In the last post of the series we will see another typical issue, where XPC services using the connecting process’s ID (PID) to verify the client instead of the audit token. We will use F-Secure SAFE again for our case study, the vulnerability was fixed in 17.8 and it was assigned CVE-2020-14977. The root cause Link to heading The XPC services of F-Secure SAFE use the process ID (PID) to verify the client’s signature, as can be seen in the code below.
