You can't trust macOS Privacy and Security settings
6 hours ago
- #macOS Security
- #TCC Exploit
- #Privacy Vulnerability
- The Privacy & Security settings in macOS can misleadingly indicate an app lacks access to protected folders like Documents, when it actually does.
- Using a custom app called Insent, a demonstration shows that user intent via an Open and Save Panel can grant permanent access to protected folders without consent, overriding TCC (Transparency, Consent, and Control) settings.
- After accessing a protected folder through intent, the sandboxing constraints are removed for that app, allowing continued access even if the Privacy & Security settings show access as disabled.
- To revoke this access, users must run a Terminal command ('tccutil reset All co.eclecticlight.Insent') and restart their Mac, as standard settings adjustments are ineffective.
- This behavior is specific to each protected folder; accessing one folder via intent doesn't grant access to others, and the issue may occur in macOS versions from 13.5 onwards.
- Log entries illustrate how sandboxd intercepts access requests when consent is required, but not when access is granted through user intent in an Open and Save Panel.
- The exploit requires careful sequencing and user interaction, making it less likely but still a concerning privacy vulnerability that can trap users into surrendering control over protected locations.