Abusing Electron Apps to Bypass macOS’s Security Controls
Wojciech Reguła (via Patrick Wardle):
To bypass the Transparency, Consent, and Control service (TCC), we need an Electron application that already has some privacy permissions. As it turns out, you probably have at least one such app installed - look, for example, on your desktop messengers.
[…]
To do this, we have to recall how Electron apps work. Simplifying, the main executable (that is signed with the entitlements and hardened) is responsible for loading the HTML, JS and CSS files and render them. So the actual program’s logic is stored in these files, not in the signed executable!
[…]
What surprised me, the modified applications still have access to their entries in the Keychain - so these entries can be stolen as well.
