Friday, January 3, 2020 [Tweets] [Favorites]

AppMover Swift Library

Christian Tietze:

Oskar Groth published a modern iteration of the “LetsMove” framework where you can show a dialog at app launch, asking the user if she wants to move the app to /Applications first.

LetsMove uses AuthorizationExecuteWithPrivileges, which has long been deprecated but doesn’t have a good replacement.

AppMover uses NSAppleScript, without escaping the paths in the generated AppleScript string, to invoke rm and cp via do shell script […] with administrator privileges.

Neither works with sandboxed apps.

2 Comments

It also does invoke rm and cp instead of /bin/rm and /bin/cp.

Which is strange considering other parts of the code correctly use the absolute paths.

“without escaping the paths in the generated AppleScript string”

“also does invoke rm and cp instead of /bin/rm and /bin/cp”

This is to say, giant honking security/safety holes. The appalling levels of incompetence in this awful industry never ceases to amaze.

Stay up-to-date by subscribing to the Comments RSS Feed for this post.

Leave a Comment