Home / Apple / Michael Tsai – Blog – Avoid AppleScript security and privacy requests

Michael Tsai – Blog – Avoid AppleScript security and privacy requests

Armin Briegel:

The macOS Mojave site restricts the security and privacy controls of sending and receiving AppleEvents. A given process can only send events to another process with user authentication. Users can manage the approvals between applications in the Privacy tab of the Security and Privacy settings pane.

I ran into another case today where macOS failed to automatically add a check box under Automation so that the user could approve communication between two apps. There is still no way to manually add an app to give it permission. The only solution seems to be to reset the privacy database and hope that macOS will add the check box the next time the app tries to communicate.

Over time, although the underlying problem of covert dialogue has been resolved, this practice has persisted. You often even see the AppleScript code use this with commands other than user interaction, where it initially did not make sense. With the privacy restrictions in macOS Mojave, this practice has been actively troubling some, while sending display dialog (or other) command to a separate process. The process running this script requires authentication to send events to “System Events.”



Even after considering the options above to avoid sending AppleEvents to another process, there will still be more situations where necessary. […] MacAdmins can pre-authorize AppleEvents (and most other privacy areas) between certain processes with a Privacy Preferences Policy Control (PPPC) configuration profile. PPPC profiles can just managed when pushed from a user-approved or automatically registered MDM.


AppleScript Mac macOS 10.15 Catalina Mobile Device Management (MDM) System Selection Transparency Consent and Control (TCC)

Stay up to date by subscribing to the RSS feed for comments for this post.

Source link