CommunityNews

CommunityNews

Process injection: breaking all macOS security layers with a single vulnerability

Process injection: breaking all macOS security layers with a single vulnerability.
If you have created a new macOS app with Xcode 13.2, you may noticed this new method in the template:

  • (BOOL)applicationSupportsSecureRestorableState:(NSApplication *)app { return YES; } This was added to the Xcode template to address a process injection vulnerability we reported!
    In macOS 12.0.1 Monterey, Apple fixed CVE-2021-30873. This was a process injection vulnerability affecting (essentially) all macOS AppKit-based applications. We reported this vulnerability to Apple, along with methods to use this vulnerability to escape the sandbox, elevate privileges to root and bypass the filesystem restrictions of SIP.

Read in full here:

This thread was posted by one of our members via one of our news source trackers.

Where Next?

Popular Macos topics Top

First poster: bot
A few weeks ago, we’ve seen Apple announce their newest iPhone 13 series devices, a set of phones being powered by the newest Apple A15 S...
New
New
CommunityNews
Why Apple’s New M1 Chips Are Essential for Rapid iOS Development. When looking for ways to help our iOS developers become more productiv...
New
First poster: AstonJ
Moving a macOS window by clicking anywhere on it (like on Linux). Today I learned that since macOS High Sierra onwards you can move a wi...
New
First poster: AstonJ
The new feature will be available in the autumn and comes after its devices were successfully targeted.
New
New
First poster: bot
Google’s decision to block the Truth Social app’s launch on the Play Store over content moderation issues raises the question as to why A...
New
New
CommunityNews
It only took 50 years, but there’s finally a replacement that’s safer and easier to use.
New
First poster: bot
Friday Facts #371 - Apple Silicon | Factorio. Today, I’m here to share some exciting non-expansion news for our Mac players. Factorio ...
New

Other popular topics Top

siddhant3030
I’m thinking of buying a monitor that I can rotate to use as a vertical monitor? Also, I want to know if someone is using it for program...
New
AstonJ
We have a thread about the keyboards we have, but what about nice keyboards we come across that we want? If you have seen any that look n...
New
AstonJ
Continuing the discussion from Thinking about learning Crystal, let’s discuss - I was wondering which languages don’t GC - maybe we can c...
New
New
PragmaticBookshelf
Author Spotlight Mike Riley @mriley This month, we turn the spotlight on Mike Riley, author of Portable Python Projects. Mike’s book ...
New
AstonJ
If you want a quick and easy way to block any website on your Mac using Little Snitch simply… File > New Rule: And select Deny, O...
New
First poster: AstonJ
Jan | Rethink the Computer. Jan turns your computer into an AI machine by running LLMs locally on your computer. It’s a privacy-focus, l...
New
AstonJ
If you’re getting errors like this: psql: error: connection to server on socket “/tmp/.s.PGSQL.5432” failed: No such file or directory ...
New
Fl4m3Ph03n1x
Background Lately I am in a quest to find a good quality TTS ai generation tool to run locally in order to create audio for some videos I...
New
PragmaticBookshelf
Use advanced functional programming principles, practical Domain-Driven Design techniques, and production-ready Elixir code to build scal...
New