Researcher finds Safari in macOS Recovery can write to system disk, enabling alleged root persistence

April 6, 2026
aisecuritylawhardware
Close-up of a smartphone displaying an AI chat interface with the DeepSeek app.
Photo by Matheus Bertelli on Pexels

Discovery

A security researcher has published details of two macOS Recovery Mode Safari flaws that, it has been reported, let an attacker write files to a machine’s persistent disk and read arbitrary files. The researcher says the more serious bug (CVSS 8.5) affects macOS Sequoia and earlier and allegedly allows arbitrary writes to system partitions — a fast track to persistence as root. A second, lower-severity issue (CVSS 4.6) was reported for macOS Tahoe and concerns unrestricted file reads. Technical write-ups are available on the researcher’s site.

How it works

The chain is annoyingly simple: Recovery Mode exposes a stripped-down Safari and lets you join Wi‑Fi and browse the web. The researcher, troubleshooting a dead M1 MacBook Air, discovered that choosing “Ask for each download” allowed him to save images directly to the Macintosh HD volume visible in Recovery. That should not be possible without authentication. After testing, he hosted crafted files and found Safari’s MIME guessing could be bypassed by using a nonstandard Content‑Type (for example, text/text), which forced Safari to save files with arbitrary names and extensions — including executable payloads.

Impact and context

Imagine booting to recovery and dropping a file into /Applications or /usr/local without a password. Scary, right? That sinking moment — realizing Recovery Mode can write to a persistent volume — is the emotional heart of this discovery. The researcher demonstrated the path to persistent code execution using simple HTTP responses (headers to control content type and download behavior), and it has been reported that the issue differs on Intel machines where the recovery volume layout can vary (the researcher noted Preboot behaves differently on Intel Macs).

What to watch for

It has been reported that vendor coordination and fixes have followed the disclosure; readers should check Apple security advisories and update to the latest macOS builds. Until systems are patched, the practical mitigation is to treat physical and recovery-mode access as highly sensitive: disable automatic boot to recovery where possible, use firmware passwords, and keep backups. For deep technical details, the researcher’s full write-ups walk through the proof‑of‑concepts and the exact header tricks used to bypass Safari’s safeguards.

Sources: yaseenghanem.com, Hacker News