Guilherme Rambo 4/4/2023

macOS Security Bugs Exposed Safari History and Device Location to Unauthorized Apps

Read Original

This technical article details the discovery of macOS security vulnerabilities (CVE-2023-23506 and CVE-2023-28192) where improper client validation in XPC services allowed unauthorized applications to access sensitive data like Safari browsing history and device location. It explains the underlying cause—broken assumptions about the isolation of local XPC services—and provides a technical breakdown of XPC service types and their security implications.

0 comments
#privacy #Maco #Apple
macOS Security Bugs Exposed Safari History and Device Location to Unauthorized Apps

Comments

No comments yet

Be the first to share your thoughts!

Browser Extension

Get instant access to AllDevBlogs from your browser

Top of the Week

1
React, useEffect, and Stale Closures: How to Avoid Them with Dependencies and useRef
Jivbcoop 4 votes
2
Better react-hook-form Smart Form Components
Maarten Hus 2 votes
3
AGI, ASI, A*I – Do we have all we need to get there?
John D. Cook 1 votes
4
Quoting Thariq Shihipar
Simon Willison 1 votes
5
Dew Drop – January 15, 2026 (#4583)
Alvin Ashcraft 1 votes
6
Using Browser Apis In React Practical Guide
Jivbcoop 1 votes