From 671bbb5c9a2e950afa5b141a4c1d906b2b7bdd24 Mon Sep 17 00:00:00 2001
From: kimg45 <138676274+kimg45@users.noreply.github.com>
Date: Sat, 10 Aug 2024 22:58:20 -0500
Subject: [PATCH] add restricted column info

---
 content/posts/macos/macOS Security Overview.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/content/posts/macos/macOS Security Overview.md b/content/posts/macos/macOS Security Overview.md
index 67c11af..7fe65c4 100644
--- a/content/posts/macos/macOS Security Overview.md	
+++ b/content/posts/macos/macOS Security Overview.md	
@@ -37,6 +37,8 @@ If the app is sandboxed, you will see
         [Bool] true
 ```
 
+You can enable a column in Activity Monitor called "Restricted" which is a flag that prevents programs from injecting code via macOS's [dynamic linker](https://pewpewthespells.com/blog/blocking_code_injection_on_ios_and_os_x.html). Ideally, this should say "Yes".
+
 ## Hardened Runtime
 
 The [Hardened Runtime](https://developer.apple.com/documentation/security/hardened_runtime) is an optional security feature that developers can enable that makes an app more resistant to exploitation. It prevents certain classes of exploits, like code injection, dynamically linked library (DLL) hijacking, and process memory space tampering.