[BUG] Dylib Injection on DeepChat macOS

[Zeyad-Azima]

System details / 系统信息

macOS 26, v0.5.3

What's wrong? / 出了什么问题？

Overview

DeepChat contains a dylib Injection due to the com.apple.security.cs.disable-library-validation and com.apple.security.cs.allow-dyld-environment-variables entitlements being enabled. This allows an attacker to inject arbitrary code into the application's process space by loading malicious dynamic libraries, leading to complete application compromise.

You can check the entitlements using codesign:

macOSResearch % codesign -dv --entitlements - /Applications/DeepChat.app/Contents/MacOS/DeepChat
Executable=/Applications/DeepChat.app/Contents/MacOS/DeepChat
Identifier=com.wefonk.deepchat
Format=app bundle with Mach-O thin (x86_64)
CodeDirectory v=20500 size=511 flags=0x10000(runtime) hashes=5+7 location=embedded
Signature size=8973
Timestamp=12 Dec 2025 at 11:15:14 PM
Info.plist entries=35
TeamIdentifier=Y7P5QLKLYG
Runtime Version=15.4.0
Sealed Resources version=2 rules=13 files=2309
Internal requirements count=1 size=180
[Dict]
        [Key] com.apple.security.cs.allow-dyld-environment-variables
        [Value]
                [Bool] true
        [Key] com.apple.security.cs.allow-jit
        [Value]
                [Bool] true
        [Key] com.apple.security.cs.allow-unsigned-executable-memory
        [Value]
                [Bool] true
        [Key] com.apple.security.cs.disable-library-validation
        [Value]
                [Bool] true
        [Key] com.apple.security.files.user-selected.read-only
        [Value]
                [Bool] true
        [Key] com.apple.security.files.user-selected.read-write
        [Value]
                [Bool] true
        [Key] com.apple.security.network.client
        [Value]
                [Bool] true

The attacker can abuse it as the following:

• 1. Create malicious dylib
• 2. Launch application with injection

DYLD_INSERT_LIBRARIES=/tmp/malicious.dylib /Applications/DeepChat.app/Contents/MacOS/DeepChat

Mitigation

Set com.apple.security.cs.disable-library-validation and com.apple.security.cs.allow-dyld-environment-variables entitlements to false.

[zerob13]

Thank you for your detailed report and for taking the time to review our application.

At the moment, these entitlements are enabled out of necessity. Our Electron-based application relies on a number of third-party native modules. Given our current development resources, we are not in a position to re-sign all native modules and enforce strict library validation in the same way that projects such as VS Code do. For our current stage, implementing that level of control would be extremely difficult.

That said, we will prioritize evaluating the removal of the com.apple.security.cs.allow-dyld-environment-variables entitlement. However, we do not plan to adjust the com.apple.security.cs.disable-library-validation setting in the short term.

In addition, the security issue related to openExternal that you previously attempted to address in your PR will also be resolved in the same upcoming PR. As your earlier PR differs significantly from our current development conventions and coding standards, we will not be merging that PR directly.

We truly appreciate your attention to this matter and your support of the project.

#1314