Final in series. Examines how the hardened runtime controls access to protected private data and services, and how some use private entitlements.
TCC
Two bugs – one affecting SDK version beyond 11.0, the other changing designation of the Audio privacy entitlement. Now fixed.
Details of data files for MRT, XProtect, Gatekeeper and other security features in Big Sur. Covers both Intel and M1 Macs.
Privacy protection differs between GUI and the command line, causing anomalies which are being exploited to steal private data.
How to gain access to protected folders without having to add anything to the Privacy pane yourself. Now being exploited in the wild.
Now runs native on both Intel and Apple Silicon Macs, from Sierra to Big Sur beta 4.
Both apps now detect and report apps which have been built using the 11.0 SDK, and ArchiChect reports non-Intel architectures too.
What is the Accessibility list for in the Privacy tab of Security & Privacy? If you don’t use any Accessibility features, does it do anything?
Where does Apple warn the user that four stray files in an unprotected folder are specially protected by the Sandbox kernel extension?
Additional to the protected folders listed in the Privacy pane, macOS has a secret list of files which are also read-only. Apple hasn’t documented these.
