Root Persistence via macOS Recovery Mode Safari (yaseenghanem.com)

A researcher reports two macOS Recovery Mode Safari weaknesses that, on older versions, let attackers write arbitrary files to system partitions (enabling root persistence via LaunchDaemons) and, separately, read files without restriction. The proof-of-concept shows a malicious plist saved from Recovery Safari persisting after reboot and running as root. The post says macOS Tahoe updates later removed the risky behaviors, and it outlines a disclosure timeline submitted through Apple’s bug bounty program.