Invoice Ninja macOS Entitlement Vulnerability Allowing TCC Bypass and Code Injection

A vulnerability exists in Invoice Ninja's macOS application due to the inclusion of the 'com.apple.security.get-task-allow' entitlement. This entitlement permits local attackers with unprivileged access, such as through a malicious application, to attach a debugger, manipulate process memory, inject code into the application's context, and bypass Transparency, Consent, and Control (TCC) restrictions. Although the application is signed with Hardened Runtime, the vulnerability allows exploitation of TCC permissions previously granted by the user. Access to additional resources beyond these permissions requires user interaction with a system prompt. According to Apple, apps with the 'get-task-allow' entitlement should prompt for administrator credentials, but this entitlement's presence eliminates that requirement, creating a security risk.

Impact

Exploitation allows local attackers to debug the application, modify its memory, inject code, and bypass TCC, potentially misusing the application's permissions to access sensitive user data without consent.

Remediation

Users can update to Invoice Ninja version 5.0.175 to address this vulnerability.