The blog post about how #macOS stored authentication tokens in persistent file metadata via the kMDItemWhereFroms key after download.

https://afine.com/how-macos-file-metadata-exposed-authentication-tokens/

Short post about LPE and TCC Bypass on macOS through third-party apps bundled with Sparkle framework - a reminder of why XPC services should validate their clients.

https://afine.com/threats-of-unvalidated-xpc-clients-on-macos/

Since #Microsoft does not care, and the grace period is over, here is the Hardened Runtime bypass they introduced through .NET MAUI on #macOS. All applications built with it are vulnerable. The #vulnerability has existed probably since 2019.

https://afine.com/breaking-hardened-runtime-the-0-day-microsoft-delivered-to-macos/

Short post about why you should not distribute apps with `get-task-allow` through App Store and why #Apple should improve the distribution process.

https://afine.com/to-allow-or-not-to-get-task-allow-that-is-the-question/

This post demonstrates how bugs aren't always what they seem, especially when working with a decompiled version of the code. Compiler optimization or decompiler artifacts can mask or "fix" high-level code issues. #Apple #macOS #iOS

https://afine.com/reverse-engineering-apples-tcc-daemon-when-decompiled-code-lies/

#Phrack is much older than me, it is good to see it still doing so well, and an honour to be one of its authors in the 40th anniversary edition, which is now available online: https://phrack.org/issues/72/9_md#article

Thank you for what you are doing for our community. Long live the #Phrack!

Microsoft Visual Studio Code has a misconfiguration in its Electron setup that enables the “RunAsNode” fuse, letting attackers bypass TCC on macOS.

https://afine.com/tcc-bypass-in-microsoft-visual-studio-code-via-misconfigured-node-fuses/

An example of how plaintext credentials stored in memory can pose a threat.

https://afine.com/insecure-credential-storage-in-check-point-smartconsole-aka-cve-2024-24915/