Apple has failed to fix a bug in macOS Ventura's App Management feature for more than 10 months, according to a developer who published details of the exploit over the weekend.
Jeff Johnson first reported the bug on his blog in October 2022, several days after he notified Apple about it. At issue is a feature in last year's macOS Ventura that's intended to make sure bad actors can't release malicious updates for already-installed apps.
Last fall, however, Johnson said he "found [an] App Management bypass that doesn't require full disk access." At the time, he declined to provide details of this bug to give Apple time to fix it. Ten months later, however, it's still a problem and Johnson's patience has run out.
As AppleInsider reports, Johnson published an updated blog post over the weekend that spills the beans on the vulnerability. He "discovered—almost by accident—that a sandboxed app could modify files that it shouldn't be able to modify: files inside the bundle of a notarized app that were supposedly protected by App Management security."
The delay is "absurd," according to Johnson, who says he's "lost all confidence in Apple to address the issue in a timely manner."
Publishing this most recent blog post means Johnson is "sacrificing the opportunity to receive an Apple Security Bounty," though he acknowledges that "Apple has made no promise to pay anything" and it doesn't do payouts until a problem is fixed.
"So I could be waiting forever for nothing," he adds. "Up until now, Apple has been 'buying' my silence for $0 and only the vague possibility of some future payment."
Johnson created a sample Xcode project as a demo that you can download; it's linked in his post. He also published a follow-up post "that attempts to explain the vulnerability in a way that's less technical and friendlier to non-developers."
