https://solarana.dev/tags/security/ Recent content in security on Madison's Blog Hugo -- gohugo.io en-us Thu, 15 Jun 2023 17:30:00 -0500 https://solarana.dev/2023/06/15/xcode-supply-chain-security/ Thu, 15 Jun 2023 17:30:00 -0500 https://solarana.dev/2023/06/15/xcode-supply-chain-security/ Xcode 15 includes a few changes from Apple in an effort to harden the software supply chain. The majority of these changes are being phased in, while another is actively impacting developers attempting to test on the new OS versions with the new version of Xcode. First up is script sandboxing. Xcode 14 introduced a new build setting, ENABLE_USER_SCRIPT_SANDBOXING, that prevents shell scripts from accessing any files inside of SRCROOT and the Derived Data folder without being declared as inputs and outputs to the script. https://solarana.dev/2022/11/15/cve-2022-32929s-fix-is-bad/ Tue, 15 Nov 2022 07:10:00 -0500 https://solarana.dev/2022/11/15/cve-2022-32929s-fix-is-bad/ With the recent release of iOS 16.1, Apple noted that CVE-2022-32929 was addressed: Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to access iOS backups Description: A permissions issue was addressed with additional restrictions. CVE-2022-32929: Csaba Fitzl (@theevilbit) of Offensive Security What’s odd is that the wording of the issue indicates that an app on iOS can access backups, but backups are stored on the paired Mac.