CommunityNews
Process injection: breaking all macOS security layers with a single vulnerability
Process injection: breaking all macOS security layers with a single vulnerability.
If you have created a new macOS app with Xcode 13.2, you may noticed this new method in the template:
- (BOOL)applicationSupportsSecureRestorableState:(NSApplication *)app { return YES; } This was added to the Xcode template to address a process injection vulnerability we reported!
In macOS 12.0.1 Monterey, Apple fixed CVE-2021-30873. This was a process injection vulnerability affecting (essentially) all macOS AppKit-based applications. We reported this vulnerability to Apple, along with methods to use this vulnerability to escape the sandbox, elevate privileges to root and bypass the filesystem restrictions of SIP.
Read in full here:
This thread was posted by one of our members via one of our news source trackers.
Popular General Dev topics
Thanks to @AstonJ for encouraging me to post this here:
An introduction to alternative keyboard layouts
Feel free to post your own expe...
New
Which apps do you think are killing it right now?
Either from a technical perspective or ones that you like personally or feel have been...
New
You might be thinking we should just ask who’s not using VSCode :joy: however there are some new additions in the space that might give V...
New
poll
poll
Be sure to check out @Dusty’s article posted here: An Introduction to Alternative Keyboard Layouts It’s one of the best write-...
New
I always start with excitement and then get busy on 9/10th day. This year, like the year before this, and the year before that, I intend ...
New
Saw this on TikTok of all places! :lol:
Anyone heard of them before?
Lite:
New
I’ve been watching Prag Dave’s Elixir course and I noticed he uses tree:
Tree is a recursive directory listing program that produces a ...
New
Raspberry Pi security alarm — the basics.
In November last year — I started building a DIY security alarm system, using a Raspberry Pi a...
New
Large Language Models like ChatGPT say The Darnedest Things.
The Errors They MakeWhy We Need to Document Them, and What We Have Decided ...
New
I’m working on a Spring Boot project and I have a controller where I want to map multiple request paths to a single method. Let’s say I h...
New
Other popular topics
Rust is an exciting new programming language combining the power of C with memory safety, fearless concurrency, and productivity boosters...
New
Thanks to @foxtrottwist’s and @Tomas’s posts in this thread: Poll: Which code editor do you use? I bought Onivim! :nerd_face:
https://on...
New
Inspired by this post from @Carter, which languages, frameworks or other tech or tools do you think is killing it right now? :upside_down...
New
I ended up cancelling my Moonlander order as I think it’s just going to be a bit too bulky for me.
I think the Planck and the Preonic (o...
New
In case anyone else is wondering why Ruby 3 doesn’t show when you do asdf list-all ruby :man_facepalming: do this first:
asdf plugin-upd...
New
A few weeks ago I started using Warp a terminal written in rust. Though in it’s current state of development there are a few caveats (tab...
New
Author Spotlight
Rebecca Skinner
@RebeccaSkinner
Welcome to our latest author spotlight, where we sit down with Rebecca Skinner, auth...
New
I have always used antique keyboards like Cherry MX 1800 or Cherry MX 8100 and almost always have modified the switches in some way, like...
New
Author Spotlight:
Peter Ullrich
@PJUllrich
Data is at the core of every business, but it is useless if nobody can access and analyze ...
New
A Ruby-Centric Chat with Noel Rappin @noelrappin
Once you start noodling around with Ruby you quickly figure out, as Noel Rappi...
New
Latest in General Dev
Latest (all)
Categories:
Popular Portals
- /elixir
- /rust
- /wasm
- /ruby
- /erlang
- /phoenix
- /keyboards
- /js
- /rails
- /python
- /security
- /go
- /swift
- /vim
- /clojure
- /java
- /haskell
- /emacs
- /svelte
- /onivim
- /typescript
- /crystal
- /c-plus-plus
- /tailwind
- /kotlin
- /gleam
- /react
- /flutter
- /elm
- /ocaml
- /vscode
- /opensuse
- /centos
- /ash
- /php
- /deepseek
- /zig
- /scala
- /html
- /debian
- /nixos
- /lisp
- /agda
- /sublime-text
- /textmate
- /react-native
- /kubuntu
- /arch-linux
- /revery
- /ubuntu
- /manjaro
- /django
- /spring
- /diversity
- /lua
- /nodejs
- /c
- /julia
- /slackware
- /neovim
Devtalk Sponsors
Practical resources that improve the lives of professional developers.
We build trusted fault-tolerant systems that scale to billions of users.
Catch errors, track performance, monitor hosts and more.
Enabling companies to succeed by building software people love.
Courses that'll move you from confusion to "Aha, now I get it!"