© The Author(s), under exclusive license to APress Media, LLC, part of Springer Nature 2021
V. VashurkinmacOS Daemonologyhttps://doi.org/10.1007/978-1-4842-7277-0_15

15. XPC Security

Volodymyr Vashurkin1  
Dnipro, Ukraine

In this chapter, we will discuss some recommendations related to securing the XPC communication between processes based on code signing.

Assume your app is split into the main application and the privileged helper that performs root actions. You have users who trust you and install your software and grant it admin privileges.

But you forgot to secure the XPC connection between the main application and the privileged helper. In this case, a bad guy can use your privileged helper to perform malicious actions.

What’s the Problem?

Get macOS Daemonology: Communicate with Daemons, Agents, and Helpers Through XPC now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.