This question will be a long one, as I have given lot of time in doing research and also I have attached all my research in the question itself.
The window server/ display server used on linux is X11, on which OSX's window server XQuartz (now almost deprecated) was based on. Recently it was discovered in 2013 that this X11 has a very big vulnerability. article here.
The above article mentions the following
For those that don't know, X was originally designed and released in
1985 and X11 in 1987. X.org replaced X11 and was originally released
April 6, 2004. When X was originally conceived, the computing world
was in a completely different state. Both X and X.org lack a few very
important security features that are critical for modern era usage and
hardware:
- All X applications have access to everything on your screen
- All X applications can register to receive every keystroke, regardless of which window said keystrokes are typed within
- Applications such as browsers can be remotely controlled such that keystrokes can be forged as if the user were typing them
- The xhost + option can completely disable any security on the display
Older XQuartz (used by apple) was very much based on this X11, and hence these vulnerabilities were also there on MacOS.
XQuartz official website mentions the following
The XQuartz project is an open-source effort to develop a version of
the X.Org X Window System that runs on OS X. Together with supporting
libraries and applications, it forms the X11.app that Apple shipped
with OS X versions 10.5 through 10.7.
In 2017, apple made a shift away from this XQuartz as the main display server/ window server as mentioned here.
About X11 for Mac
X11 is no longer included with Mac, but X11 server and client
libraries are available from the XQuartz project.Apple created the XQuartz project as a community effort to further
develop and support X11 on Mac. The XQuartz project was originally
based on the version of X11 included in Mac OS X v10.5. There have
since been multiple releases of XQuartz with fixes, support for new
features, and additional refinements to the X11 experience. Apple is a
contributor to the XQuartz project and has worked to ensure that X11
works as expected with macOS and latest available versions of XQuartz.X11 server and client libraries for macOS are available from the
XQuartz project at www.xquartz.org. Download the latest version
available.
Currently apple uses the following mentioned in this answer from 2016 (almost 4 years old) which is also valid today as mentioned here on apple's website.
My question now; Is this mentioned technology, currently used by apple still as vulnerable as the X11 on major linux distros? Is the freely accessing other running apps' data and keystrokes vulnerability still there today or has it been solved?
Best Answer
Apple does not use X11 or XQuartz in any way. It's an entirely third-party app, created to run the X windows environment inside Apple's own Quartz graphics system.
The last build of XQuartz was released in 2016. Most people only use it to run particular software, like FontForge. They are unlikely to use it as a general computing environment.
I suspect that the security problems you mention only exist within the X environment, rather than bleeding out into MacOS's own window server. Apple has introduced all sorts of security features to restrict applications' operations and scope of influence, so I would be very surprised if these flaws existed.