macOS>In The News

Process injection: breaking all macOS security layers with a single vulnerability

CommunityNews

CommunityNews

Process injection: breaking all macOS security layers with a single vulnerability

Process injection: breaking all macOS security layers with a single vulnerability.
If you have created a new macOS app with Xcode 13.2, you may noticed this new method in the template:

  • (BOOL)applicationSupportsSecureRestorableState:(NSApplication *)app { return YES; } This was added to the Xcode template to address a process injection vulnerability we reported!
    In macOS 12.0.1 Monterey, Apple fixed CVE-2021-30873. This was a process injection vulnerability affecting (essentially) all macOS AppKit-based applications. We reported this vulnerability to Apple, along with methods to use this vulnerability to escape the sandbox, elevate privileges to root and bypass the filesystem restrictions of SIP.

Read in full here:

This thread was posted by one of our members via one of our news source trackers.

View thread on forum
#macos/security
0 1308 0

Where Next?

View thread on forum
security
macos
Home macOS>In The News
#macos/security
0 1308 0
Last post

Popular Macos topics Top

First poster: bot
macOS>In The News

The Apple A15 SoC Performance Review: Faster and More Efficient
A few weeks ago, we’ve seen Apple announce their newest iPhone 13 series devices, a set of phones being powered by the newest Apple A15 S...
anandtech.com
#review#apple#performance
0 969 0
New
First poster: bot
macOS>In The News

Apple may be done with Intel Macs, but Hackintoshes can still use the newest CPUs
OpenCore project continues bridging the gaps between PCs and real Intel Macs.
arstechnica.com
#macs#apple#intel
0 1215 0
New
CommunityNews
macOS>In The News

Why Apple’s new M1 chips are essential for rapid iOS development
Why Apple’s New M1 Chips Are Essential for Rapid iOS Development. When looking for ways to help our iOS developers become more productiv...
doordash.engineering
#ios#apple#development#chips
4 1035 1
New
First poster: AstonJ
macOS>In The News

Moving a macOS window by clicking anywhere on it
Moving a macOS window by clicking anywhere on it (like on Linux). Today I learned that since macOS High Sierra onwards you can move a wi...
mmazzarolo.com
#macos
8 922 5
New
First poster: AstonJ
macOS>In The News

Apple launches Lockdown Mode to block spyware attacks on at-risk users
The new feature will be available in the autumn and comes after its devices were successfully targeted.
bbc.co.uk
#apple
5 1167 6
New
First poster: bot
macOS>In The News

Linux distro for Apple silicon Macs is already up and running on the brand-new M2
Asahi’s work can help other OSes, alternate Linux distros boot on Apple hardware.
arstechnica.com
#linux#macs#apple
0 1194 0
New
First poster: bot
macOS>In The News

Google blocks Truth Social from the Play Store — Will Apple be next?
Google’s decision to block the Truth Social app’s launch on the Play Store over content moderation issues raises the question as to why A...
techcrunch.com
#social#apple#google
0 935 0
New
First poster: bot
macOS>In The News

Apple raises prices for Music and TV+ for the first time
The price of the Apple One subscription bundle is also going up.
arstechnica.com
#music#apple
0 909 0
New
CommunityNews
macOS>In The News

Passkeys—Microsoft, Apple, and Google’s password killer—are finally here
It only took 50 years, but there’s finally a replacement that’s safer and easier to use.
arstechnica.com
#apple#microsoft#google
1 974 1
New
First poster: bot
macOS>In The News

Factorio runs on Apple Silicon
Friday Facts #371 - Apple Silicon | Factorio. Today, I’m here to share some exciting non-expansion news for our Mac players. Factorio ...
factorio.com
#apple
0 1502 0
New

Other popular topics Top

siddhant3030
General Dev>Dev Chat

Which vertical monitor do you use?
I’m thinking of buying a monitor that I can rotate to use as a vertical monitor? Also, I want to know if someone is using it for program...
#monitors#programming
51 4892 20
New
AstonJ
General Dev>Hardware

Seen any cool new keyboards?
We have a thread about the keyboards we have, but what about nice keyboards we come across that we want? If you have seen any that look n...
/keyboards#mechanical-keyboards
49 5910 39
New
AstonJ
General Dev>Dev Chat

Languages Without Garbage Collection
Continuing the discussion from Thinking about learning Crystal, let’s discuss - I was wondering which languages don’t GC - maybe we can c...
#garbage-collection
21 5575 7
New
Margaret
General Dev>Sales

Get 50% off these PragProg books during our Think Again Sale
Think Again 50% Off Sale » The theme of this sale is new perspectives on familiar topics. Enter coupon code ThinkAgain2021 at checkout t...
#community#pragprog/elixir/book-a-common-sense-guide-to-data-structures-and-algorithms-second-edition/book-programming-machine-learning/book-the-ray-tracer-challenge/book-forge-your-future-with-open-source/book-software-design-x-rays#algorithms/book-testing-elixir#machine-learning#sale/book-concurrent-data-processing-in-elixir/book-intuitive-python
8 6415 2
New
PragmaticBookshelf
Community>In The Spotlight

Spotlight: Mike Riley (Author) Interview and AMA!
Author Spotlight Mike Riley @mriley This month, we turn the spotlight on Mike Riley, author of Portable Python Projects. Mike’s book ...
#author-spotlight/python#iot/book-portable-python-projects#internet-of-things
62 7035 19
New
AstonJ
macOS>Chat

How to block any website on Mac using Little Snitch
If you want a quick and easy way to block any website on your Mac using Little Snitch simply… File > New Rule: And select Deny, O...
#macos#how-to#littlesnitch
5 11227 3
New
First poster: AstonJ
General Dev>In The News

Jan: An open source alternative to ChatGPT that runs on the desktop
Jan | Rethink the Computer. Jan turns your computer into an AI machine by running LLMs locally on your computer. It’s a privacy-focus, l...
jan.ai
#desktop#chatgpt
4 5652 4
New
AstonJ
Backend>Questions

Psql: error: connection to server on socket "/tmp/.s.PGSQL.5432" failed: No such file or directory
If you’re getting errors like this: psql: error: connection to server on socket “/tmp/.s.PGSQL.5432” failed: No such file or directory ...
#macos/rails/postgresql
1 5553 1
New
Fl4m3Ph03n1x
AI>Questions

What are the best text-to-speech ai generation tools that you can run locally?
Background Lately I am in a quest to find a good quality TTS ai generation tool to run locally in order to create audio for some videos I...
#ai#text-to-speech
6 8411 3
New
PragmaticBookshelf
Backend>Learning Resources

Advanced Functional Programming with Elixir
Use advanced functional programming principles, practical Domain-Driven Design techniques, and production-ready Elixir code to build scal...
joekoski.com
#pragprog/elixir#published-book#functional-programming/book-advanced-functional-programming-with-elixir
43 4989 22
New
Back to top

Sponsor Spotlight

AppSignal

Catch errors, track performance, monitor hosts and more.

Latest in Security

Security Portal

macOS>In The News

macOS In The News

Latest on Devtalk

Devtalk

We ❤️ helpful members!

We reward our most helpful members via our MOTM scheme - by giving away a whopping 25 books per year!

Member of the Month

Devtalk Sponsors

Pragmatic Bookshelf

Practical resources that improve the lives of professional developers.

Erlang Solutions

We build trusted fault-tolerant systems that scale to billions of users.

Honeybadger

Real-time error tracking, performance insights, and observability for devs.

EEF

Supporting innovation across the BEAM ecosystem.

coders51

We build reliable cloud platforms for business-critical systems.

Manning Publications

Develop your skills with books, videos, and courses.

AppSignal

Catch errors, track performance, monitor hosts and more.

WyeWorks

Enabling companies to succeed by building software people love.

Pragmatic Studio

Courses that move you from confusion to "Aha, now I get it!"

Linux New Media

Publishing Linux Magazine, ADMIN, and MakerSpace for 25+ years.

View all our sponsors ❯

Categories:

Sub Categories:

Popular Portals

Devtalk Sponsors

Pragmatic Bookshelf

Practical resources that improve the lives of professional developers.

Erlang Solutions

We build trusted fault-tolerant systems that scale to billions of users.

Honeybadger

Real-time error tracking, performance insights, and observability for devs.

EEF

Supporting innovation across the BEAM ecosystem.

coders51

We build reliable cloud platforms for business-critical systems.

Manning Publications

Develop your skills with books, videos, and courses.

AppSignal

Catch errors, track performance, monitor hosts and more.

WyeWorks

Enabling companies to succeed by building software people love.

Pragmatic Studio

Courses that move you from confusion to "Aha, now I get it!"

Linux New Media

Publishing Linux Magazine, ADMIN, and MakerSpace for 25+ years.

View all our sponsors ❯

We're in Beta

About us Mission Statement See our Roadmap