A software developer has liberate details about a fault in App Management , a security lineament enter inmacOS Ventura . The developer discovered the issue before Ventura was formally released last October , but a fix has never been issued , so the developer has resolve to go public with the information .
App Management is intended to forestall malicious software modification by keeping an eye out for attack by software to modify other apps on the Mac . If this happens , App Management blocks the alteration and alerts the user , who can allow it if applicable .
In a web log military post , Jeff Johnson detailshow the fault require the app sandbox . Sandboxed apps ca n’t modify other apps without permission , but , Johnson explains , Apple has range the Applications folder itself within the sandbox . This setup let non - sandboxed apps to modify other apps and go around a cheque by App Management .
Johnson created an Xcode project that demonstrates the flaw . Johnson in reality hinted at this flaw in apost back in October 2022 , where he explained how App Management works and the five ways an app can get permissions – he observe a sixth way , but did not uncover it at the time because it is this sandpit flaw .
Johnson said he cover the issue to Apple , who acknowledge have the account but has yet to fix it , which led to Johnson discover the details on his web log . “ The stock pattern in reporting a security measures exposure is to give the vendor 90 days to treat the issue , and I ’ve given Apple vastly more clip than expected , ” Johnson wrote . Apple has not commented on the issue .
Johnson ’s report is a practiced reminder that drug user need to be proactive in conserve a unafraid Mac . It ’s not enough to just trust on Apple ’s security feature – as Johnson shows , they ’re not perfect . A practice that users should keep in thinker is to download software only from trusted origin , such as the App Store ( which makes security curb of its software program ) or directly from the developer . Malware is often disguised as licit software and is shell out through email or on the web through forums and software sites that are not vigilant about security .
Another way to protect yourself is to update to the latest version of macOS whenever potential . Apple secrete surety patch through type O updates , so it ’s important to install them when they are useable . When Apple finally gets around to fixing the App Management flaw , it will be done through a system update .
Macworld has several guides to aid you maintain your certificate , including a guide onwhether or not you need antivirus package , alist of Mac viruses , malware , and trojans , and acomparison of Mac security computer software .
