In macOS 15 aka Sequoia, which has been in public beta testing since Monday, Apple will secure a database that attackers have previously been able to read with relative ease. As security researcher Csaba Fitzl has been establishedApple puts it macOS Notification Center The database associated with it is now in a container for the first time. This means that notifications – including iMessage messages – can no longer be read with a single sqlite3 command, which was previously possible if an attacker had the necessary local rights.
Advertisement
The problem had existed for years
The problem has existed for years and Apple has probably been told about it many times. “I think it only took them four years to do this,” Fitzl wrote on X. Apple usually requires app providers that want to use the macOS App Store to use the so-called App sandbox including containers. However, in their own programs, this is not always implemented – or it is delayed.
Apple already announced that the containers themselves will also be better protected. System Integrity Protection (SIP) system security now also directly protects the “~/Library/Group Containers” folder, so that apps are only allowed to access their own group containers. These containers are already protected from queries as part of Apple’s TCC (Transparency, Consent, and Control), but the company uses SIP One more step on this,
iOS 18 and macOS 15: Photos app collects broken and lost imagesSequoia Provides Extra Security
In macOS 14 and earlier, the Notification Center database is located in the private/var/folder folder. This means that reading using sqlite3 plus xxd and plutil is enough Fitzal reports furtherwhich is also not covered by SIP. The database includes everything that usually ends up in the Notification Center, so this information is sensitive.
The database is temporary and in text and binary format, but completely unsecured. This problem is reminiscent of similar programming errors recently found in the desktop app of OpenAI’s ChatGPT or Microsoft’s Recall function under Windows. Here, too, all the information was stored on the computer insecurely for local users.
(B.Sc.)
iOS 18 beta: This is how you can test the new operating system
