CommunityNews

CommunityNews

Process injection: breaking all macOS security layers with a single vulnerability

Process injection: breaking all macOS security layers with a single vulnerability.
If you have created a new macOS app with Xcode 13.2, you may noticed this new method in the template:

  • (BOOL)applicationSupportsSecureRestorableState:(NSApplication *)app { return YES; } This was added to the Xcode template to address a process injection vulnerability we reported!
    In macOS 12.0.1 Monterey, Apple fixed CVE-2021-30873. This was a process injection vulnerability affecting (essentially) all macOS AppKit-based applications. We reported this vulnerability to Apple, along with methods to use this vulnerability to escape the sandbox, elevate privileges to root and bypass the filesystem restrictions of SIP.

Read in full here:

This thread was posted by one of our members via one of our news source trackers.

Where Next?

Popular Macos topics Top

New
First poster: bot
Apple Business Essentials now available for small businesses. Thousands of small businesses in the Apple Business Essentials beta report...
New
First poster: bot
Privacy watchdogs in Europe are considering a complaint against Apple made by a former employee, Ashley Gjøvik, who alleges the company f...
New
First poster: bot
Authoring macOS Help Books in 2020 (and beyond). Updated for 2022 Apple Help is old. Really old. Sometimes I wonder if new developers ev...
New
First poster: bot
Inside the dissolution of Apple’s legacy design team. Apple’s design team is legendary. But following the death of Steve Jobs, dysfuncti...
New
First poster: bot
Apple Is Not Defending Browser Engine Choice - Infrequently Noted. Alex Russell on browsers, standards, and the process of progress.
New
First poster: AstonJ
The new feature will be available in the autumn and comes after its devices were successfully targeted.
New
New
First poster: bot
In this post, I’m going to stick with running standard Nix binaries and not use any additional tools (although there are two shell script...
New
First poster: bot
Users of some models of iPhone, iPad and Mac are being urged to run “important” security update.
New

Other popular topics Top

Devtalk
Hello Devtalk World! Please let us know a little about who you are and where you’re from :nerd_face:
New
ohm
Which, if any, games do you play? On what platform? I just bought (and completed) Minecraft Dungeons for my Nintendo Switch. Other than ...
New
DevotionGeo
I know that -t flag is used along with -i flag for getting an interactive shell. But I cannot digest what the man page for docker run com...
New
New
AstonJ
I ended up cancelling my Moonlander order as I think it’s just going to be a bit too bulky for me. I think the Planck and the Preonic (o...
New
PragmaticBookshelf
“Finding the Boundaries” Hero’s Journey with Noel Rappin @noelrappin Even when you’re ultimately right about what the future ho...
New
Rainer
Not sure if following fits exactly this thread, or if we should have a hobby thread… For many years I’m designing and building model air...
New
AstonJ
Biggest jackpot ever apparently! :upside_down_face: I don’t (usually) gamble/play the lottery, but working on a program to predict the...
New
AstonJ
Was just curious to see if any were around, found this one: I got 51/100: Not sure if it was meant to buy I am sure at times the b...
New
sir.laksmana_wenk
I’m able to do the “artistic” part of game-development; character designing/modeling, music, environment modeling, etc. However, I don’t...
New