macOS Dangerous Entitlements & TCC perms
Last updated
Last updated
Learn & practice AWS Hacking: Learn & practice GCP Hacking:
Note that entitlements starting with com.apple are not available to third-parties, only Apple can grant them.
com.apple.rootless.install.heritableThe entitlement com.apple.rootless.install.heritable allows to bypass SIP. Check .
com.apple.rootless.installThe entitlement com.apple.rootless.install allows to bypass SIP. Check.
com.apple.system-task-ports (previously called task_for_pid-allow)This entitlement allows to get the task port for any process, except the kernel. Check .
com.apple.security.get-task-allowcom.apple.security.cs.debuggercom.apple.security.cs.disable-library-validationcom.apple.private.security.clear-library-validationcom.apple.security.cs.allow-dyld-environment-variablescom.apple.private.tcc.manager or com.apple.rootless.storage.TCCsystem.install.apple-software and system.install.apple-software.standar-userThese entitlements allows to install software without asking for permissions to the user, which can be helpful for a privilege escalation.
com.apple.private.security.kext-managementEntitlement needed to ask the kernel to load a kernel extension.
com.apple.private.icloud-account-accessThe entitlement com.apple.private.icloud-account-access it's possible to communicate with com.apple.iCloudHelper XPC service which will provide iCloud tokens.
iMovie and Garageband had this entitlement.
com.apple.private.tcc.manager.check-by-audit-tokenTODO: I don't know what this allows to do
com.apple.private.apfs.revert-to-snapshotcom.apple.private.apfs.create-sealed-snapshotkeychain-access-groupsThis entitlement list keychain groups the application has access to:
kTCCServiceSystemPolicyAllFilesGives Full Disk Access permissions, one of the TCC highest permissions you can have.
kTCCServiceAppleEventsAllows the app to send events to other applications that are commonly used for automating tasks. Controlling other apps, it can abuse the permissions granted to these other apps.
Like making them ask the user for its password:
Or making them perform arbitrary actions.
kTCCServiceEndpointSecurityClientAllows, among other permissions, to write the users TCC database.
kTCCServiceSystemPolicySysAdminFilesAllows to change the NFSHomeDirectory attribute of a user that changes his home folder path and therefore allows to bypass TCC.
kTCCServiceSystemPolicyAppBundlesAllow to modify files inside apps bundle (inside app.app), which is disallowed by default.
It's possible to check who has this access in System Settings > Privacy & Security > App Management.
kTCCServiceAccessibilityThe process will be able to abuse the macOS accessibility features, Which means that for example he will be able to press keystrokes. SO he could request access to control an app like Finder and approve the dialog with this permission.
com.apple.security.cs.allow-jitcom.apple.security.cs.allow-unsigned-executable-memoryIncluding this entitlement exposes your app to common vulnerabilities in memory-unsafe code languages. Carefully consider whether your app needs this exception.
com.apple.security.cs.disable-executable-page-protectionThe Disable Executable Memory Protection Entitlement is an extreme entitlement that removes a fundamental security protection from your app, making it possible for an attacker to rewrite your app’s executable code without detection. Prefer narrower entitlements if possible.
com.apple.security.cs.allow-relative-library-loadsTODO
com.apple.private.nullfs_allowkTCCServiceAllAccording to this blogpost, this TCC permission usually found in the form:
Allow the process to ask for all the TCC permissions.
kTCCServicePostEventThis entitlement allows other processes with the com.apple.security.cs.debugger entitlement to get the task port of the process run by the binary with this entitlement and inject code on it. Check .
Apps with the Debugging Tool Entitlement can call task_for_pid() to retrieve a valid task port for unsigned and third-party apps with the Get Task Allow entitlement set to true. However, even with the debugging tool entitlement, a debugger can’t get the task ports of processes that don’t have the Get Task Allow entitlement, and that are therefore protected by System Integrity Protection. Check .
This entitlement allows to load frameworks, plug-ins, or libraries without being either signed by Apple or signed with the same Team ID as the main executable, so an attacker could abuse some arbitrary library load to inject code. Check .
This entitlement is very similar to com.apple.security.cs.disable-library-validation but instead of directly disabling library validation, it allows the process to call a csops system call to disable it.
Check .
This entitlement allows to use DYLD environment variables that could be used to inject libraries and code. Check .
and , these entitlements allows to modify the TCC database.
For more information about the exploit to get icloud tokens from that entitlement check the talk:
TODO: In is mentioned that this could be used to update the SSV-protected contents after a reboot. If you know how it send a PR please!
TODO: In is mentioned that this could be used to update the SSV-protected contents after a reboot. If you know how it send a PR please!
This entitlement allows to create memory that is writable and executable by passing the MAP_JIT flag to the mmap() system function. Check .
This entitlement allows to override or patch C code, use the long-deprecated NSCreateObjectFileImageFromMemory (which is fundamentally insecure), or use the DVDPlayback framework. Check .
This entitlement allows to modify sections of its own executable files on disk to forcefully exit. Check .
This entitlement allows to mount a nullfs file system (forbidden by default). Tool: .
Learn & practice AWS Hacking: Learn & practice GCP Hacking:
Check the !
Join the 💬 or the or follow us on Twitter 🐦 .
Share hacking tricks by submitting PRs to the and github repos.
