Post

Replies

Boosts

Views

Activity

Exploit CVE-2022-46689 for development
Hello everyone. I would like to know a bit more about vulnerability CVE-2022-46689. I was searching in the Internet and have found that it was an exploit in OS and it was already fixed with latest updates (I can't post the link here 😞). During the development we are checking our package (.PKG) via VirusTotal website. And when we updated macOS to 13.2 and XCode to 14.2 and created the PKG VirusTotal showing us that PKG is infected and detect it as a virus (Google and Ikarus vendors showing it and Ikarus detecting CVE-2022-46689). We made small test - upload PKG to Google Drive and try to download it - Google write a warning that file infected with a virus. Before we have used macOS 10.15 and XCode 12.1. I created the same PKG using old environment with same codebase and it passed all checks without any problems πŸ™‚. For me it is very interesting thing and I uploaded one by one files from our bundle to VirusTotal and found that it marked SystemExtension and Proxy files as a virus. We also have got 2 executable files inside bundle, it also were marked as a viruses. Possibly it can be a problem with VirusTotal and these 2 vendors but my question will be the next: As a developer on which places in code I need to pay my attention which can be related to CVE-2022-46689? Maybe it will help us to understand the reason of this issue and improve security of our application at all. Thanks in advance
4
0
2.6k
Feb ’23
Notarizing System Extension
Hello We are developing an application which using System Extension and all works as excepted, exclude one important thing - during the application launch we receive a system notification that System Extension is Blocked and we need to Allow it via System Preferences -> Security & Privacy (it require an admin password). So the question: Does it possible to avoid this behaviour? It's really very annoying customers to perform this actions by themselves. Our distribution flow is typical: We distribute application as a PKG Before distribution we notirize PKG installer and App (zip it and send to Apple Notarization Service via terminal) - notirize is passed and archives approved by Apple We are using Developer ID and manual signature in XCode for all components of application (main app, extension, cli daemon app) I tried zip system.extension and send it to notirize service and staple it after that. I saw that it notirized successfully but on first launch when app trigger System Extension installation macOS show popup that "System Extension Blocked" When user allow this System Extension macOS will ask him that application would like to add proxy configuration - it's okay, but Blocked System Extension is a real problem. We want to provide a better user experience and if it's possible it will be good to solve this issue. If somebody can assist or give us an accurate explanation that it's not possible and System Extension will be blocked in all cases I will be really glad. I can provide any additional information, if it required. Our screenshot: P.S. As I know there are many applications have got the same problem, for example I am as a user have got this behaviour for Cisco AnyConnect - I need to allow it in System Preferences on first launch 😒
4
0
1.3k
Dec ’21