CommunityNews

Process injection: breaking all macOS security layers with a single vulnerability

Process injection: breaking all macOS security layers with a single vulnerability.
If you have created a new macOS app with Xcode 13.2, you may noticed this new method in the template:

(BOOL)applicationSupportsSecureRestorableState:(NSApplication *)app { return YES; } This was added to the Xcode template to address a process injection vulnerability we reported!
In macOS 12.0.1 Monterey, Apple fixed CVE-2021-30873. This was a process injection vulnerability affecting (essentially) all macOS AppKit-based applications. We reported this vulnerability to Apple, along with methods to use this vulnerability to escape the sandbox, elevate privileges to root and bypass the filesystem restrictions of SIP.

Read in full here:

This thread was posted by one of our members via one of our news source trackers.

View thread on forum

#macos /security

0 1308 0

2022-08-16 03:10:26 UTC

Where Next?

View thread on forum

security

macos

Home macOS>In The News

#macos /security

0 1308 0

Last post

Popular Macos topics

macOS>In The News

Amazon cuts off Parler’s web hosting following Apple, Google bans

arstechnica.com

#apple #google #hosting #web

0 949 0

2021-01-10 12:50:14 UTC

New

macOS>In The News

Apple bans Fortnite from App Store during Epic Games legal battle

The game won’t be available on iPhones or other Apple devices until its legal battle with Epic Games ends.

bbc.co.uk

#games #apple

0 855 0

2021-09-24 04:30:52 UTC

New

macOS>In The News

CodeEdit: Building a free, open-source code editor for macOS

GitHub - CodeEditApp/CodeEdit: CodeEdit App for macOS – Elevate your code editing experience. Open source, free forever… CodeEdit App fo...

github.com

#macos #code

11 1308 3

2022-03-21 19:55:07 UTC

New

macOS>In The News

Apple’s Private Relay can cause the system to ignore firewall rules

Apple’s Private Relay can cause the system to ignore firewall rules - Blog | Mullvad VPN. Apple’s Private Relay (Beta) feature calls hom...

mullvad.net

#apple #firewall

2 824 0

2022-04-26 23:18:40 UTC

New

macOS>In The News

M2 MacBook Pro’s 256GB SSD is only about half as fast as the M1 version’s

Higher-capacity versions of the new MacBook Pro don’t seem to be affected.

arstechnica.com

#ssd #macbook

0 972 0

2022-06-27 23:03:23 UTC

New

macOS>In The News

Linux distro for Apple silicon Macs is already up and running on the brand-new M2

Asahi’s work can help other OSes, alternate Linux distros boot on Apple hardware.

arstechnica.com

#linux #macs #apple

0 1194 0

2022-07-18 23:47:00 UTC

New

macOS>In The News

Apple’s Virtualization framework is a great, free way to test new macOS betas

VirtualBuddy and other apps make it pretty easy to run macOS on top of macOS.

arstechnica.com

#macos #apple #test

0 817 0

2022-07-28 14:50:02 UTC

New

macOS>In The News

Hackers may have exploited security flaws - Apple

Users of some models of iPhone, iPad and Mac are being urged to run “important” security update.

bbc.co.uk

/security #apple

0 1095 0

2022-08-20 23:09:02 UTC

New

macOS>In The News

Once again, Apple calls workers back to the office—once again, workers fight back

An internal petition says individual teams should set remote-work policies.

arstechnica.com

#office #apple

0 836 0

2022-08-24 12:21:06 UTC

New

macOS>In The News

Telegram CEO Accuses Apple of Crushing Entrepreneurs

Telegram CEO Accuses Apple of Destroying Dreams and Crushing Entrepreneurs. Telegram’s CEO has accused Apple of destroying dreams and ru...

macrumors.com

#apple #telegram

1 999 1

2022-10-31 00:16:49 UTC

New

Other popular topics

Game Dev>Learning Resources

The Ray Tracer Challenge

Brace yourself for a fun challenge: build a photorealistic 3D renderer from scratch! In just a couple of weeks, build a ray tracer that r...

pragprog.com

#pragprog #published-book /book-the-ray-tracer-challenge #algorithms

3 6115 0

2020-09-22 14:26:56 UTC

New

Backend>Questions

Can someone explain the -t option/flag in docker run command?

I know that -t flag is used along with -i flag for getting an interactive shell. But I cannot digest what the man page for docker run com...

#docker

7 10261 2

2020-09-01 07:19:16 UTC

New

Community>Journals

Programming Erlang Book Club

My first contact with Erlang was about 2 years ago when I used RabbitMQ, which is written in Erlang, for my job. This made me curious and...

/erlang /book-programming-erlang-2nd-edition #book-club

195 6815 95

2025-02-16 20:22:17 UTC

New

General Dev>Hardware

Poll: Which keyboard layout do you use?

poll poll Be sure to check out @Dusty’s article posted here: An Introduction to Alternative Keyboard Layouts It’s one of the best write-...

colemakmods.github.io

#polls /keyboards

10 6048 11

2020-10-31 23:12:33 UTC

New

General Dev>Hardware

Keyboard thock (sound)

I’ve been hearing quite a lot of comments relating to the sound of a keyboard, with one of the most desirable of these called ‘thock’, he...

/keyboards #mechanical-keyboards

14 11197 8

2020-11-11 11:59:23 UTC

New

Backend>Chat

Using Regular Expressions in Erlang

Intensively researching Erlang books and additional resources on it, I have found that the topic of using Regular Expressions is either c...

/erlang #regular-expressions

91 5662 43

2021-09-06 19:12:48 UTC

New

Community>In The Spotlight

Spotlight: Mike Riley (Author) Interview and AMA!

Author Spotlight Mike Riley @mriley This month, we turn the spotlight on Mike Riley, author of Portable Python Projects. Mike’s book ...

#author-spotlight /python #iot /book-portable-python-projects #internet-of-things

62 7035 19

2022-06-09 14:01:01 UTC

New

Community>In The Spotlight

Spotlight: Rebecca Skinner (Author) Interview and AMA!

Author Spotlight Rebecca Skinner @RebeccaSkinner Welcome to our latest author spotlight, where we sit down with Rebecca Skinner, auth...

#author-spotlight /haskell /book-effective-haskell

106 11719 28

2022-11-16 10:29:37 UTC

New

General Dev>In The News

X can’t stop spread of explicit, fake AI Taylor Swift images

Will Swifties’ war on AI fakes spark a deepfake porn reckoning?

arstechnica.com

/swift

0 8379 0

2024-01-26 05:47:12 UTC

New

Backend>Learning Resources

Ash Framework

Explore the power of Ash Framework by modeling and building the domain for a real-world web application. Rebecca Le @sevenseacat and ...

pragprog.com

#pragprog /elixir #published-book /ash /book-ash-framework

15 7555 9

2025-02-06 12:19:21 UTC

New

Process injection: breaking all macOS security layers with a single vulnerability

CommunityNews

Process injection: breaking all macOS security layers with a single vulnerability

Where Next?

Popular Macos topics

Amazon cuts off Parler’s web hosting following Apple, Google bans

Apple bans Fortnite from App Store during Epic Games legal battle

CodeEdit: Building a free, open-source code editor for macOS

Apple’s Private Relay can cause the system to ignore firewall rules

M2 MacBook Pro’s 256GB SSD is only about half as fast as the M1 version’s

Linux distro for Apple silicon Macs is already up and running on the brand-new M2

Apple’s Virtualization framework is a great, free way to test new macOS betas

Hackers may have exploited security flaws - Apple

Once again, Apple calls workers back to the office—once again, workers fight back

Telegram CEO Accuses Apple of Crushing Entrepreneurs

Other popular topics

The Ray Tracer Challenge

Can someone explain the -t option/flag in docker run command?

Programming Erlang Book Club

Poll: Which keyboard layout do you use?

Keyboard thock (sound)

Using Regular Expressions in Erlang

Spotlight: Mike Riley (Author) Interview and AMA!

Spotlight: Rebecca Skinner (Author) Interview and AMA!

X can’t stop spread of explicit, fake AI Taylor Swift images

Ash Framework

Latest in Security

macOS>In The News

Latest on Devtalk

We ❤️ helpful members!

Categories:

Sub Categories:

Popular Portals

We're in Beta

Process injection: breaking all macOS security layers with a single vulnerability

CommunityNews

Process injection: breaking all macOS security layers with a single vulnerability

Where Next?

Popular Macos topics

Amazon cuts off Parler’s web hosting following Apple, Google bans

Apple bans Fortnite from App Store during Epic Games legal battle

CodeEdit: Building a free, open-source code editor for macOS

Apple’s Private Relay can cause the system to ignore firewall rules

M2 MacBook Pro’s 256GB SSD is only about half as fast as the M1 version’s

Linux distro for Apple silicon Macs is already up and running on the brand-new M2

Apple’s Virtualization framework is a great, free way to test new macOS betas

Hackers may have exploited security flaws - Apple

Once again, Apple calls workers back to the office—once again, workers fight back

Telegram CEO Accuses Apple of Crushing Entrepreneurs

Other popular topics

The Ray Tracer Challenge

Can someone explain the -t option/flag in docker run command?

Programming Erlang Book Club

Poll: Which keyboard layout do you use?

Keyboard thock (sound)

Using Regular Expressions in Erlang

Spotlight: Mike Riley (Author) Interview and AMA!

Spotlight: Rebecca Skinner (Author) Interview and AMA!

X can’t stop spread of explicit, fake AI Taylor Swift images

Ash Framework

Sponsor Spotlight

Latest in Security

macOS>In The News

Latest on Devtalk

We ❤️ helpful members!

Devtalk Sponsors

Categories:

Sub Categories:

Popular Portals

Devtalk Sponsors

We're in Beta