A race situation vulnerability in Apple’s WorkflowKit has been recognized, permitting malicious purposes to intercept and manipulate shortcuts on macOS programs.
This vulnerability, cataloged as CVE-2024-27821, impacts the shortcut extraction and era processes inside the WorkflowKit framework, which is integral to the Shortcuts app on macOS Sonoma.
macOS WorkflowKit Race Vulnerability
The vulnerability arises from a race situation within the technique answerable for extracting signed shortcut information. The strategy -[WFShortcutPackageFile preformShortcutDataExtractionWithCompletion:] incorporates a flaw that may be exploited by malicious apps.
Maximizing Cybersecurity ROI: Professional Ideas for SME & MSP Leaders – Attend Free Webinar
These apps can intercept shortcut information through the import course of, bypassing the necessity for a legitimate signature test. The exploitation entails modifying the extracted information earlier than they’re finalized, permitting an attacker to inject malicious code into shortcuts with out consumer consent.
Furthermore, one other race situation was found within the technique generateSignedShortcutFileRepresentationWithPrivateKey:signingContext:error.
This flaw permits for comparable interception and modification through the era of signed shortcuts. By manipulating listing paths and utilizing symbolic hyperlinks, attackers can substitute official shortcuts with altered variations through the signing course of.
The implications of this vulnerability are important. Malicious apps may probably run silently within the background, intercepting shortcuts shared or imported by customers.
This might result in unauthorized entry to delicate consumer information or execution of unintended actions inside shortcuts. The vulnerability underscores the significance of sturdy path dealing with and validation mechanisms in software program improvement.
Apple has addressed this vulnerability in macOS Sonoma 14.5 by implementing further sandbox restrictions and enhancing path validation processes.
This patch prevents unauthorized entry to short-term directories used throughout shortcut extraction and era, successfully mitigating the chance of exploitation.
The invention and reporting of this vulnerability had been credited to safety researchers Kirin (@Pwnrin), zbleet, and Csaba Fitzl (@theevilbit) of Kandji. Their efforts spotlight the continued want for vigilance in figuring out and addressing safety flaws in broadly used software program frameworks.
Whereas Apple has promptly addressed this difficulty with a patch, customers are suggested to replace their programs to macOS Sonoma 14.5 or later to make sure safety towards potential exploits.
For builders and safety professionals, this case emphasizes the significance of understanding race situations and implementing complete safety measures to forestall comparable vulnerabilities in future software program releases.
Are you from SOC/DFIR Groups? – Analyse Malware Information & Hyperlinks with ANY.RUN -> Attempt for Free