Intro Link to heading
I recently came across a persistence feature in macOS that’s tied to Dock tile plugins.
Dock tiles are the small icons that appear on your Dock when an application runs. Plugins for these Dock tiles have been available since macOS Snow Leopard (10.6). In its developer documentation, Apple says about them:
A set of methods implemented by plug-ins…allow an app’s Dock tile to be customized while the app is not running.
The documentation also says:
The plugin is loaded in a system process at login time or when the application tile is added to the Dock.
“Loaded in a system process at login time” means persistence, no matter how it’s framed. If these plugins have a vulnerability, such persistence means it could be exploited.
…
The full blog was published at my company’s (Kandji) website: https://www.kandji.io/blog/dock-tile-plugins-persistence