
CommunityNews
Process injection: breaking all macOS security layers with a single vulnerability
Process injection: breaking all macOS security layers with a single vulnerability.
If you have created a new macOS app with Xcode 13.2, you may noticed this new method in the template:
- (BOOL)applicationSupportsSecureRestorableState:(NSApplication *)app { return YES; } This was added to the Xcode template to address a process injection vulnerability we reported!
In macOS 12.0.1 Monterey, Apple fixed CVE-2021-30873. This was a process injection vulnerability affecting (essentially) all macOS AppKit-based applications. We reported this vulnerability to Apple, along with methods to use this vulnerability to escape the sandbox, elevate privileges to root and bypass the filesystem restrictions of SIP.
Read in full here:
This thread was posted by one of our members via one of our news source trackers.
Popular Macos topics

New

Apple Business Essentials now available for small businesses.
Thousands of small businesses in the Apple Business Essentials beta report...
New

Privacy watchdogs in Europe are considering a complaint against Apple made by a former employee, Ashley Gjøvik, who alleges the company f...
New

Authoring macOS Help Books in 2020 (and beyond).
Updated for 2022 Apple Help is old. Really old. Sometimes I wonder if new developers ev...
New

Inside the dissolution of Apple’s legacy design team.
Apple’s design team is legendary. But following the death of Steve Jobs, dysfuncti...
New

Apple Is Not Defending Browser Engine Choice - Infrequently Noted.
Alex Russell on browsers, standards, and the process of progress.
New

The new feature will be available in the autumn and comes after its devices were successfully targeted.
New

Asahi’s work can help other OSes, alternate Linux distros boot on Apple hardware.
New

In this post, I’m going to stick with running standard Nix binaries and not use any additional tools (although there are two shell script...
New

Users of some models of iPhone, iPad and Mac are being urged to run “important” security update.
New
Other popular topics

Hello Devtalk World!
Please let us know a little about who you are and where you’re from :nerd_face:
New

Which, if any, games do you play? On what platform?
I just bought (and completed) Minecraft Dungeons for my Nintendo Switch. Other than ...
New

I know that -t flag is used along with -i flag for getting an interactive shell. But I cannot digest what the man page for docker run com...
New
New

I ended up cancelling my Moonlander order as I think it’s just going to be a bit too bulky for me.
I think the Planck and the Preonic (o...
New

“Finding the Boundaries” Hero’s Journey with Noel Rappin @noelrappin
Even when you’re ultimately right about what the future ho...
New

Not sure if following fits exactly this thread, or if we should have a hobby thread…
For many years I’m designing and building model air...
New

Biggest jackpot ever apparently! :upside_down_face:
I don’t (usually) gamble/play the lottery, but working on a program to predict the...
New

Was just curious to see if any were around, found this one:
I got 51/100:
Not sure if it was meant to buy I am sure at times the b...
New

I’m able to do the “artistic” part of game-development; character designing/modeling, music, environment modeling, etc.
However, I don’t...
New
Categories:
Sub Categories:
Popular Portals
- /elixir
- /rust
- /ruby
- /wasm
- /erlang
- /phoenix
- /keyboards
- /rails
- /js
- /python
- /security
- /go
- /swift
- /vim
- /clojure
- /emacs
- /haskell
- /java
- /onivim
- /svelte
- /typescript
- /crystal
- /c-plus-plus
- /kotlin
- /tailwind
- /gleam
- /ocaml
- /react
- /elm
- /flutter
- /vscode
- /ash
- /opensuse
- /centos
- /php
- /deepseek
- /html
- /scala
- /zig
- /textmate
- /sublime-text
- /nixos
- /debian
- /lisp
- /agda
- /react-native
- /kubuntu
- /arch-linux
- /revery
- /ubuntu
- /manjaro
- /django
- /spring
- /diversity
- /nodejs
- /lua
- /slackware
- /c
- /julia
- /neovim