{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,22]],"date-time":"2025-12-22T22:22:50Z","timestamp":1766442170043,"version":"3.48.0"},"publisher-location":"New York, NY, USA","reference-count":51,"publisher":"ACM","content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,11,19]]},"DOI":"10.1145\/3719027.3765205","type":"proceedings-article","created":{"date-parts":[[2025,11,22]],"date-time":"2025-11-22T23:33:16Z","timestamp":1763854396000},"page":"3870-3884","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Chekhov's Gun: Uncovering Hidden Risks in macOS Application-Sandboxed PID-Domain Services"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0004-5776-4789","authenticated-orcid":false,"given":"Minghao","family":"Lin","sequence":"first","affiliation":[{"name":"University of Southern California, Los Angeles, California, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-4288-4590","authenticated-orcid":false,"given":"Jiaxun","family":"Zhu","sequence":"additional","affiliation":[{"name":"Independent Researcher, Hangzhou, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1231-4050","authenticated-orcid":false,"given":"Tingting","family":"Yin","sequence":"additional","affiliation":[{"name":"Independent Researcher, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-8354-9985","authenticated-orcid":false,"given":"Zechao","family":"Cai","sequence":"additional","affiliation":[{"name":"ETH Zurich, Zurich, Switzerland"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-5388-7994","authenticated-orcid":false,"given":"Guanxing","family":"Wen","sequence":"additional","affiliation":[{"name":"Certified Kernel Tech LLC, New York, New York, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0034-0358","authenticated-orcid":false,"given":"Yanan","family":"Guo","sequence":"additional","affiliation":[{"name":"University of Rochester, Rochester, New York, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-2721-4021","authenticated-orcid":false,"given":"Mengyuan","family":"Li","sequence":"additional","affiliation":[{"name":"University of Southern California, Los Angeles, California, USA"}]}],"member":"320","published-online":{"date-parts":[[2025,11,22]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Apple. [n.d.]. app-sandbox. https:\/\/developer.apple.com\/documentation\/security\/app-sandbox."},{"key":"e_1_3_2_1_2_1","unstructured":"Apple. [n.d.]. Entitlement. https:\/\/developer.apple.com\/documentation\/bundleresources\/entitlements."},{"key":"e_1_3_2_1_3_1","unstructured":"Apple. [n.d.]. SecureCodingGuide. https:\/\/developer.apple.com\/library\/archive\/documentation\/Security\/Conceptual\/SecureCodingGuide\/Articles\/ AccessControl.html."},{"key":"e_1_3_2_1_4_1","unstructured":"Apple. 2014. Working with Blocks. https:\/\/developer.apple.com\/library\/ archive\/documentation\/Cocoa\/Conceptual\/ProgrammingWithObjectiveC\/WorkingwithBlocks\/WorkingwithBlocks.html."},{"key":"e_1_3_2_1_5_1","unstructured":"Apple. 2021. About System Integrity Protection on your Mac. https:\/\/support.apple.com\/en-us\/102149."},{"key":"e_1_3_2_1_6_1","unstructured":"Apple. 2024. Page Protection Layer. https:\/\/support.apple.com\/en-hk\/guide\/security\/sec8b776536b\/1\/web\/1#sec314c3af61."},{"key":"e_1_3_2_1_7_1","unstructured":"Apple Inc. 2024. About System Integrity Protection on your Mac. https:\/\/support.apple.com\/en-us\/102149"},{"key":"e_1_3_2_1_8_1","unstructured":"Apple Inc. 2024. Apple Secure Enclave. https:\/\/support.apple.com\/zh-cn\/guide\/security\/sec59b0b31ff\/web"},{"key":"e_1_3_2_1_9_1","unstructured":"Apple Inc. 2025. Entitlements - Apple Developer Documentation. https:\/\/developer.apple.com\/documentation\/bundleresources\/entitlements."},{"key":"e_1_3_2_1_10_1","volume-title":"Damien Octeau, and Patrick McDaniel.","author":"Arzt Steven","year":"2014","unstructured":"Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, and Patrick McDaniel. 2014. Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. ACM sigplan notices 49, 6 (2014), 259--269."},{"key":"e_1_3_2_1_11_1","volume-title":"Full Transparency: Controlling Apple's TCC. https:\/\/www.huntress.com\/blog\/full-transparency-controlling-apples-tcc.","author":"Ashenbrenner Stuart","year":"2024","unstructured":"Stuart Ashenbrenner. 2024. Full Transparency: Controlling Apple's TCC. https:\/\/www.huntress.com\/blog\/full-transparency-controlling-apples-tcc."},{"key":"e_1_3_2_1_12_1","volume-title":"32nd USENIX Security Symposium (USENIX Security 23)","author":"Cai Zechao","year":"2023","unstructured":"Zechao Cai, Jiaxun Zhu, Wenbo Shen, Yutian Yang, Rui Chang, Yu Wang, Jinku Li, and Kui Ren. 2023. Demystifying Pointer Authentication on Apple M1. In 32nd USENIX Security Symposium (USENIX Security 23). 2833--2848."},{"key":"e_1_3_2_1_13_1","unstructured":"census labs. 2019. vs com.apple.security.sandbox. https:\/\/census-labs.com\/media\/sandbox-argp-csw2019-public.pdf."},{"key":"e_1_3_2_1_14_1","volume-title":"GoFetch: Breaking Constant-Time Cryptographic Implementations Using Data Memory-Dependent Prefetchers. In 33rd USENIX Security Symposium (USENIX Security 24)","author":"Chen Boru","year":"2024","unstructured":"Boru Chen, Yingchen Wang, Pradyumna Shome, Christopher Fletcher, David Kohlbrenner, Riccardo Paccagnella, and Daniel Genkin. 2024. GoFetch: Breaking Constant-Time Cryptographic Implementations Using Data Memory-Dependent Prefetchers. In 33rd USENIX Security Symposium (USENIX Security 24). USENIX Association, Philadelphia, PA, 1117--1134. https:\/\/www.usenix.org\/conference\/usenixsecurity24\/presentation\/chen-boru"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00023"},{"key":"e_1_3_2_1_16_1","unstructured":"Hugues Evrard and Paul Thomson. 2017. GraphicsFuzz: Secure and Robust Graphics Rendering. https:\/\/www.khronos.org\/assets\/uploads\/developers\/library\/2017-gdc-webgl-webvr-gltf-meetup\/10-ImperialCollegeLondon-GraphicsFuzz_Mar17.pdf."},{"volume-title":"USENIX security symposium","author":"Felt Adrienne Porter","key":"e_1_3_2_1_17_1","unstructured":"Adrienne Porter Felt, Helen J Wang, Alexander Moshchuk, Steve Hanna, and Erika Chin. 2011. Permission re-delegation: Attacks and defenses.. In USENIX security symposium, Vol. 30. 88."},{"key":"e_1_3_2_1_18_1","volume-title":"33rd USENIX Security Symposium (USENIX Security 24)","author":"Feng Siyue","year":"2024","unstructured":"Siyue Feng, Yueming Wu, Wenjie Xue, Sikui Pan, Deqing Zou, Yang Liu, and Hai Jin. 2024. {FIRE}: Combining {Multi-Stage} Filtering with Taint Analysis for Scalable Recurring Vulnerability Detection. In 33rd USENIX Security Symposium (USENIX Security 24). 1867--1884."},{"key":"e_1_3_2_1_19_1","unstructured":"FG1. 2011. Apple's Sandbox Guide. https:\/\/reverse.put.as\/wp-content\/uploads\/2011\/09\/Apple-Sandbox-Guide-v1.0.pdf."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10439-023-03272-4"},{"key":"e_1_3_2_1_21_1","volume-title":"32nd USENIX Security Symposium (USENIX Security 23)","author":"Gritti Fabio","year":"2023","unstructured":"Fabio Gritti, Nicola Ruaro, Robert McLaughlin, Priyanka Bose, Dipanjan Das, Ilya Grishchenko, Christopher Kruegel, and Giovanni Vigna. 2023. Confusum contractum: Confused deputy vulnerabilities in ethereum smart contracts. In 32nd USENIX Security Symposium (USENIX Security 23). 1793--1810."},{"volume-title":"Fugu14 - Untethered iOS 14 Jailbreak. https:\/\/github.com\/LinusHenze\/Fugu14","author":"Henze Linus","key":"e_1_3_2_1_22_1","unstructured":"Linus Henze. 2021. Fugu14 - Untethered iOS 14 Jailbreak. https:\/\/github.com\/LinusHenze\/Fugu14."},{"key":"e_1_3_2_1_23_1","unstructured":"Linus Henze. 2022. Fugu15 - The Journey to Jailbreaking iOS 15.4.1. https:\/\/objectivebythesea.org\/v5\/talks\/OBTS_v5_lHenze.pdf."},{"key":"e_1_3_2_1_24_1","unstructured":"Zhipeng Huo. 2021. CVE-2020--9971 Abusing XPC Service mechanism to elevate privilege in macOS\/iOS. 1--7."},{"key":"e_1_3_2_1_25_1","unstructured":"Mikcy Jin. 2023. A New Era of macOS Sandbox Escapes: Diving into an Overlooked Attack Surface and Uncovering 10 New Vulnerabilities. 1--7."},{"key":"e_1_3_2_1_26_1","unstructured":"Keith Johnson. 2021. A deep dive into macOS TCC.db. https:\/\/www.rainforestqa.com\/blog\/macos-tcc-db-deep-dive."},{"volume-title":"Operation Triangulation: The last (hardware) mystery. https:\/\/securelist.com\/operation-triangulation-the-last-hardware-mystery\/111669\/.","year":"2023","key":"e_1_3_2_1_27_1","unstructured":"Kaspersky. 2023. Operation Triangulation: The last (hardware) mystery. https:\/\/securelist.com\/operation-triangulation-the-last-hardware-mystery\/111669\/."},{"key":"e_1_3_2_1_28_1","unstructured":"Aditya Kuppa Nikon Rasumov-Rahe and Marc Voses. 2023. Chain of reference prompting helps llm to think like a lawyer. In Generative AI law workshop. sn."},{"key":"e_1_3_2_1_29_1","unstructured":"Jonathan Levin. 2016. Hack in the (sand)Box. https:\/\/newosxbook.com\/files\/HITSB.pdf."},{"key":"e_1_3_2_1_30_1","unstructured":"Patrick Lewis Ethan Perez Aleksandra Piktus Fabio Petroni Vladimir Karpukhin Naman Goyal Heinrich K\u00fcttler Mike Lewis Wen-tau Yih Tim Rockt\u00e4schel et al. 2020. Retrieval-augmented generation for knowledge-intensive nlp tasks. Advances in neural information processing systems 33 (2020) 9459--9474."},{"key":"e_1_3_2_1_31_1","unstructured":"Asahi Lina. 2023. agx-exploit. https:\/\/github.com\/asahilina\/agx-exploit."},{"key":"e_1_3_2_1_32_1","volume-title":"33rd USENIX Security Symposium (USENIX Security . 5663--5680","author":"Liu Dexin","year":"2024","unstructured":"Dexin Liu, Yue Xiao, Chaoqi Zhang, Kaitao Xie, Xiaolong Bai, Shikun Zhang, and Luyi Xing. 2024. {iHunter}: Hunting Privacy Violations at Scale in the Software Supply Chain on {iOS}. In 33rd USENIX Security Symposium (USENIX Security . 5663--5680."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3559391"},{"key":"e_1_3_2_1_34_1","unstructured":"Karol Mazurek. 2024. MACF on macOS. https:\/\/karol-mazurek.medium.com\/macf-on-macos-004b8a490e2c."},{"key":"e_1_3_2_1_35_1","unstructured":"Karol Mazurek. 2024. SnakeApple VIII \u2014 App Sandbox. https:\/\/karol-mazurek.medium.com\/snake-apple-viii-app-sandbox-5aff081f07d5."},{"key":"e_1_3_2_1_36_1","unstructured":"Mickyjin. 2023. CVE-2023--42942: xpcroleaccountd Root Privilege Escalation. https:\/\/jhftss.github.io\/CVE-2023--42942-xpcroleaccountd-Root-Privilege-Escalation\/."},{"volume-title":"Endless Exploits: The Saga of a macOS Vulnerability Exploited Seven Times. https:\/\/objectivebythesea.org\/v7\/talks\/OBTS_v7_mJin.pdf.","year":"2024","key":"e_1_3_2_1_37_1","unstructured":"Mickyjin. 2024. Endless Exploits: The Saga of a macOS Vulnerability Exploited Seven Times. https:\/\/objectivebythesea.org\/v7\/talks\/OBTS_v7_mJin.pdf."},{"key":"e_1_3_2_1_38_1","volume-title":"22nd USENIX Security Symposium (USENIX Security 13)","author":"Octeau Damien","year":"2013","unstructured":"Damien Octeau, Patrick McDaniel, Somesh Jha, Alexandre Bartel, Eric Bodden, Jacques Klein, and Yves Le Traon. 2013. Effective {Inter-Component} communication mapping in android: An essential step towards holistic security analysis. In 22nd USENIX Security Symposium (USENIX Security 13). 543--558."},{"key":"e_1_3_2_1_39_1","unstructured":"Robert Praas. 2023. Self-Reflection on Chain-of-Thought Reasoning in Large Language Models."},{"key":"e_1_3_2_1_40_1","unstructured":"stefan esser. 2014. iOS8 Containers Sandboxes and Entitlements. https:\/\/www.slideshare.net\/slideshow\/ruxcon-2014-stefan-esser-ios8-containerssandboxes-and-entitlements\/42152963#53."},{"key":"e_1_3_2_1_41_1","unstructured":"Sven Peter. 2021. Apple Silicon Hardware Secrets: SPRR and Guarded Exception Levels (GXF). https:\/\/blog.svenpeter.dev\/posts\/m1_sprr_gxf\/."},{"key":"e_1_3_2_1_42_1","volume-title":"HW: SPRR and GXF. https:\/\/github.com\/AsahiLinux\/docs\/wiki\/HW:-SPRR-and-GXF\/.","author":"Peter Sven","year":"2021","unstructured":"Sven Peter. 2021. HW: SPRR and GXF. https:\/\/github.com\/AsahiLinux\/docs\/wiki\/HW:-SPRR-and-GXF\/."},{"key":"e_1_3_2_1_43_1","volume-title":"Breaking SIP with Apple-signed Packages. https:\/\/www.l3harris.com\/newsroom\/editor","author":"Systems Space Airborne","year":"2024","unstructured":"Space Airborne Systems. 2024. Breaking SIP with Apple-signed Packages. https:\/\/www.l3harris.com\/newsroom\/editorial\/2024\/03\/breaking-sip-applesigned-packages."},{"key":"e_1_3_2_1_44_1","unstructured":"Michael Teslia. 2024. How to Reverse Engineer an iOS App: Tips and Tools. https:\/\/www.apriorit.com\/dev-blog\/how-to-reverse-engineer-an-ios-app."},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833570"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/3564625.3568001"},{"key":"e_1_3_2_1_47_1","volume-title":"Generalizing from a few examples: A survey on few-shot learning. ACM computing surveys (csur) 53, 3","author":"Wang Yaqing","year":"2020","unstructured":"Yaqing Wang, Quanming Yao, James T Kwok, and Lionel MNi. 2020. Generalizing from a few examples: A survey on few-shot learning. ACM computing surveys (csur) 53, 3 (2020), 1--34."},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1002\/sec.1179"},{"key":"e_1_3_2_1_49_1","volume-title":"32nd USENIX Security Symposium (USENIX Security . 5039--5054","author":"Yin Tingting","year":"2023","unstructured":"Tingting Yin, Zicong Gao, Zhenghang Xiao, Zheyu Ma, Min Zheng, and Chao Zhang. 2023. KextFuzz: Fuzzing macOS Kernel EXTensions on Apple Silicon via Exploiting Mitigations. In 32nd USENIX Security Symposium (USENIX Security . 5039--5054."},{"key":"e_1_3_2_1_50_1","volume-title":"33rd USENIX Security Symposium (USENIX Security 24)","author":"Zhao Jiaxu","year":"2024","unstructured":"Jiaxu Zhao, Yuekang Li, Yanyan Zou, Zhaohui Liang, Yang Xiao, Yeting Li, Bingwei Peng, Nanyu Zhong, Xinyi Wang, Wei Wang, et al. 2024. Leveraging semantic relations in code and data to enhance taint analysis of embedded systems. In 33rd USENIX Security Symposium (USENIX Security 24). 7067--7084."},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/3658644.3690376"}],"event":{"name":"CCS '25: ACM SIGSAC Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Taipei Taiwan","acronym":"CCS '25"},"container-title":["Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3719027.3765205","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,22]],"date-time":"2025-12-22T22:17:00Z","timestamp":1766441820000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3719027.3765205"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11,19]]},"references-count":51,"alternative-id":["10.1145\/3719027.3765205","10.1145\/3719027"],"URL":"https:\/\/doi.org\/10.1145\/3719027.3765205","relation":{},"subject":[],"published":{"date-parts":[[2025,11,19]]},"assertion":[{"value":"2025-11-22","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}