What does the Security issue you are seeing involve?
Privacy
Are you able to reproduce the issue?
Yes
What software version(s) and hardware have you reproduced the issue on?
macOS 15.0 (24A335)
MacBook Air M2
Description
macOS 15 introduces new Local Network permissions.
However, the permission prompt is only presented to the user for applications in the /Applications directory.
Any app located elsewhere can completely bypass these permissions and access the local network without prompting.
This is a severe privacy issue and completely defeats the purpose of these new permissions.
Attached is a demo Xcode project demonstrating the issue.
Build and run the app. It will display a list of all devices in the local network.
No prompt is presented to the user. The app has full access to the local network.
It doesn't matter if you run the app attached to Xcode or not.
The privacy prompt is never shown.
Now place the app in the /Applications directory and run it.
The privacy prompt is now displayed.
Details
What does the Security issue you are seeing involve?
Privacy
Are you able to reproduce the issue?
Yes
What software version(s) and hardware have you reproduced the issue on?
macOS 15.0 (24A335) MacBook Air M2
Description
macOS 15 introduces new Local Network permissions. However, the permission prompt is only presented to the user for applications in the /Applications directory.
Any app located elsewhere can completely bypass these permissions and access the local network without prompting. This is a severe privacy issue and completely defeats the purpose of these new permissions.
Attached is a demo Xcode project demonstrating the issue. Build and run the app. It will display a list of all devices in the local network. No prompt is presented to the user. The app has full access to the local network.
It doesn't matter if you run the app attached to Xcode or not. The privacy prompt is never shown.
Now place the app in the /Applications directory and run it. The privacy prompt is now displayed.
Files
TestLocalNetwork.zip