The Streamlabs macOS thick client does have hardened runtime enabled, but specifically allows DYLD environment variables and also disables library validation, which kills the purpose of hardened runtime. Having these settings on the executable enables an attacker to inject custom DYLIB libraries into the application. This would allow an attacker to access data inside the app, and possibly gain persistence on a machine, beyond that, as StreamLabs has access to the microphone and camera a user would gain access to that once exploited.
We can see the wrong permissions with running the codesign
utility:
csaby@bigsur ~ % codesign -dv --entitlements :- /Applications/Streamlabs\ OBS.app
Executable=/Applications/Streamlabs OBS.app/Contents/MacOS/Streamlabs OBS
Identifier=com.streamlabs.slobs
Format=app bundle with Mach-O thin (x86_64)
CodeDirectory v=20500 size=1760 flags=0x10000(runtime) hashes=46+5 location=embedded
Signature size=9059
Timestamp=2020. Dec 9. 11:29:20
Info.plist entries=30
TeamIdentifier=UT675MBB9Q
Runtime Version=10.15.0
Sealed Resources version=2 rules=13 files=1108
Internal requirements count=1 size=180
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
<true/>
<key>com.apple.security.device.audio-input</key>
<true/>
<key>com.apple.security.device.camera</key>
<true/>
<key>com.apple.security.cs.allow-dyld-environment-variables</key>
<true/>
<key>com.apple.security.cs.disable-library-validation</key>
<true/>
</dict>
</plist>% ```