search

objective-see / BlockBlock

BlockBlock provides continual protection by monitoring persistence locations.
GNU General Public License v3.0
619 stars 38 forks source link

BlockBlock gives itself several permissions that the user is never prompted about. #55

Closed NoctuaMico closed 1 year ago

NoctuaMico commented 1 year ago

MacOS version: Ventura - Not beta BlockBlock version: 2.4.2

I check which apps is enabled in the permission settings every now and then. When I checked today it had several permissions that I have never accepted.

I uninstalled BlockBlock and rebooted and they were all gone from permissions settings. I reinstalled BlockBlock and the same happened again besides BlockBlock was only added to screen recording/Input monitoring, but not enabled.

objective-see commented 1 year ago

This is an Apple bug in macOS Ventura.

It appears the Endpoint Security clients (e.g. BlockBlock) who are granted Full Disk Access (FDA), and then also / inadvertently granted many other permissions by macOS. Permissions the client (e.g. BlockBlock) neither asked for nor needs.

This has been reported to Apple, hopefully a macOS fix will be forthcoming!

NoctuaMico commented 1 year ago

This is an Apple bug in macOS Ventura.

It appears the Endpoint Security clients (e.g. BlockBlock) who are granted Full Disk Access (FDA), and then also / inadvertently granted many other permissions by macOS. Permissions the client (e.g. BlockBlock) neither asked for nor needs.

This has been reported to Apple, hopefully a macOS fix will be forthcoming!

Thanks for the clarification. That sounds like a pretty serious security vulnerability. Do you know if it's only visual or the applications actually get access to those permissions.

objective-see commented 1 year ago

@NoctuaMico sorry, but not sure at this time. But Apple has promised a fix (either way).

PatTheMav commented 1 year ago

This is an Apple bug in macOS Ventura.

It appears the Endpoint Security clients (e.g. BlockBlock) who are granted Full Disk Access (FDA), and then also / inadvertently granted many other permissions by macOS. Permissions the client (e.g. BlockBlock) neither asked for nor needs.

This has been reported to Apple, hopefully a macOS fix will be forthcoming!

Phew, I fully expected that to be the case (because it didn't appear in the same permissions lists on macOS 12) but great to see it noticed explicitly.

Maybe pin issues like these to the top of the issue tab (the other macOS 13 related bug would be another great candidate) to reduce the amount of incoming duplicates.

objective-see commented 1 year ago

Closing this out, as recently Apple pushed a fix for this!