macOS Internals & Development

Introduction to the Apple Mobile File Integrity on the macOS with Python

How developers get their software notarized, and how that works when you try to run it on your Mac.

null

We discuss some of our favorite and most interesting built-in macOS security tools.

Adapting selections from Mac Hacker’s Handbook for 2022 with help from some open source references

Simple Utility Script for allowing debug of hardened macOS apps. · GitHub

A collection of Apple-related CTF writeups. Contribute to 0x3c3e/apple-ctf-writeups development by creating an account on GitHub.

null

Как получить быструю виртуальную MacOS Ventura в линуксе. В этот раз через QEMU + KVM + скрипты.

Slides from our #hexacon talk about reversing AppleAVD: https://t.co/SrD6Sa4aJF (by me, @NikitaTarakanov, @berkcgoksel, and Max Dmitriev i_Greek).AppleAVD is ~120 KLoC of code processing untrusted external media input in MacOS/iOS kernel, which was actively exploited in the past— Andrey Labunets (@isciurus) December 25, 2022

Some time ago I was using Logic Pro to record some of my music and I needed a way to start and stop the recording from an iPhone, so I found about Logic Remote and was quite happy with it.After the se

For the number of years I’ve been in the macOS community, one fact has always stayed consistent: Developers and users don’t understand what System Integrity Protection really is. Thus in today’s blog post, I want to clear up some misconceptions about this setting in macOS and propose better ways for developers to manage this setting.

Meter is currently tracking an issue that is affecting M1/M2 Macbooks and leading to slow internet connection, drops in Zoom calls, and entirely losing a WiFi connection.

iOS Mirroring and Programmatic airplay selection can be done using private APIs in the MediaPlayer.framework.

A repo for the kmem_guard_t blogpost

Verifying a CMS detached signature in pyobjc on macOS · GitHub

Endpoint Security client that sends SIGSTOP to newly spawned processes · GitHub

Updated charts of containers and volumes on boot volume groups for Ventura, with details of cryptexes and what they do.

With macOS 10.15 - Catalina, Apple has introduced a change in the way system and user data is stored on disk. In prior versions, the root '...

p-joker -- iOS/MacOS kernelcache/kexts analysis tool - GitHub - lilang-wu/p-joker: p-joker -- iOS/MacOS kernelcache/kexts analysis tool

Tool for reverse engineering macOS/OS X. Contribute to steven-michaud/HookCase development by creating an account on GitHub.

Some time ago I was using Logic Pro to record some of my music and I needed a way to start and stop the recording from an iPhone, so I found about Logic Remote and was quite happy with it.After the se

With the unveiling of macOS Ventura a few weeks ago, Apple did a full clean house on their root volume to try and remove as much bloat in their OS as possible.

Dropping some initial quick notes for a new security feature I ran into on macOS Ventura. It’s called “Launch Constraints” and lives inside AMFI. Do the following experiment: Copy Terminal.app to your HOME folder and try to run it on Monterey and Ventura. On the former it will work without any issues, on the other it will fail, and we will get the following error: 2022-06-14 05:59:55.254678+0200 0x5481 Default 0x0 0 0 kernel: (AppleMobileFileIntegrity) AMFI: Launch Constraint Violation (enforcing), error info: c[1]p[1]m[1]e[2], (Constraint not matched) launching proc[vc: 1 pid: 1112]: /Users/ace/Terminal.

Description of the Launch Constraints introduced in iOS 16 · GitHub

iOS 13.4.5 beta 1 (17F5034c) sandbox operations · GitHub