> When a user of your app specifies they want to use a file or a folder, the system adds the associated path to your app’s sandbox. Say, for example, a user drags the ~/Documents folder onto your app’s Dock tile (or onto your app’s Finder icon, or into an open window of your app), thereby indicating they want to use that folder. In response, the system makes the ~/Documents folder, its contents, and its subfolders available to your app.
> If a user instead opens a specific file, or saves to a new file, the system makes the specified file, and that file alone, available to your app.
Starting in Catalina, even unsandboxed apps have gotten locked down a bit - you get permissions dialogs if they try to access Documents, Downloads or Desktop.
The exploit in the OP is using an open, world-writable directory (/Users/Shared) since it can't access user files
The issue is with apps that aren't sandboxed (basically anything outside the app store - e.g. Adobe apps)
https://developer.apple.com/library/archive/documentation/Se...
> When a user of your app specifies they want to use a file or a folder, the system adds the associated path to your app’s sandbox. Say, for example, a user drags the ~/Documents folder onto your app’s Dock tile (or onto your app’s Finder icon, or into an open window of your app), thereby indicating they want to use that folder. In response, the system makes the ~/Documents folder, its contents, and its subfolders available to your app.
> If a user instead opens a specific file, or saves to a new file, the system makes the specified file, and that file alone, available to your app.
Starting in Catalina, even unsandboxed apps have gotten locked down a bit - you get permissions dialogs if they try to access Documents, Downloads or Desktop.
The exploit in the OP is using an open, world-writable directory (/Users/Shared) since it can't access user files