mirror of
https://github.com/flutter/flutter.git
synced 2025-06-03 00:51:18 +00:00
68f375fe38
By default, Flutter apps only do default AppKit app serialisation of Window location etc. and by default, state serialisation in AppKit apps is compatible with `NSSecureCoding`. AppKit apps generated since Xcode 13.2 include this method in the app delegate generated by the default app template. Background ========== This method was added to opt into having [de]serialization require a coder implementing the `NSSecureCoding` protocol. Apple wasn't able to force this across the board, because `NSSecureCoding` limits certain behaviours during deserialisation, which some third-party apps have have previously relied on. Specific background on the sorts of vulnerabilities that `NSSecureCoding` was designed to prevent are described in the `NSSecureCoding` documentation: https://developer.apple.com/documentation/foundation/nssecurecoding?language=objc A demonstration of a root privilege escalation and SIP bypass vulnerability is described in the following blog post: https://sector7.computest.nl/post/2022-08-process-injection-breaking-all-macos-security-layers-with-a-single-vulnerability/ Fixes: https://github.com/flutter/flutter/issues/150062 ## Pre-launch Checklist - [X] I read the [Contributor Guide] and followed the process outlined there for submitting PRs. - [X] I read the [Tree Hygiene] wiki page, which explains my responsibilities. - [X] I read and followed the [Flutter Style Guide], including [Features we expect every widget to implement]. - [X] I signed the [CLA]. - [X] I listed at least one issue that this PR fixes in the description above. - [X] I updated/added relevant documentation (doc comments with `///`). - [ ] I added new tests to check the change I am making, or this PR is [test-exempt]. - [X] I followed the [breaking change policy] and added [Data Driven Fixes] where supported. - [X] All existing and new tests are passing. If you need help, consider asking for advice on the #hackers-new channel on [Discord]. <!-- Links --> [Contributor Guide]: https://github.com/flutter/flutter/blob/main/docs/contributing/Tree-hygiene.md#overview [Tree Hygiene]: https://github.com/flutter/flutter/blob/main/docs/contributing/Tree-hygiene.md [test-exempt]: https://github.com/flutter/flutter/blob/main/docs/contributing/Tree-hygiene.md#tests [Flutter Style Guide]: https://github.com/flutter/flutter/blob/main/docs/contributing/Style-guide-for-Flutter-repo.md [Features we expect every widget to implement]: https://github.com/flutter/flutter/blob/main/docs/contributing/Style-guide-for-Flutter-repo.md#features-we-expect-every-widget-to-implement [CLA]: https://cla.developers.google.com/ [flutter/tests]: https://github.com/flutter/tests [breaking change policy]: https://github.com/flutter/flutter/blob/main/docs/contributing/Tree-hygiene.md#handling-breaking-changes [Discord]: https://github.com/flutter/flutter/blob/main/docs/contributing/Chat.md [Data Driven Fixes]: https://github.com/flutter/flutter/blob/main/docs/contributing/Data-driven-Fixes.md |
||
|---|---|---|
| .. | ||
| android | ||
| base | ||
| build_system | ||
| commands | ||
| custom_devices | ||
| dart | ||
| debug_adapters | ||
| drive | ||
| fuchsia | ||
| intellij | ||
| ios | ||
| isolated | ||
| linux | ||
| localizations | ||
| macos | ||
| migrations | ||
| proxied_devices | ||
| reporting | ||
| runner | ||
| test | ||
| tester | ||
| vscode | ||
| web | ||
| windows | ||
| application_package.dart | ||
| artifacts.dart | ||
| asset.dart | ||
| build_info.dart | ||
| bundle_builder.dart | ||
| bundle.dart | ||
| cache.dart | ||
| cmake_project.dart | ||
| cmake.dart | ||
| compile.dart | ||
| context_runner.dart | ||
| convert.dart | ||
| daemon.dart | ||
| dart_pub_json_formatter.dart | ||
| desktop_device.dart | ||
| devfs.dart | ||
| device_port_forwarder.dart | ||
| device_vm_service_discovery_for_attach.dart | ||
| device.dart | ||
| devtools_launcher.dart | ||
| doctor_validator.dart | ||
| doctor.dart | ||
| emulator.dart | ||
| features.dart | ||
| flutter_application_package.dart | ||
| flutter_cache.dart | ||
| flutter_device_manager.dart | ||
| flutter_features.dart | ||
| flutter_manifest.dart | ||
| flutter_plugins.dart | ||
| flutter_project_metadata.dart | ||
| globals.dart | ||
| http_host_validator.dart | ||
| license_collector.dart | ||
| mdns_discovery.dart | ||
| native_assets.dart | ||
| persistent_tool_state.dart | ||
| platform_plugins.dart | ||
| plugins.dart | ||
| pre_run_validator.dart | ||
| preview_device.dart | ||
| project_validator_result.dart | ||
| project_validator.dart | ||
| project.dart | ||
| protocol_discovery.dart | ||
| proxy_validator.dart | ||
| resident_devtools_handler.dart | ||
| resident_runner.dart | ||
| run_cold.dart | ||
| run_hot.dart | ||
| sksl_writer.dart | ||
| template.dart | ||
| tracing.dart | ||
| update_packages_pins.dart | ||
| version.dart | ||
| vmservice.dart | ||
| web_template.dart | ||
| xcode_project.dart | ||