Local sockets have always been something of a security issue. The OS goes a long way to separate apps, and, yes, you need to be able to connect them somehow, but it's not enforced what's actually listening on a port.
So if your little widget listens on Port X, expecting say a volume control panel to connect, a different program can connect instead and exploit maybe any vulnerability in the components. Whereas the user never asked to connect the browser (or whatever) to local port X, intending the port to be for vol cpl only.
bonghits4jeebus 1 points 5 days ago
Thanks
Local sockets have always been something of a security issue. The OS goes a long way to separate apps, and, yes, you need to be able to connect them somehow, but it's not enforced what's actually listening on a port.
So if your little widget listens on Port X, expecting say a volume control panel to connect, a different program can connect instead and exploit maybe any vulnerability in the components. Whereas the user never asked to connect the browser (or whatever) to local port X, intending the port to be for vol cpl only.