Security risk notifications: macOS 15 seals Mac better
Until now, it was relatively easy to read sensitive messages from the message center database. This is set to change in Sequoia.
Message center with widgets in macOS 14.
(Image: Apple)
In macOS 15 alias Sequoia, which has been in public beta testing since Monday, Apple will secure a database that attackers have been able to read comparatively easily up to now. As security researcher Csaba Fitzl has discovered, Apple is now putting the database belonging to the macOS notification center in a container for the first time. This means that notifications - including iMessage messages - can no longer be read with a single sqlite3 command, which was previously possible if an attacker had the necessary local rights.
The problem has existed for years
The problem had existed for years and was likely brought to Apple's attention several times. "I think it only took them four years," wrote Fitzl on X. Apple itself normally requires app providers who want to use the macOS App Store to use the so-called App Sandbox including container. However, this is not always implemented for its own programs - or is delayed.
Apple had already announced that containers themselves would also be better secured. System Integrity Protection (SIP) now also protects the "~/Library/Group Containers" folder directly, so that apps can only ever access their own group container. These containers are already secured with queries as part of Apple's TCC (Transparency, Consent and Control), but with SIP, the company has gone one step further.
Sequoia adds protection
In macOS 14 and earlier, the Message Center database is located in the "private/var/folders" folder. This means that the aforementioned readout using sqlite3 plus xxd and plutil is sufficient, as reported by Fitzl, who is also not covered by SIP. The database contains all the things that usually end up in the message center, so this information is correspondingly sensitive.
The database is temporary and is available in text and binary format, but is completely unprotected. The problem is reminiscent of similar programming errors that recently occurred in the desktop app of OpenAI's ChatGPT or Microsoft's Recall function under Windows. Here too, all data was unprotected for local users on the computer.
Empfohlener redaktioneller Inhalt
Mit Ihrer Zustimmmung wird hier ein externer Preisvergleich (heise Preisvergleich) geladen.
Ich bin damit einverstanden, dass mir externe Inhalte angezeigt werden. Damit können personenbezogene Daten an Drittplattformen (heise Preisvergleich) übermittelt werden. Mehr dazu in unserer Datenschutzerklärung.
(bsc)
