A software developer has released details about a flaw in App Management, a security feature introduced in macOS Ventura. The developer discovered the issue before Ventura was officially released last October, but a fix has never been issued, so the developer has decided to go public with the information.
App Management is intended to prevent malicious software modifications by keeping an eye out for attempts by software to modify other apps on the Mac. If this happens, App Management blocks the modification and alerts the user, who can allow it if applicable.
In a blog post, Jeff Johnson details how the flaw involves the app sandbox. Sandboxed apps can’t modify other apps without permission, but, Johnson explains, Apple has placed the Applications folder itself within the sandbox. This setup allows non-sandboxed apps to modify other apps and bypass a check by App Management.
Johnson created an Xcode project that demonstrates the flaw. Johnson actually hinted at this flaw in a post back in October 2022, where he explained how App Management works and the five ways an app can get permissions–he noted a sixth way, but did not reveal it at the time because it is this sandbox flaw.
Johnson said he reported the issue to Apple, who acknowledged receiving the report but has yet to fix it, which led to Johnson revealing the details on his blog. “The standard practice in reporting a security vulnerability is to give the vendor 90 days to address the issue, and I’ve given Apple vastly more time than expected,” Johnson wrote. Apple has not commented on the issue.
Johnson’s report is a good reminder that users need to be proactive in maintaining a secure Mac. It’s not enough to simply rely on Apple’s security features–as Johnson shows, they’re not perfect. A practice that users should keep in mind is to download software only from trusted sources, such as the App Store (which makes security checks of its software) or directly from the developer. Malware is often disguised as legitimate software and is distributed through email or on the web through forums and software sites that are not vigilant about security.
Another way to protect yourself is to update to the latest version of macOS whenever possible. Apple releases security patches through OS updates, so it’s important to install them when they are available. When Apple eventually gets around to fixing the App Management flaw, it will be done through a system update.
Macworld has several guides to help you maintain your security, including a guide on whether or not you need antivirus software, a list of Mac viruses, malware, and trojans, and a comparison of Mac security software.