Chekhov's Gun: Uncovering Hidden Risks in macOS Application-Sandboxed PID-Domain Services

macOS delegates many high-privilege operations to dedicated PID-domain services, which applications can register and communicate with through inter-process communication (IPC). This architecture improves userland stability and security but also introduces attractive attack surfaces for adversaries. In this paper, we systematically analyze PID-domain services and uncover an overlooked attack vector: PID-domain services that are restricted to an Application Sandbox identical to the calling application can still be exploited due to subtle entitlement differences.