Post · bonfire.cafe

🏜️🎁 We accidentally found a security flaw in macOS Tahoe and earlier

An attacker can trick a user into performing a simple yet common action that breaks the sandbox protection of any file (e.g iMessage database and Safari browsing data) giving any application permanent access to the target file

Of course, we’re still investigating and won’t reveal the details until we report it to Apple. Though it shocked us that such a simple action can have such an effect on the sandbox.

Mysk🇨🇦🇩🇪

@mysk@mastodon.social replied · 2 months ago

On macOS, both iMessage and WhatsApp save messages and attachments unencrypted inside their sandbox containers. Any process with access to those containers can read/write/copy/export the data. This bug lets a malicious process access this data without permission or a password. We’re filing a report with Apple. But this may take some time.

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances

Bonfire social · 1.0.0 no JS en

Automatic federation enabled