The .NET MAUI apps on macOS are vulnerable to code injection through DLL modification, even when signed with the Hardened Runtime.
- Microsoft introduced it in 2019.
- I reported it in 2025 both to Apple and Microsoft
- Apple states it is Microsoft fault.
- Microsoft refused to patch this.
- Every app built in .NET MAUI is vulnerable.
See this blog post for details.
- Created a simple .NET MAUI application (attached as
MyFirstMauiApp.zip) using official guide - Code-signed the application with the Hardened Runtime flag enabled
codesign --force --deep --options runtime --entitlements entitlements.plist --sign "FE7FF930DB0BC9F782DCA0FAC56BDD69A52C0B1A" MyFirstMauiApp.app
- Verified the code signing and Hardened Runtime status
codesign -dvvv --entitlements :- MyFirstMauiApp.app
- Modified a library within the application bundle using a custom injection script
./inject.sh MyFirstMauiApp.app/Contents/MonoBundle/Microsoft.Extensions.Logging.dll System.ThrowHelper
- Successfully ran the application with the modified library, confirming code execution by observing HTTP requests to a controlled server
127.0.0.1 - - [03/May/2025 00:02:14] code 404, message File not found
127.0.0.1 - - [03/May/2025 00:02:14] "GET /poc HTTP/1.1" 404 -
The application was signed with Hardened Runtime as shown by the presence of the runtime flag flags=0x10000(runtime):
❯ check_cs MyFirstMauiApp.app
Executable=/Users/karmaz/MAUI/test/MyFirstMauiApp.app/Contents/MacOS/MyFirstMauiApp
Identifier=com.companyname.myfirstmauiapp
Format=app bundle with Mach-O thin (arm64)
CodeDirectory v=20500 size=71146 flags=0x10000(runtime) hashes=2212+7 location=embedded
VersionPlatform=6
VersionMin=983040
VersionSDK=1180672
Hash type=sha256 size=32
CandidateCDHash sha256=2c7a1d241bc85b8c20ebbfc681530ae4611951d3
CandidateCDHashFull sha256=2c7a1d241bc85b8c20ebbfc681530ae4611951d379761ee7508c00db64d86a9b
Hash choices=sha256
CMSDigest=2c7a1d241bc85b8c20ebbfc681530ae4611951d379761ee7508c00db64d86a9b
CMSDigestType=2
Executable Segment base=0
Executable Segment limit=5455872
Executable Segment flags=0x1
Page size=4096
CDHash=2c7a1d241bc85b8c20ebbfc681530ae4611951d3
Signature size=4788
Authority=Apple Development: kmazurek@afine.com (R5X636P694)
Authority=Apple Worldwide Developer Relations Certification Authority
Authority=Apple Root CA
Signed Time=3 May 2025 at 00:13:17
Info.plist entries=28
TeamIdentifier=9AL8KYY8WM
Runtime Version=18.4.0
Sealed Resources version=2 rules=13 files=237
Internal requirements count=1 size=200
[Dict]
[Key] com.apple.security.app-sandbox
[Value]
[Bool] true
[Key] com.apple.security.network.client
[Value]
[Bool] true
Using a custom script, I modified Microsoft.Extensions.Logging.dll within the application's MonoBundle directory to inject code that makes an HTTP request. The script:
- Creates a static constructor in the System.ThrowHelper class
- Adds code to make an HTTP request to a server under my control
- Successfully injects the payload as confirmed by both the script output and server logs
- Server logs confirmed that when the application was launched, the malicious code executed successfully:
I attached the script as an inject.sh and a Proof of Concept video that shows the injection.
.NET SDK Version: 9.0.203
macOS Version: 15.4 (Darwin/arm64)
.NET MAUI Workload Version: 9.0.51/9.0.100
Importantly, this was achieved without modifying the application's entitlements or disabling library validation through official channels. The application continued to be recognized by macOS as signed with the Hardened Runtime enabled. I have also not disabled SIP and conduct tests on MacBook Pro Apple M1 Max from the latest macOS (not in a virtual machine):
❯ csrutil status
System Integrity Protection status: enabled.
❯ sw_vers
ProductName: macOS
ProductVersion: 15.4.1
BuildVersion: 24E263