Apple has submitted an important security function with the update to MacOS 15.4, which was released on Monday, the administrators should be interested in: In the future, so-called TCC events can also be recorded by endpoint security tools. The latter are used in particular in companies to prevent users from installing, installing malware or building risky connections. TCC stands for “Transparency, Consent and Control” and is always used when apps ask certain rights. Apple then dazzles consent dialogues. So far, endpoint security applications have only received this if they looked into log files-there was no official way to transmit them.
Dialogues are transmitted
In recent years, Apple TCC dialogues have integrated into more and more areas-from access to the camera and microphone to the remote remote control via barrier freedom function to opening certain files and folders. If malware now wants to gain access, a TCC dialog must be displayed and, if necessary, fell off by the user. At best, an endpoint security application should not be able to intervene in order to be able to intervene if necessary. “Therefore, it would be incredibly helpful for any safety tool to be able to recognize this”, writes security expert Patrick Wardlewho discovered the new feature.
The feature has been active since the Beta of MacOS 15.4. Wardle has already published code on how the query can be implemented. According to his information, security experts and developers Apple have asked for “many, many, many years” to pass on TCC events to endpoint security applications. “Now the answer is coming to our prayers.”
Relatively limited
According to Wardle, the implementation is not yet perfect. At the moment there is only one event type: “Es_event_type_notify_tcc_Modify”. “It seems incomplete to me, or at least nuanced.” In his code, who shows how this can still be used. Wardle hopes, however, that other processes will also be transferred in the future, including “ES_EVENT_TYPE_AUTH_TCC_” in different variants. It is currently unclear whether Apple has already implemented something in the final version of MacOS 15.4, Wardle has only viewed the beta.
In addition to malware that users explicitly calls for releases – TCC is sometimes problematic from a different point of view: Bugs and security gaps in this area are always possible. Unfortunately, the new function helps little here.
Discover more from Apple News
Subscribe to get the latest posts sent to your email.