Deprecated, Insecure Apple Authorization API Can Be Abused to Run Code at Root

August 25, 2017


A deprecated Apple authorization API, invoked by third-party installers, is still developers’ preferred choice for updating apps and services on macOS. And that’s a problem because of a massive security issue that could be abused by a local attacker to elevate privileges to root with a little unwitting help from the user.

The situation is known and was raised again last month during DEF CON by noted Mac security researcher Patrick Wardle, chief security researcher at Synack. What compounds the potential severity associated with the continued use of the AuthorizationExecuteWithPrivileges API is that installers for popular applications such as Slack, Google Chrome, Google-owned Dropcam, VMware Fusion, numerous security software updaters, and the open source update library Sparkle all call the deprecated API during updates.

Read More on Threat Post