v1.13

Security Fixes

This release contains some important security fixes to Santa's kernel extension component. The bugs that were fixed could allow an attacker with local code execution as root to gain kernel access. Machines using the system extension on 10.15 are not affected.

Many thanks to Drew Yao of Apple SEAR Red Team for reporting these bugs to us.

• Off-by-one array access in SantaDriverClient::externalMethod
• Integer overflow/underflow in SantaCache::bucket_counts
• Race condition & use-after-free in SantaDriverClient::clientMemoryForType

Important

The v1.x versions of Santa include many architectural changes. Including the usage of EndpointSecurity and SystemExtensions for systems running macOS 10.15+.

Once Santa's SystemExtension is installed, it cannot be removed without prompting the user.

See the notes for the v1.0.3 release regarding SystemExtension and TCC permissions required to run this release on 10.15.