2023-08-21 13:45:00
The developer Jeff Johnson revealed, in a recent post on your blogthat the macOS is coming has a security hole — which he reported to Apple ten months ago — that affects the feature App Manager. Since older OS versions do not have this function, they are not affected by the issue.
More precisely, such a feature prevents an application from making unauthorized modifications to other software. In this sense, macOS notifies the user, who must then authorize or deny this process.
The loophole discovered by Johnson involves the App Sandbox on macOS. There are six methods by which an application can obtain permissions to modify other software, the last of which is where the loophole discovered by Johnson is.
Behind all the technicalities surrounding the loophole, Johnson explained that he created a test project in Xcode for two applications, one without and one with sandbox incorporated. So the app without sandbox asks for the path of a file and opens it in com sandboxwhich is able to overwrite the content of the first one, completely bypassing App Manager restrictions.
The developer reported the problem to Apple on October 19, 2022. Two days later, he received an acknowledgment from the company’s security team, but was not rewarded for the program. Apple Security Bounty. More than that, he also didn’t see any fixes for the problem itself until today.
Due to this lack of feedback from the company, he claims that it has been a frustrating period and that he “lost confidence in Apple for not protecting the safety of users”. We’ll see if, with the public exposure of the problem and its repercussions, Apple will take a more serious attitude towards the situation.
via AppleInsider
1692682243
#Developer #exposes #flaw #macOS #Ventura #App #Manager