After a forced reboot (and another reboot for good measure), the applications I allow to "Accessibility" control under System Preferences > Security & Privacy > Privacy no longer includes Rectangle.app nor allows me to add it manually. Nothing appears there anymore and nothing can be added.

As well as many of the other features talked about during macOS Mojave's release like dark mode and the addition of new apps like Home, another key feature of macOS Mojave seems to be it's heightened focus on both privacy and security. As quoted under the "Camera and Microphone Now Require Your Permission" section of this article: > Apple also announced that other categories of data, such as your Messages history and Mail database, will be protected in a similar manner to macOS Mojave's new camera and microphone permissions. I understand that after the update, when an app requests to use your camera or microphone, you will receive an alert like the one below: However, I am more intrigued by the following: > ...other categories of data, such as your Messages history and Mail database, will be protected in a similar manner... I have been unable to find much information about this online and I do not currently have the pre-release version of macOS Mojave installed and am therefore unable to test this new feature but I am curious to know what exactly this feature will mean. Has Apple publicly documented how this will work?

So if you joined a network in the past and trusted its certificate while at it, and saved it on your iPhone/iPad. Sometime later, if either: 1. It’s the same network but their previous certificate has expired and they’re now using a new one or 2. Your device finds another network with the same SSID, which does not have the same certificate (has no certificate or has a different certificate) Will your iPhone/iPad alert you or will it quietly join without asking you about anything?

I know there have been various questions asked on this topic before, but I haven't seen a question that focused specifically on whether data from a factory reset iPhone could be recovered if **a passcode** was not used. Apple states on their website "Setting a passcode also **turns on data protection**, which encrypts your iPhone data with 256-bit AES encryption". (https://support.apple.com/en-gb/guide/iphone/iph14a867ae/ios) Therefore, if someone decided to not set a passcode on their iPhone and then reset their iPhone at a later date, would the data on their phone then be unencrypted and thus recoverable by a third party?

I am on Catalina 10.15.7 and use Karabiner-Elements 13.3. When I use the rule shown below for opening Terminal nothing happens unless Terminal is in focus (you can see Terminal on the menu bar). Seems like something to do with security permissions. When I run the script itself from within iTerm (not Terminal) I got a pop up asking for allowing "access to control". Once accepted the shortcut worked when either Terminal or iTerm was in focus. Obviously I want the shortcut to work regardless of what is in focus. How to achieve that?

{
  "title": "Open Terminal",
  "rules": [
    {
      "description": "Open Terminal",
      "manipulators": [
        {
          "type": "basic",
          "from": {
            "modifiers": {
              "mandatory": [
                "left_control",
                "left_alt"
              ]
            },
            "key_code": "t"
          },
          "to": [
            {
              "shell_command": "osascript -e 'tell app \"Terminal\"' -e 'do script \"tmux\"' -e 'end tell'"
            }
          ]
        }
      ]
    }
  ]
}

A certificate that we use for Wi-Fi in the office has expired, and it does not renew for some reason. I tried to delete it from the Keychain Access I get the following error: I guess that's the reason why the certificate is not being renewed. I tried the same from terminal as well. When I try to find it using its name, it finds and shows that it is not valid.

$> security find-identity  "XXXXXXXoffice"  /Users/username/Library/Keychains/login.keychain-db


Policy: X.509 Basic
  Matching identities
  1) F0XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX30 "localhost" (CSSMERR_TP_CERT_EXPIRED)
  2) E9XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXC9 "4ab2f0ae-76fd-4636-a899-c4e89b8386d1" (CSSMERR_TP_NOT_TRUSTED)
     2 identities found

  Valid identities only
     0 valid identities found

When I try to delete it though, I get an error, just like I get from the Keychain Access.

security delete-identity -c "XXXXXXXoffice"  /Users/username/Library/Keychains/login.keychain-db
Unable to delete certificate matching "XXXXXXXoffice"%

Any suggestions on how I can delete this keychain identity?

#### Is it expected for a retail purchased, non-provisioned devices configured with AMFI (Apple Mobile File Integrity) developer mode force enabled? I recently bought two MacBooks with AppleCare+ through Apple retail channels that are AMFI developer mode force enabled. I didn't purchase the MacBooks with business or developer accounts. #### Machine 1 A MacBook Pro from Apple.com as a certified refurbished unit (the one mentioned above) for store pickup. After strange mdm type behavior (wifi settings etc. changing without my involvement and what appear to be mdm related network calls) I took it the Genius bar and Apple performed the following actions: - Fresh MacOS install - DFU restore - Logic board replacement Developer mode force enabled persisted on the machine after each of the steps above. In MacOS, are AMFI developer mode force enabled and developer mode managed through devtoolssecurity different settings? Under what circumstances, if any, would you expect AMFI developer mode force enabled with a fresh retail MacBook? ##### Key Differences Summarized | | AMFI Developer Mode "Force Enabled" | Developer Mode via devtoolssecurity / System Settings | | - | ----- | ----- | | **Purpose** | Relaxes core code signature validation for running unsigned/self-signed code at a lower system level. | Allows admin or _developers group users to run Apple-signed debugging and performance analysis tools without a password; allows Xcode to run apps on devices. | | **Control Level** | Deeper system-level setting, often requiring more intrusive modifications or specific provisioning. | User-facing setting, designed to be easily toggled by administrators or developers. | | **Security Impact** | Significantly reduces the overall security posture of the system by relaxing fundamental code integrity checks. | Offers a controlled relaxation of security for development tools, with explicit user consent. | | **Visibility** | Often discovered through system logs (log show --predicate 'eventMessage CONTAINS "AMFI"') or specific diagnostic tools. | Clearly visible and manageable in System Settings > Privacy & Security and via devtoolssecurity command. | | **Control** | Modifying AMFI developer mode force enabled settings on macOS is not part of standard user configuration — it involves low-level system changes that can compromise security and are typically reserved for Apple internal use, MDM provisioning, or advanced development scenarios. | DevToolsSecurity -enable | > "AMFI developer mode force enabled" implies a more profound and potentially less secure state where the system's fundamental code integrity checks are bypassed for development, while the "Developer Mode" controlled by devtoolssecurity is a more granular and user-controlled setting designed for everyday development tasks with Apple's tools.

We have a 2018 MBP business laptop with an SSD that's died. The support company have declared it is dead and recommended recycling it. I'd very much like to get it booting from an external SSH. FYI: The machine does NOT allow booting from external drives, but doesn't have a firmware password set. Things I've tried: 1) When I attempt to access Startup Security Utility with no external SSD attached, I get the no admin accounts exist message. 2) I've entered Recovery Mode with a known-good OS on an external SSD, and can access Startup Security Utility, and can select one of the Admin accounts on that external SSD OS, but entering the passwords for these accounts does nothing. 3) As a punt, I also tried to enter the admin account pass for the dead Mac, even though the selectable username was wrong, but no dice. 4) In an attempt to be hacky about it, I booted from the external SSD on a different MBP, and added an admin account with the same username and password that I know was on the dead Mac, then attempted No. 2 again, and this time I can select the correct username, but entering the correct password fails. So I'm assuming there's more than just a user/password combo stored in the T2 (or wherever). Any other ideas? Is there any hope of getting this thing usable even for my kid? Cheers!

I can't seem to "Verify Password" for "Apple Account Suggestions", and I think it's my VPN (work) or Jamf policies, and I can't figure out what the issue is to tell the network/security team, and I'm remote so I can't easily get people to look at it. I would like to present them findings to figure this out. See screenshot for example of what is showing up: I'm able to click "Resume Data Sync" and it seems to go away for a while then come back (probably just a delay in it trying to sync and failing) but if I do "Verify" then I get both back immediately. When I record system events with Console before/after, I do find several events but I'm not sure * How to have those Console logs to disk so I can better analyze them in a text editor that I'm familiar with * What is likely causing issues (probably Jamf?) What I've definitely tried: * Disconnecting from the VPN * Being on the VPN * Restarting What I've avoided: * Removing iCloud entirely. I had this issue before, and I completely forget how I fixed it, but it was definitely kicking things until it finally worked again, and I'm pretty sure I removed this once before and that wasn't the actual fix, just a long annoying process to go through. I really like having Messages and Notes on the computer that I'm using day-in and day-out. What machine are you using? * Apple M4 Max * 64GB RAM * macOS: Sequoia 15.5 (24F74)

I’m running into an issue on macOS Sonoma 14.4.1 relating to file quarantine xattr -w com.apple.quarantine true uTorrent\ Web When I write quarantine metadata to a this file, it results in utorrent not being able to open. Im looking for the proper value for com.apple.quarantine say for a file you've pulled using curl. Assuming that's of any value. Is there a way to run a newly downloaded binary by gatekeeper?

What is the best way to add quotas to filesystems in MacOS? I know it can be done to Volumes, however interested where quotas can be modified later (Volumes are only at creation). Specifically, to prevent a DOS on disk space consumption and best practice to cover this for users.

TLDR: How can I find make security set-key-partition-list run against a single entry, rather than everything in the keystore? --- I was facing issues with a cipher mismatch with an dotnet/aspnet app and a self signed cert: Eventually I found [this github issue](https://github.com/dotnet/runtime/issues/27132#issuecomment-553048843) , which led me to

log stream --process

Giving:

securityd: [com.apple.securityd:integrity] failure extending partition
 securityd: [com.apple.securityd:security_exception] MacOS error: 32
 securityd: [com.apple.securityd:clientid] code requirement check failed (-67050), client is not Apple-signed
 securityd: [com.apple.securityd:integrity] ACL partition mismatch: client teamid:UBF8T346G9 ACL ("cdhash:71c6a2e36e9b3aa01232049c467ebbad51311b9")

Searching from there gave me [this SO question(!)](https://stackoverflow.com/q/64017267/16505654) , which suggested

sudo security set-key-partition-list -D localhost -S unsigned:,teamid:UBF8T346G9 $(security login-keychain)

And voila, this worked - I can now use this certificate to run the app locally. But, that command ran against ~2489 entries, rather than the 1 that I expected. **So**, how can I find make security set-key-partition-list run against a single entry, rather than everything in the keystore? It seems that security find-key has completely different args that don't seem to match - I either get no results, or ~2489 results. I've even got to the point of spelunking through [the source code](https://opensource.apple.com/source/Security/Security-59306.61.1/SecurityTool/macOS/keychain_find.c.auto.html) to try and figure this out, but I didn't get very far.

I've grown accustomed to the convenience of being able to unlock my MacBook Pro with my Apple Watch, but I just got a new Mac Mini, and no matter what I do, it is not unlocking it for me. I have checked "Use your Apple Watch to unlock apps and your Mac" in System Preferences → Security & Privacy → General. And I am able to use my watch to unlock (e.g.) settings in the Privacy tab of that same System Preferences pane, like Accessibility settings. I just *can't* unlock the computer itself. What could be wrong? Why would this work on one computer and fail on another (newer) one?

What is the best practice to create a partition/volume with a max size, such that if a user fills the volume, another user can log in from an administrative account and resolve the problem? Typically in Unix like OSs, this is creation of /export or /opt on a separate file system with disk slice. The root account home directory would be in /home/root or /, which would also be a separate file system on a disk slice or partition. I considered volumes or partitions, creating one specifically for a user or perhaps one for storage. I think a volume with quota is most appropriate as it can grow to quota, without reserving the space. I'm asking because I'm exporting an NFS filesystem for use by my VM home directories. I considered the security use case where a VM fills up the NFS volume, which may cause a denial of service on MacOS user where the export point is located.

I was wondering if there's any difference between adding trusted certificate from commandline :

security add-trusted-cert -d -r trustRoot ~/c1.cer

and opening the certificate in the keychain UI an mark it as "always trust". I've got an application that fail on server certificate validation when I mark the server's published certificates as valid from GUI but passes when I do the same from commandline.

I need one of the root CA certificates, as a filename, to pass to a command-line program. I could download it from DigiCert (and convert it to the required format, .crt) manually, but I figure it's easier to just use the CA that OS X must already have. It's a common certificate, and all my Linux servers already have it, for example. In the "Keychain Access" app, the correct certificate does exist, but I can't find anything that says where it lives. Do these CAs exist in the filesystem, or only in an opaque proprietary format for OS X APIs?

I have a wireless network which is authenticated using EAP-TLS and a computer certificate. The certificate and corresponding private key has been issued and is installed in the 'system' keychain and when connecting to the network and selecting the certificate, the machine successfully connects to the network. However, when logging off, the network disconnects. The computer is running macOS Sonoma. I have run the command

networksetup -listpreferredwirelessnetworks en0

and the network shows in this list. How can I troubleshoot this issue and ensure it remains connected on the login screen?

I want to manually create, delete, and restored to snapshots on my APFS volumes (external, for data use, so not limited by SIP). I'm using snaputil , but maintaining APFS snapshots require two entitlements: com.apple.developer.vfs.snapshot and com.apple.private.apfs.revert-to-snapshot. However, I neither have access to nor intend to enroll (buy) in Apple's developer program, which grants permission to use these entitlements. On my old Intel MacBook, I was able to sign it ad-hoc with these two entitlements and disable AMFI to run the program. On my new M1 MacBook, I don't want to degrade the security, so I want to search for another solution. I find this article explaining how to sign gdb with the permission to debug other programs (create and trust your own signing certificate, then use it to sign gdb), but using the same steps (replacing com.apple.security.cs.debugger with com.apple.developer.vfs.snapshot) failed (get SIGKILL immediately) with these messages in Console:

ERROR	21:05:32.777057+0800	taskgated-helper	Disallowing snaputil because no eligible provisioning profiles found
DEFAULT	21:05:32.777558+0800	kernel	mac_vnode_check_signature: /Volumes/Data/snaputil: code signature validation failed fatally: When validating /Volumes/Data/snaputil:
  Code has restricted entitlements, but the validation of its code signature failed.
Unsatisfied Entitlements:
DEFAULT	21:05:32.777568+0800	kernel	proc 23718: load code signature error 4 for file "snaputil"
DEFAULT	21:05:32.777446+0800	amfid	/Volumes/Data/snaputil signature not valid: -67671

What do these error messages mean? Is it impossible to run snaputil and manage APFS snapshots without paying Apple or degrading the system security?

According to Apple , > With Safari 5 through 5.1.7, a lock icon appears near the top right > corner [only] if all of the webpage's content uses a secure connection. That's all very well, but normally to view the SSL/TLS certificate for a webpage serving content over HTTPS, one would click the padlock icon. Because the icon is not present on pages that serve only *some* of their content over SSL/TLS, there ought to be another way to view the certificate, but what is it?

I recently updated my Ventura OS to 13.7.5 (from 13.7.4.?). I am now getting this mysterious error message whenever I try to run a script that is written in bash:

# NOTE: the pwd is the same folder that "anyscript.sh" is located in 

% ./anyscript.sh
zsh: operation not permitted: ./anyscript.sh

##### FWIW: >I use a current version of bash that I installed from "MacPorts": GNU bash, version 5.2.37(1)-release (aarch64-apple-darwin22.6.0) I get the same error if I try the "full path"; i.e.:

% /Users/seamus/scripts/anyscript.sh
zsh: operation not permitted: /Users/jmoore/scripts/rsync_pswdsafe/pwsafe_bkup.sh

I just viewed the "update log" for 13.7.5, and it seems Apple's motivation for this unusual late-term update is "security issues". Nothing I saw in [Apple's update log](https://support.apple.com/en-us/122375) suggested an association with this issue, but: * it's happened since the update * Apple has a record of breaking things during updates! Has anyone else had similar issues - or have a clue as to what this update might have wrought - or how to roll back the update - or have a cogent theory on how to fix the problem?