libCoreEntitlements CEContextQuery Arbitrary Entitlement Returns
On newer macOS/iOS versions, entitlements in binary signature blobs are
stored in the DER format. libCoreEntitlements.dylib is the userspace
library for parsing and querying such entitlements. The kernel has its own version of this library inside the AppleMobileFileIntegrity module. libCoreEntitlements exposes several functions, such as, for example, to
convert entitlements to a dictionary representation (e.g. CEQueryContextToCFDictionary) or to query a specific entitlement (CEContextQuery). Unfortunately, different functions traverse the DER
structure in a subtly different way, which allows one API to see one set
of entitlements and another API to see a different set of entitlements.
https://packetstormsecurity.com/files/170518/GS20230113150649.tgz
Fri, 13 Jan 2023 15:11:11 GMT
________________________________
--- The information is for inforamtional purposes only.
* Origin: Read us with
http://winpoint.org JID:
rs@captflint.com