Article illustration 1

Launch constraints are macOS's gatekeepers: lightweight code requirements (LWCRs) that enforce strict conditions for binary execution, such as restricting system daemons to initialization processes or confining apps to trusted directories. As security researcher Csaba Fitzl detailed, these constraints mitigate entire exploit classes, like tampering with copied applications. But a now-patched vulnerability (CVE-2025-43265) allowed attackers to subvert them with alarming simplicity.

The Flaw: Hijacking MAC Policy Checks

The exploit originated in the posix_spawnattr_setmacpolicyinfo_np API, which lets developers attach arbitrary data blobs to process-spawn requests. This data feeds into macOS's TrustedBSD MAC Framework—a kernel-layer security system where policies like Apple Mobile File Integrity (AMFI) validate launch constraints. Crucially, the framework’s mpo_proc_check_launch_constraints_t hook accepted external policy data without verifying it against built-in constraints. Attackers could thus inject a minimal, non-enforced LWCR dictionary to override strict OS defaults.

Proof-of-Concept: Bypassing Enforcement

By serializing a custom LWCR with a constraint category of 127 (a value AMFI parses but doesn’t enforce), attackers could spawn restricted processes. The author’s Kass tooling demonstrated this using an undocumented libTLE.dylib library to forge the payload:

// Serialize a dummy constraint dictionary
let lwcr = LWCR.lwcr(
    version: 1,
    constraintCategory: 127, // Bypass enforcement
    requirements: [:],
    error: &error
)
// Inject via spawn attributes
spawnAttributes.setMACPolicyInfo(
    policyName: "AMFI",
    policyData: lwcr.externalRepresentation
)

This triggered AMFI logs showing "Launch Constraint Violation (not enforcing)," confirming the bypass. Yet, real-world exploitability proved limited.

Why It Wasn’t a Free Pass

Despite the kernel-level flaw, macOS’s defense-in-depth approach blunted its impact. AppleSystemPolicy (the built-in antivirus) and other mechanisms still blocked signature-tampering attacks, like relocating system apps. As the researcher noted:

"Other OS security features picked up the slack... I was unable to find a full exploit chain."

Apple’s fix, rolled out in recent updates, now validates both external and built-in constraints—retaining third-party policy support while eliminating the override risk.

The Bigger Picture: Security’s Moving Target

This vulnerability underscores macOS’s evolving security model, where features like launch constraints harden against supply-chain and privilege escalation attacks. Yet, as APIs expand to support extensibility, they introduce subtle attack surfaces. The researcher’s kernel-deep detective work—tracing from Swift wrappers to MAC policy hooks—highlights how granular analysis remains essential in uncovering such flaws. While CVE-2025-43265 didn’t spawn a crisis, it’s a stark reminder: no layer is impervious, and every new capability demands rigorous adversarial testing.

Source: wts.dev