This post includes the details of the first vulnerability I have ever reported to Apple. It was fixed on macOS Sonoma 14.7 and macOS Sequoia 15.0 as CVE-2024-40801.

TL;DR

A vulnerability in macOS allowed a sandboxed app to bypass TCC (Transparency, Consent and Control) protections and access sensitive user data without requiring user permission. By leveraging the container-migration.plist feature, a sandboxed app could request the migration of TCC-protected files (like Safari history, Mail database, or user documents) to its app container, effectively bypassing TCC and giving the app full access to these files. There are multiple examples included in this repository demonstrating the exploit.

Initial Report

Below is the full report as submitted to Apple. You can also check the GitHub repository that includes the example projects to reproduce the vulnerability.

Introduction

A sandboxed Mac app can exploit the container-migration.plist feature to get access to TCC-protected files without any user permission prompt.

For example, you can request the Safari history file or Mail database to be migrated by the App Sandbox to the app container, and it will happily do it. Once the files are in the app container, the app has full control to read and exfiltrate this data.

You can use the attached project to reproduce the exploit (check the demo video at Extra/Videos/ContainerMigrationExploit.mp4):

Steps to Reproduce

1. Run the script at Scripts/ContainerMigrationExploitReset.sh in a Terminal with Full Disk Access. This script will:
   • Reset the App Sandbox container of the Exploit app (if it exists).
   • Reset the TCC permissions of the Expected app that shows the proper expected behavior when accessing the protected files.
   • Create a demo file in the user Documents folder named my-secret.txt.
   • Restore & back up the Safari history database (History.db) and Mail recent searches plist (recentSearches.plist). Both of these files are protected by TCC, and reading them requires Full Disk Access as they contain very sensitive data like contacts and the browsing history. The first time the script runs, the restore will fail, but you can ignore it.
2. Open the Xcode project at Projects/ContainerMigrationExploit.xcodeproj.
3. Run the Expected scheme: this is an un-sandboxed app that tries to read directly the files that the exploit app will steal. As you see, it triggers the expected TCC permission prompt when reading the my-secret.txt file in the Documents folder, and it also cannot access the Safari history database nor the Mail recent searches plist as they are stored in protected directories.
4. Now run the Exploit scheme: this sandboxed app is able to read the three files without any issue as they have been migrated by the App Sandbox into the app container.

Expected Results

As demonstrated by the Expected scheme, the app should not be able to access any of the data in the protected directories without user permissions and/or Full Disk Access. Even worse, a sandboxed app is able to get more access to sensitive files than an un-sandboxed app using this technique.

Actual Results

The Exploit app can access sensitive files protected by TCC without any user permission. This same technique can be used to exfiltrate the following data from a fully sandboxed app:

• User documents stored in the Documents folder (without any TCC prompt).
• Sensitive files in the Library folder:
  • Safari history & bookmarks.
  • Full Mail database & contacts.
  • Other apps’ containers’ data.
  • …

Annex I

This new version of the project includes a new Mail-app-specific example project in Projects/MailContactsExploit.xcodeproj that demonstrates how you can use this exploit to dump all your Mail contact addresses without any TCC prompt from a fully sandboxed app (demo video at Extra/Videos/MailContactsExploit.mp4).

This same exploit can also be used for a denial-of-service / ransomware attack as the original files (in this example, the Mail database) are deleted by the App Sandbox migration from the original location and are now in full control of the attacker app.

Annex II

Some details about how the exploit seems to work under-the-hood:

1. The sandboxed app initializes the App Sandbox and connects to the secinitd daemon.
2. secinitd reads the container-migration.plist file in the app bundle.
3. As secinitd has the kTCCServiceSystemPolicyAllFiles value in the com.apple.private.tcc.allow entitlement, it can access any protected directory and moves the protected files into the app container.

You can check the related Endpoint Security events from eslogger in the directory Data/EndpointSecurity/.

Annex III

This final version of the project includes a demonstration that this same exploit can also be used to exfiltrate both Calendar & Contacts databases, even though their paths are symlinked inside the app container, by leveraging a custom destination in the container-migration.plist file:

<dict>
    <key>Move</key>
    <array>
        <array>
            <string>${Home}/Library/Calendars/Calendar.sqlitedb</string>
            <string>${Home}/Calendar.sqlitedb</string>
        </array>
    </array>
</dict>

You can check a Calendar-specific example project at Projects/CalendarExploit.xcodeproj and a demo video at Extra/Videos/CalendarExploit.mp4.