Process injection: breaking all macOS security layers with a single vulnerability

Process injection: breaking all macOS security layers with a single vulnerability.
If you have created a new macOS app with Xcode 13.2, you may noticed this new method in the template:

  • (BOOL)applicationSupportsSecureRestorableState:(NSApplication *)app { return YES; } This was added to the Xcode template to address a process injection vulnerability we reported!
    In macOS 12.0.1 Monterey, Apple fixed CVE-2021-30873. This was a process injection vulnerability affecting (essentially) all macOS AppKit-based applications. We reported this vulnerability to Apple, along with methods to use this vulnerability to escape the sandbox, elevate privileges to root and bypass the filesystem restrictions of SIP.

Read in full here:

This thread was posted by one of our members via one of our news source trackers.

Corresponding tweet for this thread:

Share link for this tweet.