|
|
|
|
|
|
by jupenur
1404 days ago
|
|
|
There's an even more ubiquitous app that also usually has mic and camera permissions and suffers from a similar (but technically unrelated) local code injection issue: Chrome. The bug is described here [0] and was closed as WontFix because "if your machine is compromised, it's beyond the scope of anything Chrome can do about it". Even if you don't use Chrome, you probably have at least a few Electron apps installed; they all suffer from the same issue. The only logical conclusion is the macOS privacy model, TCC, is doomed. There's always an app that has non-default TCC permissions and is vulnerable to some type of local code injection, and at that point any malicious app can also access those TCC-protected features. [0] https://crbug.com/1300121 |
|
|