macOS Ventura App Management exploit revealed 10 months after discovery

Jeff Johnson is a developer who has found exploits in a variety of online services and software over the years. However, in his latest disclosure of an issue, he's doing so due to Apple failing to actually issue an update that solves the problem at all.

After writing a blog post in October about macOS Ventura's App Management feature, Johnson discovered a bypass for App Management that didn't require full disk access. At the time, he sent the issue to Apple Product Security, expecting a response.

Finding the bypass in October 19, 2022, Apple Product Security acknowledged the report's existence on October 21, but seemingly didn't do anything with it. The exploit was shared publicly on August 19, 2023 by Johnson after waiting ten months.

While normally bugs are disclosed to the public a set period of time after the developer has been informed of an issue, typically 60 to 120 days later to give time for a fix to be developed and issued, Johnson is sharing the exploit publicly because "I've lost all confidence in Apple to address the issue in a timely manner."

After noting the absurdity of a ten-month exploit fix wait, Johnson acknowledges he won't be able to receive an Apple Security Bounty. However, Johnson also claims Apple hasn't promised to pay anything, and insists Apple's policy states that it refuses to pay or calculate a bounty until after an issue fix is released, so he "could be waiting forever for nothing."

Oddly to Johnson, he was credited as part of security notes for macOS Ventura 13.4, and was informed that his report was helpful in fixing another exploit, but there was no bounty to be paid.

The Exploit

In his October blog post, Johnson said there were at least six different ways for an app to gain app management permissions, but kept the sixth method secret. The vulnerability is the sixth method.

According to the developer, it involves the app sandbox, as he accidentally discovered that a sandboxed app could modify files that it shouldn't be capable of modifying. This includes files stored in a bundle of a notarized app that was supposed to be protected under App Management security.

Though a sandboxed app has limited file system access, the Applications folder is part of the sandbox itself. A non-sandboxed app can also open files in a sandboxed app, which can expand the sandboxed app's sandbox.

To demonstrate the issue, Johnson has released a sample Xcode project that includes the source code for two apps, with a sandboxed app contained within a non-sandboxed version. The sandboxed helper app is a document-based app that can overwrite a file's contents and saves the file.

Johnson says the overwriting of the file completely bypasses App Management in macOS 13.5.1. "The straightforwardness and ease of the bypass is truly stunning."

This is not Johnson's first macOS exploit rodeo. For macOS Mojave in June 2020, he created an exploit to bypass file privacy and security protections, referring to Apple's systems at the time as "security theater."