CommunityNews
Process injection: breaking all macOS security layers with a single vulnerability
Process injection: breaking all macOS security layers with a single vulnerability.
If you have created a new macOS app with Xcode 13.2, you may noticed this new method in the template:
- (BOOL)applicationSupportsSecureRestorableState:(NSApplication *)app { return YES; } This was added to the Xcode template to address a process injection vulnerability we reported!
In macOS 12.0.1 Monterey, Apple fixed CVE-2021-30873. This was a process injection vulnerability affecting (essentially) all macOS AppKit-based applications. We reported this vulnerability to Apple, along with methods to use this vulnerability to escape the sandbox, elevate privileges to root and bypass the filesystem restrictions of SIP.
Read in full here:
This thread was posted by one of our members via one of our news source trackers.
First Post!
bot
Corresponding tweet for this thread:
Share link for this tweet.
Popular General Dev topics
Zig Roadmap 2021.
From Zig SHOWTIME #21Subscribe to the Zig SHOWTIME Newsletter!https://zig.show0:00 Intro then Language Spec w/ Martin ...
New
Rocket is a web framework written in Rust. It provides a concise API and is opinionated and feature-rich beyond what you would typically ...
New
What we can learn from “_why” the long lost open source developer…
Code might not last forever, but _why proves you can have an impact t...
New
By the end of this guide we’ll have a minimal, working implementation of a small part of Lua from scratch.
New
One of the strongest sides of Go programming language is a built-in concurrency based on Tony Hoare’s CSP paper. Go is designed with conc...
New
C++ Cheat Sheets & Infographics.
Graphics and cheat sheets, each capturing one aspect of C++: algorithms/containers/STL, language ba...
New
Developing Godot Projects with Neovim.
When I started using Godot Engine, what surprised me the most is the built-in Language Server Pro...
New
Perfecting WebGPU/Dawn native graphics for Zig.
A 700+ commit complete rewrite of mach/gpu (the WebGPU interface for Zig) has been compl...
New
ABSTRACT
In lieu of a traditional , I’ve tried to distill the essence of the talk into a collection of maxims:
All programmers are API ...
New
Raspberry Pi security alarm — the basics.
In November last year — I started building a DIY security alarm system, using a Raspberry Pi a...
New
Other popular topics
I know that these benchmarks might not be the exact picture of real-world scenario, but still I expect a Rust web framework performing a ...
New
A PragProg Hero’s Journey with Brian P. Hogan @bphogan
Have you ever worried that your only legacy will be in the form of legacy...
New
Why, if your answer is yes?
New
There’s a whole world of custom keycaps out there that I didn’t know existed!
Check out all of our Keycaps threads here:
https://forum....
New
Small essay with thoughts on macOS vs. Linux:
I know @Exadra37 is just waiting around the corner to scream at me “I TOLD YOU SO!!!” but I...
New
Oh just spent so much time on this to discover now that RancherOS is in end of life but Rancher is refusing to mark the Github repo as su...
New
The V Programming Language
Simple language for building maintainable programs
V is already mentioned couple of times in the forum, but I...
New
A Hero’s Journey
with Chris Pine
@chrispine
Chris Pine, author of Learn to Program, Third Edition, discusses his journey to beco...
New
Hi folks,
I don’t know if I saw this here but, here’s a new programming language, called Roc
Reminds me a bit of Elm and thus Haskell. ...
New
Was just curious to see if any were around, found this one:
I got 51/100:
Not sure if it was meant to buy I am sure at times the b...
New
Latest in In The News
Latest (all)
Categories:
Popular Portals
- /elixir
- /rust
- /wasm
- /ruby
- /erlang
- /phoenix
- /keyboards
- /js
- /rails
- /python
- /security
- /go
- /swift
- /vim
- /clojure
- /java
- /haskell
- /emacs
- /svelte
- /onivim
- /typescript
- /crystal
- /c-plus-plus
- /tailwind
- /kotlin
- /gleam
- /react
- /flutter
- /elm
- /ocaml
- /vscode
- /opensuse
- /ash
- /centos
- /php
- /deepseek
- /zig
- /scala
- /html
- /debian
- /nixos
- /lisp
- /agda
- /textmate
- /sublime-text
- /react-native
- /kubuntu
- /arch-linux
- /revery
- /ubuntu
- /manjaro
- /spring
- /django
- /diversity
- /nodejs
- /lua
- /slackware
- /julia
- /c
- /neovim
Devtalk Sponsors
Practical resources that improve the lives of professional developers.
We build trusted fault-tolerant systems that scale to billions of users.
Develop your skills with books, videos, and courses.
Catch errors, track performance, monitor hosts and more.
Enabling companies to succeed by building software people love.
Courses that'll move you from confusion to "Aha, now I get it!"