Multiple new macOS sandbox escape vulnerabilities

Original Article ↗ Hacker News Discussion ↗

macOS sandbox and XPC design issues

  • Many commenters focus on how many XPC services meant to be “app-private” are reachable from sandboxed apps, calling this a structural design problem.
  • Apple’s apparent strategy of patching individual XPC services is seen as “band‑aid” rather than a systemic fix; people expect more XPC-related CVEs to keep appearing.
  • Some call for capability-based “Darwin containers” instead of the current, largely blacklist‑like sandbox model.

Legacy, Mach, and architectural constraints

  • There is debate over whether the Mach/XNU heritage is to blame; some argue Mach isn’t directly relevant to these bugs, others say decades of workarounds and legacy design inevitably shape today’s problems.
  • Several note that macOS/NeXTSTEP were originally built for openness and extensibility; Apple has since been layering security on top of that, with mixed results.

Comparisons with other OS security models

  • Windows: backward compatibility and process injection (hooks, DLLs) are highlighted as a different but also problematic security story.
  • Linux: SELinux is cited as an example of retrofitted fine-grained controls; some say it “managed it,” others argue it’s hard to use, often disabled, and mainly focused on servers.
  • Android and ChromeOS are repeatedly praised for stricter sandboxing, SELinux use, verified boot, and app isolation, in contrast to typical desktop OS behavior.
  • Qubes OS is held up as a strong, capability-like model using hardware virtualization, but acknowledged as demanding for average users and constrained for GPU-heavy workloads.

Security vs usability and backwards compatibility

  • Several argue that deep security is fundamentally at odds with backwards compatibility and some power-user workflows; a ground‑up redesign or strong compartmentalization is seen as ultimately necessary.
  • Others stress that “ordinary users” already live mostly in browsers and could be well‑served by tablet/phone‑style locked‑down environments.

Disclosure, bounties, and “security theater”

  • Experiences with Apple’s vulnerability reporting are mixed: slow patching, poor communication, and inconsistent bounties are recurring complaints.
  • Some describe macOS as drifting toward “security theater”: many permission dialogs and restrictions that burden legitimate developers while not reliably stopping sophisticated attackers.
  • There is debate over responsible disclosure timelines, with one strong view that immediate public disclosure would pressure vendors but shift more risk to users.