Starting with version 10.5 of its desktop OS, Apple has allowed developers to voluntarily remove functionality from their applications using a set of pre-defined profiles — nixing network access, or the ability to write to the filesystem, for example — as a way to limit the damage an app could do should it be compromised in the wild. CoreLabs Research has discovered a way to route around these limits: using Apple Events, a given application can launch other applications that don't have the same restrictions in place. Imagine an application that's been specifically prohibited from accessing the Internet being able to launch a fully-functioning Safari, and you'll get the idea.
»read more
Starting with version 10.5 of its desktop OS, Apple has allowed developers to voluntarily remove functionality from their applications using a set of pre-defined profiles — nixing network access, or the ability to write to the filesystem, for example — as a way to limit the damage an app could do should it be compromised in the wild. CoreLabs Research has discovered a way to route around these limits: using Apple Events, a given application can launch other applications that don't have the same restrictions in place. Imagine an application that's been specifically prohibited from accessing the Internet being able to launch a fully-functioning Safari, and you'll get the idea. »read more
More at: TheVerge Add additional source
Filed in: Operating SystemsAppleMac OS X 10.5