Wednesday, November 2, 2022 [Tweets] [Favorites]

Ventura Bug Disables Security Software

Thomas Reed:

In the case of security software using Apple’s Endpoint Security framework, it is an Apple-enforced requirement that the software get a higher level of permission from TCC - namely, Full Disk Access.

[…]

Unfortunately, in Ventura, affected software will appear to have FDA within this settings pane, but in reality it does not. Worse, you cannot simply “turn it off and back on again,” as the switch for turning off FDA for the security software refuses to turn off. This leaves the software in an unfortunate state where it cannot function, and the user (seemingly) cannot give it the access it needs.

[…]

It all began with a bug in macOS that was presented by security researcher Csaba Fitzl[…]. The bug was almost ridiculously simple: Execute a simple, short command (tccutil reset All) in the Terminal and you could revoke Full Disk Access from all security clients installed on the machine, rendering their real-time protection features inactive.

[…]

In essence, Apple’s “fix” for this vulnerability ended up causing the results of the vulnerability, for all security software on all Ventura systems. 🤦‍♂️

3 Comments

A system security setting where it appears to be on, but is not in fact enabled. Huh. Where have we heard that before?

How can the security system preference system be so broken? And how can anyone trust any of the rest of the security system, when the security preference system is so buggy?

TCC has been the scourge of my professional and personal computer using life for years now. It's so buggy and half-baked. If I could disable it completely I would, and gladly live with the consequences of reduced security.

My least favorite thing about it is that, in macOS 10.14 at least, it routinely caused my mac to completely freeze for 5-20 seconds at a time when opening or switching to apps that have missing or invalid signatures. Basically the entire window server blocks while it waits for TCC to do some work I don't care about. I still run afoul of this almost daily. And sometimes it happens with apps with perfectly good signatures.

As a developer, it's been a nightmare trying to deal with getting apps the permissions they need to run. The APIs for it are garbage. The user experience is terrible. And so often users will report my software is failing because the app in question *looks* like it has the permissions in needs but in reality does not. Sometimes there's no way to fix it.

@Bri Sadly, all of that has happened to me, too.

Stay up-to-date by subscribing to the Comments RSS Feed for this post.

Leave a Comment