Microsoft’s .NET MAUI framework for macOS has a vulnerability that bypasses the Hardened Runtime protection by not enforcing code signing validation on managed DLLs in the MonoBundle directory.
It permits arbitrary code injection through modified assemblies even though the main executable is properly signed and hardened.
As a result, all .NET MAUI macOS applications are vulnerable to code injection, privilege escalation, and TCC permission bypasses.
