Carding
Professional
- Messages
- 2,870
- Reaction score
- 2,493
- Points
- 113
0day-a macOS Ventura security bypass vulnerability has undermined Apple's credibility.
Software engineer and developer Jeff Johnson uncovered a zero-day vulnerability in the macOS Ventura App Management system. According to Johnson, Apple did not take any steps to fix the problem within 10 months after the developer's initial report of the flaw.
The thorny path of vulnerability disclosure
In October last year, Johnson discovered a way to bypass the application management feature in macOS Ventura without having to get full access to the disk and immediately sent the information to Apple Product Security. Apple confirmed receipt of the report on October 21, but took no action. 10 months later, on August 19, 2023, Johnson decided to release information about the vulnerability.
Problems with Apple's Security Policy
It is common practice for developers to notify the manufacturer of a vulnerability and wait 60-120 days to develop and release a fix. However, Johnson publicly shared the exploit because he "lost all confidence that Apple would solve the problem in a timely manner."
Another notable feature is the lack of financial rewards from Apple. Johnson stressed that, according to the company's policy, rewards are paid only after the patch is released, so he "can wait forever without getting anything in return."
Technical details of the vulnerability
The vulnerability is related to the application sandbox: Johnson accidentally discovered that an isolated application in the sandbox can modify files that should have been protected by the application management system. The problem even applies to files stored in signed application packages that were supposed to be protected.
To demonstrate the problem, Johnson provided an example project in Xcode that includes the source code for two applications. According to the expert, overwriting a file completely bypasses the application management system in macOS 13.5.1.
The disclosure of the flaw calls into question the effectiveness of Apple's security mechanisms and the company's willingness to quickly solve such problems. It is still unclear when the company will take action to fix the vulnerability.
In 2020, Jeff Johnson revealed details about vulnerabilities in macOS that allowed bypassing the privacy protection mechanism. 6 months after Johnson notified Apple of the problems, the company did not fix them, and the engineer decided to report the flaws to the public.
And in August 2023, macOS security researcher Patrick Wardle presented the results of a study, according to which the Background Task Management malware detection tool built into macOS contains several vulnerabilities that allow you to bypass monitoring of the utility's autorun , thereby reducing its effectiveness.
Software engineer and developer Jeff Johnson uncovered a zero-day vulnerability in the macOS Ventura App Management system. According to Johnson, Apple did not take any steps to fix the problem within 10 months after the developer's initial report of the flaw.
The thorny path of vulnerability disclosure
In October last year, Johnson discovered a way to bypass the application management feature in macOS Ventura without having to get full access to the disk and immediately sent the information to Apple Product Security. Apple confirmed receipt of the report on October 21, but took no action. 10 months later, on August 19, 2023, Johnson decided to release information about the vulnerability.
Problems with Apple's Security Policy
It is common practice for developers to notify the manufacturer of a vulnerability and wait 60-120 days to develop and release a fix. However, Johnson publicly shared the exploit because he "lost all confidence that Apple would solve the problem in a timely manner."
Another notable feature is the lack of financial rewards from Apple. Johnson stressed that, according to the company's policy, rewards are paid only after the patch is released, so he "can wait forever without getting anything in return."
Technical details of the vulnerability
The vulnerability is related to the application sandbox: Johnson accidentally discovered that an isolated application in the sandbox can modify files that should have been protected by the application management system. The problem even applies to files stored in signed application packages that were supposed to be protected.
To demonstrate the problem, Johnson provided an example project in Xcode that includes the source code for two applications. According to the expert, overwriting a file completely bypasses the application management system in macOS 13.5.1.
The disclosure of the flaw calls into question the effectiveness of Apple's security mechanisms and the company's willingness to quickly solve such problems. It is still unclear when the company will take action to fix the vulnerability.
In 2020, Jeff Johnson revealed details about vulnerabilities in macOS that allowed bypassing the privacy protection mechanism. 6 months after Johnson notified Apple of the problems, the company did not fix them, and the engineer decided to report the flaws to the public.
And in August 2023, macOS security researcher Patrick Wardle presented the results of a study, according to which the Background Task Management malware detection tool built into macOS contains several vulnerabilities that allow you to bypass monitoring of the utility's autorun , thereby reducing its effectiveness.
