I was discussing one of my programs with a friend of mine who works as a security consultant. When I mentioned the NSNotifications and NSNotificationCenter, he said that it sounds like something he could easily exploit. I'm wondering, from the experienced programmers out there, have you seen any exploits using the NSNotificationCenter, or is it more a matter of what's being done in reaction to receiving the notification?
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
macOS Is NSNotificationCenter a security risk?
- Thread starter BadWolf13
- Start date
- Sort by reaction score
I think you'd have to ask him what he means; Also are you talking about NSNotificationCenter or NSDistributedNotificationCenter?
Ask him to explain how he thinks he can exploit it. Post that explanation. It might be worthwhile for him to read the reference docs for the class first, rather than relying entirely on your informal description.
I've never heard of any exploits that solely involved NSNotificationCenter. That is, an exploit where NSNotificationCenter and only that class was the primary cause of an exploited vulnerability. If there is such an intrinsic vulnerability, I'd be interested in hearing what it is.
NSNotificationCenter is per-process. It's not the same as NSDistributedNotificationCenter, which goes across processes, but is still constrained to notifications on the same machine. And NSDistributedNotificationCenter isn't the same as Distributed Objects. In any case, if an attacker can execute arbitrary code on a target machine, there are a lot simpler avenues than attacking NSNotificationCenter. If the attacker can't execute arbitrary code, then that rules out a lot of potential attacks, regardless of what they might attempt.
It's always possible to write a program that does something foolhardy when it receives a notification. That would be a vulnerability in the recipient's action, though, not in NSNotificationCenter itself. Example: a notification observer deletes any pathname sent to it in the userInfo dictionary, without first ascertaining that the sender is authorized.
I've never heard of any exploits that solely involved NSNotificationCenter. That is, an exploit where NSNotificationCenter and only that class was the primary cause of an exploited vulnerability. If there is such an intrinsic vulnerability, I'd be interested in hearing what it is.
NSNotificationCenter is per-process. It's not the same as NSDistributedNotificationCenter, which goes across processes, but is still constrained to notifications on the same machine. And NSDistributedNotificationCenter isn't the same as Distributed Objects. In any case, if an attacker can execute arbitrary code on a target machine, there are a lot simpler avenues than attacking NSNotificationCenter. If the attacker can't execute arbitrary code, then that rules out a lot of potential attacks, regardless of what they might attempt.
It's always possible to write a program that does something foolhardy when it receives a notification. That would be a vulnerability in the recipient's action, though, not in NSNotificationCenter itself. Example: a notification observer deletes any pathname sent to it in the userInfo dictionary, without first ascertaining that the sender is authorized.
The question is a generic one, so asking my friend about the specifics of what he'd do kind of defeats the purpose of the question. I just want to know if the experienced programmers out there have seen any security issues arise from NSNotificationCenter.
No. It's conceptually incredibly simple, and I don't see any way it could be. Your friend is either completely wrong, or you explained NSNotificationCenter incorrectly.
