GITBOOK-4166: change request with no subject merged in GitBook

2024-11-22 04:33:28 +00:00 · 2023-11-11 10:49:26 +00:00 · 2023-11-11 10:49:26 +00:00 · e0fc725d40
commit e0fc725d40
parent 3ce30a548d
3 changed files with 9 additions and 3 deletions
--- a/SUMMARY.md
+++ b/SUMMARY.md
@ -179,7 +179,7 @@
    * [macOS .Net Applications Injection](macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-.net-applications-injection.md)
  * [macOS Security Protections](macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/README.md)
    * [macOS Gatekeeper / Quarantine / XProtect](macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-gatekeeper.md)
-    * [macOS Launch/Environment Constraints](macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-launch-environment-constraints.md)
+    * [macOS Launch/Environment Constraints & Trust Cache](macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-launch-environment-constraints.md)
    * [macOS Sandbox](macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sandbox/README.md)
      * [macOS Default Sandbox Debug](macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sandbox/macos-default-sandbox-debug.md)
      * [macOS Sandbox Debug & Bypass](macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sandbox/macos-sandbox-debug-and-bypass/README.md)
--- a/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-dangerous-entitlements.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-dangerous-entitlements.md
@ -120,6 +120,8 @@ Allow to modify files inside apps bundle (inside app.app), which is **disallowed

 <figure><img src="../../../.gitbook/assets/image (2).png" alt=""><figcaption></figcaption></figure>

+It's possible to check who has this access in _System Settings_ > _Privacy & Security_ > _App Management._
+
 ## Medium

 ### `com.apple.security.cs.allow-jit`
--- a/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-launch-environment-constraints.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-launch-environment-constraints.md
@ -1,4 +1,4 @@
-# macOS Launch/Environment Constraints
+# macOS Launch/Environment Constraints & Trust Cache

 <details>

@ -63,7 +63,7 @@ Category 1:

 * `(on-authorized-authapfs-volume || on-system-volume)`: Must be in System or Cryptexes volume.
 * `launch-type == 1`: Must be a system service (plist in LaunchDaemons).
-* &#x20; `validation-category == 1`: An operating system executable.
+* `validation-category == 1`: An operating system executable.
 * `is-init-proc`: Launchd

 ### Reversing LC Categories
@ -90,6 +90,10 @@ In **macOS** there are a few trust caches:

 And in iOS it looks like it's in **`/usr/standalone/firmware/FUD/StaticTrustCache.img4`**.

+{% hint style="warning" %}
+On macOS running on Apple Silicon devices, if an Apple signed binary is not in the trust cache, AMFI will refuse to load it.
+{% endhint %}
+
 ### Enumerating Trust Caches

 The previous trust cache files are in format **IMG4** and **IM4P**, being IM4P the payload section of a IMG4 format.