[MacTUG] Disclosure: Yet another macOS privacy protections bypass
Marlon Griffith
m3griffi at engmail.uwaterloo.ca
Wed Dec 2 09:49:03 EST 2020
"""
Today I'm disclosing a macOS privacy protections bypass. I discovered
that an application can use the venerable Unix command-line tool "ls"
(list directory contents) to bypass both TCC (Transparency, Consent, and
Control) and the sandbox, enabling unauthorized access to file metadata
in directories that are supposed to be protected. This issue remains
unaddressed in the latest public versions of Big Sur, Catalina, and
Mojave, and is therefore, in one sense, a zero-day.
https://lapcatsoftware.com/articles/disclosure3.html
"""
More information about the MacTUG
mailing list