CommunityNews

CommunityNews

Process injection: breaking all macOS security layers with a single vulnerability

Process injection: breaking all macOS security layers with a single vulnerability.
If you have created a new macOS app with Xcode 13.2, you may noticed this new method in the template:

  • (BOOL)applicationSupportsSecureRestorableState:(NSApplication *)app { return YES; } This was added to the Xcode template to address a process injection vulnerability we reported!
    In macOS 12.0.1 Monterey, Apple fixed CVE-2021-30873. This was a process injection vulnerability affecting (essentially) all macOS AppKit-based applications. We reported this vulnerability to Apple, along with methods to use this vulnerability to escape the sandbox, elevate privileges to root and bypass the filesystem restrictions of SIP.

Read in full here:

This thread was posted by one of our members via one of our news source trackers.

First Post!

bot

bot

Corresponding tweet for this thread:

Share link for this tweet.

Popular General Dev topics Top

First poster: bot
Zig Roadmap 2021. From Zig SHOWTIME #21Subscribe to the Zig SHOWTIME Newsletter!https://zig.show0:00 Intro then Language Spec w/ Martin ...
New
First poster: KnowledgeIsPower
Rocket is a web framework written in Rust. It provides a concise API and is opinionated and feature-rich beyond what you would typically ...
New
First poster: OvermindDL1
What we can learn from “_why” the long lost open source developer… Code might not last forever, but _why proves you can have an impact t...
New
CommunityNews
By the end of this guide we’ll have a minimal, working implementation of a small part of Lua from scratch.
New
CommunityNews
One of the strongest sides of Go programming language is a built-in concurrency based on Tony Hoare’s CSP paper. Go is designed with conc...
New
CommunityNews
C++ Cheat Sheets & Infographics. Graphics and cheat sheets, each capturing one aspect of C++: algorithms/containers/STL, language ba...
New
First poster: bot
Developing Godot Projects with Neovim. When I started using Godot Engine, what surprised me the most is the built-in Language Server Pro...
New
First poster: bot
Perfecting WebGPU/Dawn native graphics for Zig. A 700+ commit complete rewrite of mach/gpu (the WebGPU interface for Zig) has been compl...
New
CommunityNews
ABSTRACT In lieu of a traditional , I’ve tried to distill the essence of the talk into a collection of maxims: All programmers are API ...
New
First poster: bot
Raspberry Pi security alarm — the basics. In November last year — I started building a DIY security alarm system, using a Raspberry Pi a...
New

Other popular topics Top

DevotionGeo
I know that these benchmarks might not be the exact picture of real-world scenario, but still I expect a Rust web framework performing a ...
New
PragmaticBookshelf
A PragProg Hero’s Journey with Brian P. Hogan @bphogan Have you ever worried that your only legacy will be in the form of legacy...
New
New
AstonJ
There’s a whole world of custom keycaps out there that I didn’t know existed! Check out all of our Keycaps threads here: https://forum....
New
dimitarvp
Small essay with thoughts on macOS vs. Linux: I know @Exadra37 is just waiting around the corner to scream at me “I TOLD YOU SO!!!” but I...
New
Exadra37
Oh just spent so much time on this to discover now that RancherOS is in end of life but Rancher is refusing to mark the Github repo as su...
New
DevotionGeo
The V Programming Language Simple language for building maintainable programs V is already mentioned couple of times in the forum, but I...
New
PragmaticBookshelf
A Hero’s Journey with Chris Pine @chrispine Chris Pine, author of Learn to Program, Third Edition, discusses his journey to beco...
New
Maartz
Hi folks, I don’t know if I saw this here but, here’s a new programming language, called Roc Reminds me a bit of Elm and thus Haskell. ...
New
AstonJ
Was just curious to see if any were around, found this one: I got 51/100: Not sure if it was meant to buy I am sure at times the b...
New

Latest in In The News