fixed CVE-2021-30873. This was a process injection vulnerability affecting (essentially) all macOS AppKit-based applications. We reported this vulnerability to Apple, along with methods to use this vulnerability to escape the sandbox, elevate privileges to root and bypass the filesystem restrictions of SIP.
Read in full here:
This thread was posted by one of our members via one of our news source trackers.
Popular Macos topics
Google ‘colluded’ with Facebook to bypass Apple privacy.
Amended Texas complaint alleges backroom efforts to maintain ad dominance and m...
New
It has a few caveats, but it works as advertised.
New
Apple’s Director of Machine Learning Resigns Due to Return to Office Work.
Apple’s director of machine learning, Ian Goodfellow, has res...
New
Apple’s mixed reality headset will reportedly feature content created by Hollywood directors.
Apple is reportedly partnering with Jon Fa...
New
Apple aggressively drops older Intel Macs as Apple Silicon transition continues.
New
The new Pro feels like a tease for the upcoming Air, though.
New
New
Steve Jobs negotiates Apple’s deal with Microsoft.
Greg, Here is a review of the terms we last discussed, as well as some issues I have ...
New
Report: Apple to Move a Part of its Embedded Cores to RISC-V, Stepping Away from Arm ISA.
According to Dylan Patel of SemiAnalysis sourc...
New
The new Mac Pro chip could double or quadruple the power of the M2 Max.
Apple’s expected to launch the new Mac Pro next year.
New
Other popular topics
I know that these benchmarks might not be the exact picture of real-world scenario, but still I expect a Rust web framework performing a ...
New
No chair. I have a standing desk.
This post was split into a dedicated thread from our thread about chairs :slight_smile:
New
I’ve been hearing quite a lot of comments relating to the sound of a keyboard, with one of the most desirable of these called ‘thock’, he...
New
I have seen the keycaps I want - they are due for a group-buy this week but won’t be delivered until October next year!!! :rofl:
The Ser...
New
If you are experiencing Rails console using 100% CPU on your dev machine, then updating your development and test gems might fix the issu...
New
Saw this on TikTok of all places! :lol:
Anyone heard of them before?
Lite:
New
Build efficient applications that exploit the unique benefits of a pure functional language, learning from an engineer who uses Haskell t...
New
Author Spotlight:
Karl Stolley
@karlstolley
Logic! Rhetoric! Prag! Wow, what a combination. In this spotlight, we sit down with Karl ...
New
zig/http.zig at 7cf2cbb33ef34c1d211135f56d30fe23b6cacd42 · ziglang/zig.
General-purpose programming language and toolchain for maintaini...
New
If you’re getting errors like this:
psql: error: connection to server on socket “/tmp/.s.PGSQL.5432” failed: No such file or directory ...
New
Categories:
Sub Categories:
Popular Portals
- /elixir
- /rust
- /wasm
- /ruby
- /erlang
- /phoenix
- /keyboards
- /rails
- /js
- /python
- /security
- /go
- /swift
- /vim
- /clojure
- /java
- /haskell
- /emacs
- /svelte
- /onivim
- /typescript
- /crystal
- /c-plus-plus
- /tailwind
- /kotlin
- /gleam
- /react
- /flutter
- /elm
- /ocaml
- /ash
- /vscode
- /opensuse
- /centos
- /php
- /deepseek
- /html
- /zig
- /scala
- /debian
- /nixos
- /lisp
- /agda
- /sublime-text
- /react-native
- /textmate
- /kubuntu
- /arch-linux
- /ubuntu
- /revery
- /django
- /spring
- /manjaro
- /diversity
- /lua
- /nodejs
- /c
- /julia
- /slackware
- /neovim
Devtalk Sponsors
Practical resources that improve the lives of professional developers.
We build trusted fault-tolerant systems that scale to billions of users.
Real-time error tracking, performance insights, and observability for devs.
Develop your skills with books, videos, and courses.
Catch errors, track performance, monitor hosts and more.
Enabling companies to succeed by building software people love.
Courses that'll move you from confusion to "Aha, now I get it!"