Task Injection on macOS

Injecting code to the process using its Task Port on macOS

INTRO

Welcome to another article in the series on macOS security internals!

This is an expansion article for my previous work about Mach IPC Security on macOS, where I described the concept of Tasks and Processes and how they are interconnected on macOS:

Mach IPC Security on macOS

Although I introduced the security of the Mach, I did not show how the attacker could leverage access to it. In this article, I will show task injection and some security rules that protect against it. You can also learn here how lldb utilizes debugserver on macOS to debug processes and a few red tricks.

Most of my articles will be available this year on the Afine blog. The full article is available here: https://afine.com/task-injection-on-macos/