Techly NewsGet the app

Get the latest tech news

Multiple new macOS sandbox escape vulnerabilities


This is a blog post for my presentation at the conference POC2024. The slides are uploaded here.

Through my research, I found that registering the XPC service to a sandboxed application’s PID domain is as simple as a single line of code: Next, I can create the symlink from the sandboxed application directly, or just assign the executable permission to the extracted macho by calling the API chmod. It can be abused to read an arbitrary file with extension “.png ”, and the retrieved data will be stored in a member variable of the “ INImage ” instance and replied to the XPC client.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of new era

new era

Photo of macos sandbox

macos sandbox

Photo of new vulns

new vulns

Related news:

News photo

Researchers Store Panda Pics in DNA, Hinting at a New Era of Data Storage

News photo

The Dawn of a New Era for Supernova 1987a (2017)

News photo

OpenAI Ushers in New Era of Uncanny AI Voice Assistants

« Show HN: Asterogue, my sci-fi roguelike, is now playable on the web
Stabilizing the Obra Dinn 1-bit dithering process (2017) »