After waiting ten months for a patch, a developer has finally released the exploit for App Management in macOS Ventura, which allows an app to modify files that it shouldn’t.
Jeff Johnson, the developer who notified Apple about this issue last October, was frustrated to see no fix rolled out till now. Thus, he finally demonstrates the exploit to the public after Apple ignores his work and bounty.
Ignoring a Permission Bypass Bug
While Apple is known for its strict security and privacy policies, the company has unwaveringly ignored a serious bug in its macOS Ventura – that lets a sandboxed app modify files in the non-sandboxed environment.
The discoverer, Jeff Johnson, a developer who often finds random bugs in the Apple software ecosystem, has noted a permission bypass issue in macOS Ventura’s App Management feature.
Explaining this involves the app sandbox, where he noted a sandboxed app could modify files that it shouldn’t be – as barred by App Management policies. But this system is flawed since the Applications folder is part of the sandbox itself, letting the sandboxed app access the file system access, ultimately.
Calling the ease of this bypass “truly stunning,” Johnson notified this issue to Apple in October last year. Though the Cupertino-based company quickly acknowledged, it seemingly didn’t do anything with it.
And after waiting for ten long months, Johnson finally released the exploit to the public on August 19, 2023. Saying that he “lost all confidence in Apple to address the issue promptly,” Johnson expresses his disappointment in missing a potential bounty. However, Apple didn’t promise him anything yet.
This isn’t the first time he discovered something similar in macOS; Johnson 2020 shared an exploit to bypass file privacy and security protections in macOS Mojave that made him a notable security person in the Apple ecosystem.