CommunityNews
Process injection: breaking all macOS security layers with a single vulnerability
Process injection: breaking all macOS security layers with a single vulnerability.
If you have created a new macOS app with Xcode 13.2, you may noticed this new method in the template:
- (BOOL)applicationSupportsSecureRestorableState:(NSApplication *)app { return YES; } This was added to the Xcode template to address a process injection vulnerability we reported!
In macOS 12.0.1 Monterey, Apple fixed CVE-2021-30873. This was a process injection vulnerability affecting (essentially) all macOS AppKit-based applications. We reported this vulnerability to Apple, along with methods to use this vulnerability to escape the sandbox, elevate privileges to root and bypass the filesystem restrictions of SIP.
Read in full here:
This thread was posted by one of our members via one of our news source trackers.
Popular Macos topics
New
New “Report a Problem” link on product pages - News - Apple Developer.
The App Store provides a safe and trusted place to discover apps ...
New
Never-before-seen, cross-platform SysJoker came from an “advanced threat actor.”
New
Developers’ work on past M1 hardware is making it easier to support new chips.
New
No keyboard or mouse, though.
New
Authoring macOS Help Books in 2020 (and beyond).
Updated for 2022 Apple Help is old. Really old. Sometimes I wonder if new developers ev...
New
Asahi’s work can help other OSes, alternate Linux distros boot on Apple hardware.
New
Apple reportedly wants to turn the iPad into a smart display with a new dock.
Apple could reveal an iPad docking accessory next year.
New
Reverse Engineering the Apple MultiPeer Connectivity Framework.
Some time ago I was using Logic Pro to record some of my music and I nee...
New
The UK competition watchdog launches a market investigation into cloud gaming and mobile browsers.
New
Other popular topics
What chair do you have while working… and why?
Is there a ‘best’ type of chair or working position for developers?
New
New
There’s a whole world of custom keycaps out there that I didn’t know existed!
Check out all of our Keycaps threads here:
https://forum....
New
Oh just spent so much time on this to discover now that RancherOS is in end of life but Rancher is refusing to mark the Github repo as su...
New
The File System Access API with Origin Private File System.
WebKit supports new API that makes it possible for web apps to create, open,...
New
Author Spotlight
Jamis Buck
@jamis
This month, we have the pleasure of spotlighting author Jamis Buck, who has written Mazes for Prog...
New
There appears to have been an update that has changed the terminology for what has previously been known as the Taskbar Overflow - this h...
New
Author Spotlight:
Bruce Tate
@redrapids
Programming languages always emerge out of need, and if that’s not always true, they’re defin...
New
Jan | Rethink the Computer.
Jan turns your computer into an AI machine by running LLMs locally on your computer. It’s a privacy-focus, l...
New
Hello,
I’m a beginner in Android development and I’m facing an issue with my project setup. In my build.gradle.kts file, I have the foll...
New
Sponsor Spotlight
Real-time error tracking, performance insights, and observability for devs.
Latest in Security
Categories:
Sub Categories:
Popular Portals
- /elixir
- /rust
- /ruby
- /wasm
- /erlang
- /phoenix
- /keyboards
- /python
- /js
- /rails
- /security
- /go
- /swift
- /vim
- /clojure
- /emacs
- /haskell
- /java
- /svelte
- /onivim
- /typescript
- /kotlin
- /c-plus-plus
- /crystal
- /tailwind
- /react
- /gleam
- /ocaml
- /elm
- /flutter
- /vscode
- /ash
- /html
- /opensuse
- /centos
- /php
- /zig
- /deepseek
- /scala
- /textmate
- /lisp
- /sublime-text
- /react-native
- /nixos
- /debian
- /agda
- /kubuntu
- /arch-linux
- /deno
- /django
- /revery
- /ubuntu
- /nodejs
- /spring
- /manjaro
- /diversity
- /lua
- /julia
- /slackware
- /c
Devtalk Sponsors
Practical resources that improve the lives of professional developers.
We build trusted fault-tolerant systems that scale to billions of users.
Real-time error tracking, performance insights, and observability for devs.
Supporting innovation across the BEAM ecosystem.
Develop your skills with books, videos, and courses.
Catch errors, track performance, monitor hosts and more.
Enabling companies to succeed by building software people love.
Courses that move you from confusion to "Aha, now I get it!"