by

MakePass

AI Wallet Editor macOS iOS iPadOS

MakePass enhances your Apple Wallet experience with advanced pass editing and AI-driven design support. It offers a simple and efficient way to create & customize your passes with ease and precision.

HomeControl

Menu for HomeKit macOS

HomeControl is a powerful HomeKit menu bar app: check the state of your home at a glance, trigger a scene, switch the status of a device or even change you primary home directly from your Mac menu bar!

OverPicture

for Safari macOS iOS iPadOS

OverPicture is a Safari Extension that allows you to play any web video in Picture-In-Picture mode.

BrowserMask

for Safari macOS iOS iPadOS

BrowserMask is a Safari extension that allows you to browse websites as if you were using another browser by changing the User Agent sent to the websites by Safari. This way, you can make any website believe it is being shown on other browsers like Google Chrome or Microsoft Edge.

ChatShare

for WhatsApp macOS

ChatShare is the missing Share Extension for WhatsApp. It allows you to share text, links, photos & video from any app with share menu support like Safari, Photos or Chrome.

HomeBot

for Shortcuts macOS iOS iPadOS

HomeBot for Shortcuts allows you to automate your HomeKit setup in a powerful new way.

BrowserSwitch

for Safari macOS

BrowserSwitch is a Safari Extension that can seamlessly open any Safari page in other web browsers like Google Chrome or Firefox. BrowserSwitch supports both opening a page or switching it: opening it on an external browser and closing it in Safari.

AirWeight

for Bluetooth Scales macOS iOS iPadOS visionOS watchOS tvOS

AirWeight connects to your Xiaomi Mi Scale or SANITAS SBF70 Bluetooth scale and reads your weight in realtime, computes your body mass index and body fat percentage and saves the measurements in the Health app.

MakePDF

Document Merger macOS iOS iPadOS

MakePDF allows you to merge multiple files into a unique PDF really quickly by simply selecting or dropping documents and images.

VoiceExpress

Audio to Text macOS iOS iPadOS

VoiceExpress allows you to transcribe any voice message or audio file. It can convert voice messages to text in all languages supported by the system dictation service. VoiceExpress also supports transcribing audio files with Shortcuts!

InstaMeet

for Zoom macOS

InstaMeet is a Safari Extension that transparently and quickly redirects Zoom meeting links to Zoom in-browser web client so you can avoid installing and using the Zoom application.

InstaReload

for Safari macOS

InstaReload is a Safari Extension that allows you to auto-reload any Safari webpage with a configurable reload interval.

MenuBot

Custom Menu Bar macOS

MenuBot allows you to customize your Mac Menu Bar using shortcuts. Each Menu Bar menu added with MenuBot is powered by a shortcut that is run at a specified interval. The output text of the shortcut is then used to populate the menu. The first line of the output defines the menu icon in the Menu Bar and the rest of the lines are used to populate the menu, which can include symbols, text, action links and submenus.

QuietMeet

Auto-Pause Music macOS

QuietMeet detects video-calls in supported web browsers and apps and automatically pauses and resumes the Music app playback as needed.

ShareBot

for Shortcuts macOS

ShareBot is the missing Share Extension for Shortcuts on macOS. It allows you to run any of your shortcuts on items like files, URLs or text shared from any app with share menu support like Finder, Safari, Twitter or Chrome.

Blog

CVE-2024-40801: How a Sandboxed Mac App Could Steal Your Private Data Bypassing TCC Protections

EN

This post includes the details of the first vulnerability I have ever reported to Apple. It was fixed on macOS Sonoma 14.7 and macOS Sequoia 15.0 as CVE-2024-40801.

TL;DR

A vulnerability in macOS allowed a sandboxed app to bypass TCC (Transparency, Consent and Control) protections and access sensitive user data without requiring user permission. By leveraging the container-migration.plist feature, a sandboxed app could request the migration of TCC-protected files (like Safari history, Mail database, or user documents) to its app container, effectively bypassing TCC and giving the app full access to these files. There are multiple examples included in this repository demonstrating the exploit.

Initial Report

Below is the full report as submitted to Apple. You can also check the GitHub repository that includes the example projects to reproduce the vulnerability.

Introduction

A sandboxed Mac app can exploit the container-migration.plist feature to get access to TCC-protected files without any user permission prompt.

For example, you can request the Safari history file or Mail database to be migrated by the App Sandbox to the app container, and it will happily do it. Once the files are in the app container, the app has full control to read and exfiltrate this data.

You can use the attached project to reproduce the exploit (check the demo video at Extra/Videos/ContainerMigrationExploit.mp4):

Steps to Reproduce

  1. Run the script at Scripts/ContainerMigrationExploitReset.sh in a Terminal with Full Disk Access. This script will:
    • Reset the App Sandbox container of the Exploit app (if it exists).
    • Reset the TCC permissions of the Expected app that shows the proper expected behavior when accessing the protected files.
    • Create a demo file in the user Documents folder named my-secret.txt.
    • Restore & back up the Safari history database (History.db) and Mail recent searches plist (recentSearches.plist). Both of these files are protected by TCC, and reading them requires Full Disk Access as they contain very sensitive data like contacts and the browsing history. The first time the script runs, the restore will fail, but you can ignore it.
  2. Open the Xcode project at Projects/ContainerMigrationExploit.xcodeproj.
  3. Run the Expected scheme: this is an un-sandboxed app that tries to read directly the files that the exploit app will steal. As you see, it triggers the expected TCC permission prompt when reading the my-secret.txt file in the Documents folder, and it also cannot access the Safari history database nor the Mail recent searches plist as they are stored in protected directories.
  4. Now run the Exploit scheme: this sandboxed app is able to read the three files without any issue as they have been migrated by the App Sandbox into the app container.

Expected Results

As demonstrated by the Expected scheme, the app should not be able to access any of the data in the protected directories without user permissions and/or Full Disk Access. Even worse, a sandboxed app is able to get more access to sensitive files than an un-sandboxed app using this technique.

Actual Results

The Exploit app can access sensitive files protected by TCC without any user permission. This same technique can be used to exfiltrate the following data from a fully sandboxed app:

  • User documents stored in the Documents folder (without any TCC prompt).
  • Sensitive files in the Library folder:
    • Safari history & bookmarks.
    • Full Mail database & contacts.
    • Other apps’ containers’ data.

Annex I

This new version of the project includes a new Mail-app-specific example project in Projects/MailContactsExploit.xcodeproj that demonstrates how you can use this exploit to dump all your Mail contact addresses without any TCC prompt from a fully sandboxed app (demo video at Extra/Videos/MailContactsExploit.mp4).

This same exploit can also be used for a denial-of-service / ransomware attack as the original files (in this example, the Mail database) are deleted by the App Sandbox migration from the original location and are now in full control of the attacker app.

Annex II

Some details about how the exploit seems to work under-the-hood:

  1. The sandboxed app initializes the App Sandbox and connects to the secinitd daemon.
  2. secinitd reads the container-migration.plist file in the app bundle.
  3. As secinitd has the kTCCServiceSystemPolicyAllFiles value in the com.apple.private.tcc.allow entitlement, it can access any protected directory and moves the protected files into the app container.

You can check the related Endpoint Security events from eslogger in the directory Data/EndpointSecurity/.

Annex III

This final version of the project includes a demonstration that this same exploit can also be used to exfiltrate both Calendar & Contacts databases, even though their paths are symlinked inside the app container, by leveraging a custom destination in the container-migration.plist file:

<dict>
    <key>Move</key>
    <array>
        <array>
            <string>${Home}/Library/Calendars/Calendar.sqlitedb</string>
            <string>${Home}/Calendar.sqlitedb</string>
        </array>
    </array>
</dict>

You can check a Calendar-specific example project at Projects/CalendarExploit.xcodeproj and a demo video at Extra/Videos/CalendarExploit.mp4.

ChatGPT for Mac was storing all conversations in an unprotected location

EN

This is a recap of some posts I published on Threads during the past week.

TL;DR

The OpenAI ChatGPT for Mac app stored user conversations in plain text in a non-protected location, making them accessible to any running app or malware. After public disclosure, OpenAI released an update encrypting the conversations but did not implement sandboxing.

Introduction

The OpenAI ChatGPT app on macOS is not sandboxed and stored all conversations in plain text in a non-protected location:

~/Library/Application Support/com.openai.chat/conversations-{uuid}/

This approach is somewhat typical for non-sandboxed apps on macOS, but a high-profile chat app like ChatGPT should be more careful with user data. For example, Apple started blocking access to user private data 6 years ago with the introduction of macOS 10.14 Mojave. Before that, any non-sandboxed app could access any user file. With macOS Mojave, Apple began requiring explicit user permission to access sensitive files like the Calendar, Contacts, Mail or Messages databases. Later, Apple extended this requirement to the Desktop and Documents directories, and with macOS 14 Sonoma, any file stored by a sandboxed third-party app in its sandbox container is automatically protected. This protection prevents malware or untrusted apps from exfiltrating user data without triggering a permission prompt like this:

macOS Sandbox Container Access Prompt

Unfortunately, OpenAI opted out of sandboxing the ChatGPT app on macOS and stored conversations in plain text in a non-protected location, disabling all these built-in defenses. This meant that any running app, process, or malware could read all your ChatGPT conversations without any permission prompt.

Example

Here you can see how easily any other app could access any ChatGPT conversation without any permission prompt:

You can check the source code of this demo app, ChatGPTStealer, on GitHub.

Aftermath

Initially, I reported this issue to OpenAI through their security bug reporting program in BugCrowd, but they marked the report as “Not Applicable” as “in-order for an attacker to leverage this, they would need physical access to the victim’s device.”

As I disagreed with that consideration, I decided to post this issue publicly on Threads & Mastodon to raise awareness and encourage OpenAI to fix this issue and hopefully sandbox the ChatGPT app on macOS. These posts gained attention and were eventually covered by The Verge, Ars Technica, 9to5Mac, and others.

Following these publications, OpenAI finally acknowledged the issue and released ChatGPT 1.2024.171 for Mac, which now encrypts the conversations. The conversations are now stored in a new location:

~/Library/Application Support/com.openai.chat/conversations-v2-{uuid}/

These files are now encrypted with a key named com.openai.chat.conversations_v2_cache stored securely in the macOS Keychain and the old plain-text conversations are removed after upgrading to the new version. However, the app is still not sandboxed, so the conversations are still stored in a non-protected location, but now at least they are encrypted so other apps can’t read them without user-granted access to the Keychain key.

Interestingly, macOS Sequoia will introduce protections for Group Containers, so non-sandboxed apps like ChatGPT could improve their security by moving sensitive data to a Group Container directory. This way, any other process or app trying to access the data would be blocked by the system, and a permission prompt would be presented to the user.

Creating Apple Wallet Passes Instantly With ChatGPT and MakePass AI

EN

"MakePass AI – MakePass + ChatGPT"

TL;DR

You can use the MakePass AI service in the MakePass app with the Ultra subscription to create Apple Wallet passes instantly using an input photo or document of a ticket or card:

Introduction to MakePass AI

MakePass is a mighty Apple Wallet pass editor, with it you can create and customize a myriad of passes with complex layouts including images, barcodes, colors and text fields. Now it includes a new service called MakePass AI available with the MakePass Ultra subscription that allows you to create Apple Wallet passes instantly using an input photo or document of a ticket or card. It can even design the pass using a pass description.

MakePass AI uses technologies like text recognition, barcode recognition and Artificial Intelligence powered by OpenAI ChatGPT models to compose Apple Wallet passes from photos or documents of tickets and cards.

"MakePass AI – Input Options"

Examples

Here you can see some examples of passes generated automatically with MakePass AI from some input image or document:

Input Pass
Input 1 Pass 1
Input 2 Pass 2
Input 3 Pass 3

MakePass

MakePass is available on the App Store for iPhone, iPad and Mac.

WWDC Sessions Archive

EN

"WWDC Sessions Archive"

Introduction

This archive of WWDC sessions is meant to extend the current collection of videos available on Apple Developer website with all the sessions prior to WWDC 2017 that are not available there but continue to be hosted by Apple servers.

Notes

  • The videos are hosted by Apple so you may need to login with your Apple Developer account to be able to view or download them.
  • Unfortunately, some of the sessions do not have a link since they are not currently published by Apple.
  • Recent WWDC session videos can be found directly on Apple Developer website.
  • You can find more links for WWDC sessions on this gist by IsaacXen. This archive would not be possible without its initial links so credits and thanks to IsaacXen.
  • The archive is also available in new-line delimited JSON format here.

Index

Sessions

WWDC 2007

  • Session 100 – Coming to the Mac OS X Platform – Part 1 – The Mac OS X Architecture
  • Session 101 – Coming to the Mac OS X Platform – Part 2 – Frameworks, APIs and Tools
  • Session 102 – Threading for Performance Using OpenMP and Intel Threading Building Blocks
  • Session 103 – Getting Started with Core Data
  • Session 104 – Getting Started with Mac OS X Kernel Programming
  • Session 105 – Optimizing Your Core Data Application
  • Session 106 – Fundamentals of Kernel Debugging
  • Session 107 – Students - Getting the Most out of WWDC
  • Session 108 – Mac OS X File Systems – A Walkthrough For Developers and IT Professionals
  • Session 109 – Code Hardening Techniques
  • Session 110 – Cocoa Today
  • Session 111 – Managing Schema Versioning and Data Migration in Your Core Data Application
  • Session 112 – From Power On to Login – Inside the Mac OS X Leopard Boot Process
  • Session 114 – Developing for UNIX on Mac OS X
  • Session 115 – Getting Started with Cocoa Bindings
  • Session 116 – Students-Packets of Pure Power
  • Session 117 – Discovering Network Services Using Bonjour
  • Session 119 – Managing Processes with launchd
  • Session 125 – Building a Custom Control for Your Cocoa Application
  • Session 127 – Getting Started with Core Text
  • Session 128 – Cocoa Drawing Techniques
  • Session 130 – Cocoa Scripting Enhancements in Leopard
  • Session 131 – Add WYSIWYG HTML Editing to Your Web Page or Application
  • Session 134 – Customizing the Cocoa Text System
  • Session 136 – Modernizing Your Text Rendering with Core Text
  • Session 138 – Discover Java on Mac OS X Leopard
  • Session 139 – Partitioning Your Cocoa Application
  • Session 140 – Developing Cocoa Applications with Python and Ruby
  • Session 141 – Boosting Responsiveness and Performance in Your Cocoa Application
  • Session 145 – See What’s New in HIToolbox
  • Session 146 – Sign Your Application to Increase Security and Ensure Code Integrity
  • Session 147 – Advanced Java Development on Mac OS X
  • Session 154 – Leveraging SOAP Technologies on Mac OS X
  • Session 156 – Writing an Input Method Using the Input Method Kit
  • Session 157 – Extending Your Application with JavaScript
  • Session 158 – Adding Accessibility Support to Your Application
  • Session 161 – Making Your Custom Controls, Icons, and Artwork Resolution Independent
  • Session 164 – Professional Audio Input and Output with Leopard
  • Session 166 – Improving User Experience with Effective Power Management
  • Session 200 – Mac OS X State of the Union
  • Session 201 – Effective Widget Creation with Dashcode 2
  • Session 202 – Broadcast Your Application’s Content with iChat Theater
  • Session 203 – Coding Smarter with Objective-C 2.0
  • Session 204 – Fostering User Interaction with iChat
  • Session 205 – Making Your Application Scriptable
  • Session 206 – Building Automator Actions 2
  • Session 207 – Integrating iCal Events and Tasks into Your Application
  • Session 209 – Getting Started with Address Book
  • Session 210 – Building Animated Cocoa User Interfaces
  • Session 210 – Building Animated Cocoa User Interfaces
  • Session 211 – Adding Core Animation to Your Application
  • Session 211 – Adding Core Animation to Your Application
  • Session 213 – Getting Started with Spotlight and Quick Look
  • Session 215 – Embracing Automator Workflows with Your Application 2
  • Session 216 – Time Machine In-Depth
  • Session 217 – Unlocking the Potential of Dashcode
  • Session 218 – Garbage Collection Strategies for Objective-C 2.0
  • Session 220 – Leopard User Interface Design
  • Session 221 – Handling Images with the Image Kit
  • Session 222 – Using Advanced Objective-C 2.0 Features
  • Session 223 – Adopting 64-bit Programming
  • Session 224 – Next Generation Automation – AppleScript, Automator and Scripting Bridge
  • Session 300 – Developer Tools State of the Union
  • Session 301 – Getting Started with Mac OS X Development Tools
  • Session 302 – Getting Started with Xcode
  • Session 304 – Creating Custom Installers with Leopard’s New PackageMaker
  • Session 305 – Xcode 3.0 – The New Development Workflow
  • Session 306 – Interface Builder 3.0 – Creating an Interface from Start to Finish
  • Session 309 – Getting Started with Xray
  • Session 311 – Unleashing the Power of the Xcode Build System
  • Session 312 – Refactoring in Xcode – Automatic Project-wide Code Changes
  • Session 314 – Project-Free Xcode – Mixed Language Development
  • Session 315 – Tracing Software Behavior with DTrace
  • Session 316 – Getting Started – Performance Tuning with Shark
  • Session 317 – Taking Advantage of Compiler Advances
  • Session 318 – Using Xray and DTrace for In-depth Analysis
  • Session 319 – Developing Plugins for Interface Builder
  • Session 323 – Fortran Development and HPC on Mac OS X – 3rd Party Solutions
  • Session 324 – Bug Reporting Best Practices
  • Session 400 – Graphics and Media State of the Union
  • Session 401 – Creating Leading-edge 2D Graphics with Quartz
  • Session 402 – Understanding the Architecture of Core Audio
  • Session 403 – Creating Integrated Workflow Solutions with Final Cut Pro
  • Session 404 – Queueing, Streaming, and Extending Core Audio
  • Session 407 – Extending the Aperture RAW Workflow with Export Plug-Ins
  • Session 408 – Modernizing Your OpenGL Application for Leopard
  • Session 409 – Mastering QuickTime Digital Video Techniques
  • Session 410 – Introduction to FxPlug Development for Final Cut Studio
  • Session 411 – Advanced FxPlug Development for Final Cut Studio
  • Session 414 – Creating High-quality Content With QuickTime APIs
  • Session 415 – Mastering the Quartz Composer Editor
  • Session 416 – Integrating QuickTime Support into Your Application with QTKit
  • Session 417 – Switching to Mac OS X OpenGL
  • Session 418 – Leveraging the OpenGL Shading Language (GLSL)
  • Session 419 – Printing with Style in Mac OS X
  • Session 420 – Tune Your OpenGL Application
  • Session 421 – Using Quartz Composer in Your Application 2
  • Session 424 – Create Stunning Effects with Core Image
  • Session 429 – Tune Your 2D Graphics Code
  • Session 430 – Manipulating PDF Content in Your Application
  • Session 431 – Leveraging the Common Unix Printing System (CUPS)
  • Session 500 – IT State of the Union
  • Session 501 – Welcome to Leopard Server
  • Session 502 – Getting Started with Mac OS X Administration
  • Session 503 – Scripting for SysAdmins
  • Session 504 – Mac OS X Security Configuration
  • Session 505 – Discovering Wiki and Group Services in Leopard Server
  • Session 506 – Integrating Smart Card Solutions in Leopard
  • Session 508 – Building Powerful Web 2.0 Applications with WebObjects
  • Session 509 – Mac OS X Scientific Computing State of the Union
  • Session 510 – Learning to Become an Effective SysAdmin
  • Session 512 – Bending Directory Services To Your Will – Best Practices
  • Session 514 – Understanding PKI and Certificate Management on Mac OS X
  • Session 518 – Real-World WebObjects Solutions
  • Session 519 – Deploying Large-scale Storage Solutions using Xsan and Xserve RAID
  • Session 600 – Fundamentals of Digital Video
  • Session 601 – Improving Your Video With Professional Preprocessing
  • Session 602 – The Encoding Process In Depth
  • Session 603 – Delivering Your Media
  • Session 604 – Iterative Cocoa and Web Application Design
  • Session 605 – Understanding Web Accessibility for Building Better Websites
  • Session 606 – Motion Graphics Design Using Quartz Composer
  • Session 607 – Development Methods for WebKit AJAX Applications
  • Session 608 – Vector Graphics for WebKit
  • Session 609 – Dashboard Widget Design Techniques
  • Session 610 – Design Innovation behind Apple.com
  • Session 611 – AJAX Methodologies for QuickTime Development
  • Session 614 – Developing Web Sites for iPhone
  • Session 615 – Using Dojo Toolkit Power Tools to Build Rich Web Applications
  • Session 616 – Designing and Developing Hybrid-Web Cocoa Applications
  • Session 618 – Designing and Extending the Mac OS X Blog Experience
  • Session 619 – Designing and Developing Rich Media WebKit-based Applications
  • Session 621 – Advanced Concepts in Using the Prototype JavaScript Framework
  • Session 622 – Create Effective, Sophisticated Podcasts

WWDC 2008

WWDC 2009

WWDC 2010

WWDC 2011

WWDC 2012

WWDC 2013

WWDC 2014

WWDC 2015

WWDC 2016