Apple - What is "xART Remote Storage Daemon" in macOS?
In the MacBook's with Touch Bar there is a new processor, Apple’s T1 processor.
The deamon xartstorageremoted
talks with the T1 processor.
Secure Enclave is part of it meaning it’s tied explicitly to the Touch Bar and Touch ID. It’s also in charge of your webcam, a small but important difference.
Nice. Something poorly documented, yet in charge of a webcam and Touch ID, opens a global listener socket under the root account.
root# lsof -i tcp
xartstora 13594 root 3u IPv4 0x30c82343150af2cf 0t0 TCP *:61500 (LISTEN)
xartstora 13594 root 4u IPv6 0x30c82343150af2cf 0t0 TCP *:61500 (LISTEN)
I'd understand if it opened a UNIX domain socket or bound to 127.0.0.1 but binding to 0.0.0.0 (*) is a security problem from my point of view.