In this blog post, I want to show you why signing applications with get-task-allow entitlement may be dangerous and can lead to local privilege escalation bugs. We are going to exploit a real application, iExplorer, iOS application pentesters widely usage that. Make a announcement that iExplorer is only an example - quite a few apps have that excessive entitlement set.
Entitlements? Since Mac OS X 10.11 El Capitan, Apple decided to add a fresh feature called strategy Integrity Protection (aka Rootless).
