Full Report
In macOS, most processes run in a restricted sandbox with the com.apple.security.app-sandbox entitlement. These sandbox restrictions are applied before the app's main function via containerization via the dyld library. Files that are dropped from the app are quarantined by default. Forked processes inherit the properties. The Service Sandbox, such as Apple daemon services, manually call the sandboxing via app specific sandbox properties. In this mode, the quarantine functionality has to be manually invoked and is not done automatically. A common way for a sandbox escape in the past was targeting Mach services running the System or User domain. The PID domain seems to be accessible to all sandbox apps, giving us some more attack surface without extra entitlement checks. The Application service type is a newer XPC service. When loading an application, it appears that it is automatically registered to the XPC service when loaded. The key insight is that we have an access control issue - the sandbox applications are able to call this API with lots of permissions. To exploit this, they started finding all applications that were XPC services registered to the PID domain that were XPC Applications. SystemShoveService.xpc has powerful entitlement for com.apple.rootless.install to work around Protection (SIP). The XPC service does not check the incoming client. This allows us to drop an app folder that will not be quarantined or a DMG file to be executed. They have a separate blog post on this one. storagekitfsrunner runner only had a single function that took in an executable path and arguments. Obviously, this leads to the ability to start a process that isn't sandboxed to escape. Many of the other vulnerabilities are similar to this pattern. Call XPC from the sandbox to execute a privileged action. "Privileged" in this case is interesting though. If there is any file handling, these files will be created without quarantine, thus resulting in them being directly executable. Much of figuring out the vulnerable apps required a ton of reverse engineering to do. Another one was an app with the Full Disk Access TCC entitlement. It's purpose is to give an app complete read/write access to the file system. This is done by calling the sandbox_extension_issue_file to issue a file token under the hood. This pattern of proxying permissions from an XPC app to the underlying app is a somewhat common pattern but can suffer from a confused deputy problem. Another attack uses this to access Photos and the camera directly to bypass a TCC permission check. Several of the issues required funny symlink or folder creations to exploit properly. All in all, they ended up with 10+ vulnerabilities with 5 still in the patching queue. Once you find a new attack surface that seems unexpected, hit it hard until all of the bugs are gone! Good post on the root cause of the vulns and how they were exploited.
Analysis Summary
# Vulnerability: Multiple macOS Sandbox Escapes via XPC PID Domain Services
## CVE Details
- **CVE IDs:**
- CVE-2023-27944
- CVE-2023-32414
- CVE-2023-32404
- CVE-2023-41077
- CVE-2023-42961
- CVE-2023-42977
- CVE-2024-27864
- **CVSS Score:** Approximately 7.1 - 7.8 (High) - *Based on typical Sandbox Escape ratings for macOS.*
- **CWE:** CWE-285 (Improper Authorization), CWE-427 (Uncontrolled Search Path Element), CWE-911 (Improper Update of Reference Count).
## Affected Systems
- **Products:** Apple macOS (Ventura, Sonoma, and earlier versions).
- **Versions:** Affected versions prior to the patches released in late 2023 and 2024.
- **Configurations:** Systems where "App Sandbox" or "Service Sandbox" is utilized, involving specific XPC services registered in the **PID Domain**.
## Vulnerability Description
This research identifies a significant architectural flaw in how macOS handles XPC Services in the **PID Domain**. While most sandbox escapes target User or System domains, the PID domain was found to be accessible to all sandboxed apps without extra entitlement checks.
The core issue is a **Confused Deputy** problem. Sandboxed applications can call specific XPC Services (such as `SystemShoveService.xpc` or `storagekitfsrunner`) that possess high-level entitlements (e.g., `com.apple.rootless.install`). These services often fail to validate the incoming client's identity or sandbox status. Furthermore, files dropped by these "Service Sandbox" processes are not automatically quarantined, allowing an attacker to drop and execute non-sandboxed, privileged code.
## Exploitation
- **Status:** PoC available (presented at POC2024); various vulnerabilities have been addressed, but some remains in the patching queue.
- **Complexity:** Medium (Requires significant reverse engineering of XPC interfaces).
- **Attack Vector:** Local (Assumes the attacker already has code execution within a sandboxed process, such as from a browser or document reader).
## Impact
- **Confidentiality:** High (Access to sensitive user data, Photos, Camera, and Full Disk Access).
- **Integrity:** High (Ability to bypass System Integrity Protection (SIP) via `SystemShoveService` and drop non-quarantined files).
- **Availability:** Low (Primary goal is privilege escalation and persistence rather than DoS).
## Remediation
### Patches
- Users should update to the latest version of **macOS Sonoma** or **macOS Sequoia**.
- Specific fixes were implemented in:
- macOS Ventura 13.4 (CVE-2023-32414, CVE-2023-32404)
- macOS Sonoma 14.1 (CVE-2023-41077)
- Subsequent security updates have addressed the others listed.
### Workarounds
- There are no viable end-user workarounds other than OS updates, as the vulnerability exists in core system IPC mechanisms.
- Developers should ensure XPC services use `requirement` strings in their listeners to verify that only authorized clients can connect.
## Detection
- **Indicators of Compromise:**
- Unexpected processes being launched by `SystemShoveService` or `storagekitfsrunner`.
- Files appearing in system directories without the `com.apple.quarantine` extended attribute.
- **Detection Methods:** Monitor XPC traffic for unusual requests to PID-domain services from sandboxed applications (e.g., via `log show --predicate 'subsystem == "com.apple.xpc"'`).
## References
- **Vendor Advisories:** hxxps[://]support[.]apple[.]com/en-us/HT201222
- **Research Slides:** hxxps[://]github[.]com/jhftss/jhftss.github.io/blob/main/res/slides/A%20New%20Era%20of%20macOS%20Sandbox%20Escapes.pdf
- **Technical Blog:** hxxps[://]jhftss[.]github[.]io/A-New-Era-of-macOS-Sandbox-Escapes/