CommunityNews
Process injection: breaking all macOS security layers with a single vulnerability
Process injection: breaking all macOS security layers with a single vulnerability.
If you have created a new macOS app with Xcode 13.2, you may noticed this new method in the template:
- (BOOL)applicationSupportsSecureRestorableState:(NSApplication *)app { return YES; } This was added to the Xcode template to address a process injection vulnerability we reported!
In macOS 12.0.1 Monterey, Apple fixed CVE-2021-30873. This was a process injection vulnerability affecting (essentially) all macOS AppKit-based applications. We reported this vulnerability to Apple, along with methods to use this vulnerability to escape the sandbox, elevate privileges to root and bypass the filesystem restrictions of SIP.
Read in full here:
This thread was posted by one of our members via one of our news source trackers.
Popular Macos topics
New
Apple Business Essentials now available for small businesses.
Thousands of small businesses in the Apple Business Essentials beta report...
New
Privacy watchdogs in Europe are considering a complaint against Apple made by a former employee, Ashley Gjøvik, who alleges the company f...
New
Authoring macOS Help Books in 2020 (and beyond).
Updated for 2022 Apple Help is old. Really old. Sometimes I wonder if new developers ev...
New
Inside the dissolution of Apple’s legacy design team.
Apple’s design team is legendary. But following the death of Steve Jobs, dysfuncti...
New
Apple Is Not Defending Browser Engine Choice - Infrequently Noted.
Alex Russell on browsers, standards, and the process of progress.
New
The new feature will be available in the autumn and comes after its devices were successfully targeted.
New
Asahi’s work can help other OSes, alternate Linux distros boot on Apple hardware.
New
In this post, I’m going to stick with running standard Nix binaries and not use any additional tools (although there are two shell script...
New
Users of some models of iPhone, iPad and Mac are being urged to run “important” security update.
New
Other popular topics
Hello Devtalk World!
Please let us know a little about who you are and where you’re from :nerd_face:
New
Which, if any, games do you play? On what platform?
I just bought (and completed) Minecraft Dungeons for my Nintendo Switch. Other than ...
New
I know that -t flag is used along with -i flag for getting an interactive shell. But I cannot digest what the man page for docker run com...
New
New
I ended up cancelling my Moonlander order as I think it’s just going to be a bit too bulky for me.
I think the Planck and the Preonic (o...
New
“Finding the Boundaries” Hero’s Journey with Noel Rappin @noelrappin
Even when you’re ultimately right about what the future ho...
New
Not sure if following fits exactly this thread, or if we should have a hobby thread…
For many years I’m designing and building model air...
New
Biggest jackpot ever apparently! :upside_down_face:
I don’t (usually) gamble/play the lottery, but working on a program to predict the...
New
Was just curious to see if any were around, found this one:
I got 51/100:
Not sure if it was meant to buy I am sure at times the b...
New
I’m able to do the “artistic” part of game-development; character designing/modeling, music, environment modeling, etc.
However, I don’t...
New
Sponsor Spotlight
Develop your skills with books, videos, and courses.
Latest in Security
Categories:
Sub Categories:
Popular Portals
- /elixir
- /rust
- /ruby
- /wasm
- /erlang
- /phoenix
- /keyboards
- /rails
- /js
- /python
- /security
- /go
- /swift
- /vim
- /clojure
- /emacs
- /haskell
- /java
- /onivim
- /svelte
- /typescript
- /crystal
- /c-plus-plus
- /kotlin
- /tailwind
- /gleam
- /ocaml
- /react
- /elm
- /flutter
- /vscode
- /ash
- /opensuse
- /centos
- /php
- /deepseek
- /html
- /scala
- /zig
- /textmate
- /sublime-text
- /nixos
- /debian
- /lisp
- /agda
- /react-native
- /kubuntu
- /arch-linux
- /revery
- /ubuntu
- /manjaro
- /django
- /spring
- /diversity
- /nodejs
- /lua
- /slackware
- /c
- /julia
- /neovim
Devtalk Sponsors
Practical resources that improve the lives of professional developers.
We build trusted fault-tolerant systems that scale to billions of users.
Real-time error tracking, performance insights, and observability for devs.
Develop your skills with books, videos, and courses.
Catch errors, track performance, monitor hosts and more.
Enabling companies to succeed by building software people love.
Courses that'll move you from confusion to "Aha, now I get it!"