Reporting a Full Disk Access Bug to Apple
Update from Ventura to Sonoma.
[…]
It is still possible to access the Mail folder even though FDA has been revoked. This also happens for other apps like Find Any File. I revoked FDA for Find Any File and was still able to search for emails in the Mail folder.
[…]
On 21-Sep-2023, I reported the bug to Apple as a security issue. Apple requested videos demonstrating the problem, code snippets, and screenshots. This took place over several weeks in November. At some point between the end of November 2023 and February 2024 the case was closed. Apple stated that they were not able to identify a security issue[…]
Previously:
- Bypassing App Management With TextEdit
- Bypass TCC via Privileged Helpers
- More Trouble With the Apple Security Bounty
3 Comments RSS · Twitter · Mastodon
Apple’s security & privacy may be pretty good, but Apple’s security & privacy setting system is awful, full of intractable bugs and confusing behaviour - so much so that it is hard to have confidence in the underlying systems working properly given how bad the control systems are.
We're in 2024 and there are still no APIs provided by Apple to at least properly help end users to enable FDA or system extensions.
No need to say more about the awful state of UI and UX in Apple's system applications or OSes when it comes to security.
@someone Not even APIs for apps to know whether they have FDA or not so they can advise the user what to do.