
CommunityNews
Process injection: breaking all macOS security layers with a single vulnerability
Process injection: breaking all macOS security layers with a single vulnerability.
If you have created a new macOS app with Xcode 13.2, you may noticed this new method in the template:
- (BOOL)applicationSupportsSecureRestorableState:(NSApplication *)app { return YES; } This was added to the Xcode template to address a process injection vulnerability we reported!
In macOS 12.0.1 Monterey, Apple fixed CVE-2021-30873. This was a process injection vulnerability affecting (essentially) all macOS AppKit-based applications. We reported this vulnerability to Apple, along with methods to use this vulnerability to escape the sandbox, elevate privileges to root and bypass the filesystem restrictions of SIP.
Read in full here:
This thread was posted by one of our members via one of our news source trackers.
Popular Macos topics

We try to predict Cupertino’s output in the coming year.
New

The discoveries strongly support what onlookers already suspected.
New

Apple Business Essentials now available for small businesses.
Thousands of small businesses in the Apple Business Essentials beta report...
New

It has a few caveats, but it works as advertised.
New

Apple’s Private Relay can cause the system to ignore firewall rules - Blog | Mullvad VPN.
Apple’s Private Relay (Beta) feature calls hom...
New

Also, devs will now have 90 days to respond to a removal notice instead of 30.
New

How Apple overcame its culture of secrecy to create AirPods Pro.
A former Apple HR business partner explains how the famously insular co...
New
New

Get root on macOS 12.3.1: proof-of-concepts for Linus Henze’s CoreTrust and DriverKit bugs (CVE-2022-26766, CVE-2022-26763).
Here are tw...
New

An internal petition says individual teams should set remote-work policies.
New
Other popular topics

I’ve been really enjoying obsidian.md:
It is very snappy (even though it is based on Electron). I love that it is all local by defaul...
New

poll
poll
Be sure to check out @Dusty’s article posted here: An Introduction to Alternative Keyboard Layouts It’s one of the best write-...
New

I have seen the keycaps I want - they are due for a group-buy this week but won’t be delivered until October next year!!! :rofl:
The Ser...
New

Oh just spent so much time on this to discover now that RancherOS is in end of life but Rancher is refusing to mark the Github repo as su...
New

If you are experiencing Rails console using 100% CPU on your dev machine, then updating your development and test gems might fix the issu...
New

Think Again 50% Off Sale »
The theme of this sale is new perspectives on familiar topics.
Enter coupon code ThinkAgain2021 at checkout t...
New

Intensively researching Erlang books and additional resources on it, I have found that the topic of using Regular Expressions is either c...
New

Author Spotlight:
VM Brasseur
@vmbrasseur
We have a treat for you today! We turn the spotlight onto Open Source as we sit down with V...
New

Author Spotlight:
Tammy Coron
@Paradox927
Gaming, and writing games in particular, is about passion, vision, experience, and immersio...
New

A Brief Review of the Minisforum V3 AMD Tablet.
Update: I have created an awesome-minisforum-v3 GitHub repository to list information fo...
New
Categories:
Sub Categories:
Popular Portals
- /elixir
- /rust
- /ruby
- /wasm
- /erlang
- /phoenix
- /keyboards
- /rails
- /js
- /python
- /security
- /go
- /swift
- /vim
- /clojure
- /emacs
- /haskell
- /java
- /onivim
- /svelte
- /typescript
- /crystal
- /c-plus-plus
- /kotlin
- /tailwind
- /gleam
- /ocaml
- /react
- /elm
- /flutter
- /vscode
- /ash
- /opensuse
- /centos
- /php
- /deepseek
- /html
- /scala
- /zig
- /sublime-text
- /textmate
- /nixos
- /debian
- /lisp
- /react-native
- /agda
- /kubuntu
- /arch-linux
- /revery
- /ubuntu
- /django
- /manjaro
- /spring
- /diversity
- /nodejs
- /lua
- /c
- /slackware
- /julia
- /neovim