CommunityNews
Process injection: breaking all macOS security layers with a single vulnerability
Process injection: breaking all macOS security layers with a single vulnerability.
If you have created a new macOS app with Xcode 13.2, you may noticed this new method in the template:
- (BOOL)applicationSupportsSecureRestorableState:(NSApplication *)app { return YES; } This was added to the Xcode template to address a process injection vulnerability we reported!
In macOS 12.0.1 Monterey, Apple fixed CVE-2021-30873. This was a process injection vulnerability affecting (essentially) all macOS AppKit-based applications. We reported this vulnerability to Apple, along with methods to use this vulnerability to escape the sandbox, elevate privileges to root and bypass the filesystem restrictions of SIP.
Read in full here:
This thread was posted by one of our members via one of our news source trackers.
Popular Macos topics
The iPhone 12 series was just announced in October, but that’s not stopping Apple from having an event that’s expected to be a reveal for...
New
Exclusive: Apple dropped plan for encrypting backups after FBI complained - sources.
Apple Inc <AAPL.O> dropped plans to let iPhon...
New
A few weeks ago, we’ve seen Apple announce their newest iPhone 13 series devices, a set of phones being powered by the newest Apple A15 S...
New
GitHub - CodeEditApp/CodeEdit: CodeEdit App for macOS – Elevate your code editing experience. Open source, free forever…
CodeEdit App fo...
New
Apple Business Essentials now available for small businesses.
Thousands of small businesses in the Apple Business Essentials beta report...
New
Tony Fadell says the virtual reality world risks damaging human interaction and creating toxicity.
New
Inside the dissolution of Apple’s legacy design team.
Apple’s design team is legendary. But following the death of Steve Jobs, dysfuncti...
New
Google’s decision to block the Truth Social app’s launch on the Play Store over content moderation issues raises the question as to why A...
New
The price of the Apple One subscription bundle is also going up.
New
The UK competition watchdog launches a market investigation into cloud gaming and mobile browsers.
New
Other popular topics
Hello Devtalk World!
Please let us know a little about who you are and where you’re from :nerd_face:
New
Which, if any, games do you play? On what platform?
I just bought (and completed) Minecraft Dungeons for my Nintendo Switch. Other than ...
New
I know that -t flag is used along with -i flag for getting an interactive shell. But I cannot digest what the man page for docker run com...
New
New
I’ve been hearing quite a lot of comments relating to the sound of a keyboard, with one of the most desirable of these called ‘thock’, he...
New
The V Programming Language
Simple language for building maintainable programs
V is already mentioned couple of times in the forum, but I...
New
Crystal recently reached version 1. I had been following it for awhile but never got to really learn it. Most languages I picked up out o...
New
API 4
Path:
/user/following/
Method:
GET
Description:
Returns the list of all names of people whom the user follows
Response
[
{ ...
New
Author Spotlight
Erin Dees
@undees
Welcome to our new author spotlight! We had the pleasure of chatting with Erin Dees, co-author of ...
New
This is cool!
DEEPSEEK-V3 ON M4 MAC: BLAZING FAST INFERENCE ON APPLE SILICON
We just witnessed something incredible: the largest open-s...
New
Sponsor Spotlight
Practical resources that improve the lives of professional developers.
Latest in Security
Categories:
Sub Categories:
Popular Portals
- /elixir
- /rust
- /ruby
- /wasm
- /erlang
- /phoenix
- /keyboards
- /rails
- /js
- /python
- /security
- /go
- /swift
- /vim
- /clojure
- /emacs
- /haskell
- /java
- /onivim
- /svelte
- /typescript
- /crystal
- /kotlin
- /c-plus-plus
- /tailwind
- /gleam
- /ocaml
- /react
- /elm
- /flutter
- /vscode
- /ash
- /opensuse
- /centos
- /php
- /html
- /deepseek
- /zig
- /scala
- /sublime-text
- /lisp
- /textmate
- /debian
- /nixos
- /react-native
- /agda
- /kubuntu
- /arch-linux
- /ubuntu
- /revery
- /django
- /manjaro
- /spring
- /nodejs
- /diversity
- /lua
- /c
- /julia
- /slackware
- /markdown
Devtalk Sponsors
Practical resources that improve the lives of professional developers.
We build trusted fault-tolerant systems that scale to billions of users.
Real-time error tracking, performance insights, and observability for devs.
Develop your skills with books, videos, and courses.
Catch errors, track performance, monitor hosts and more.
Enabling companies to succeed by building software people love.
Courses that'll move you from confusion to "Aha, now I get it!"