An Eclecticlight analysis reveals a gap in macOS's privacy controls where applications can access protected folders while appearing to have no such permissions in Privacy & Security settings. The vulnerability exploits how the TCC (Transparent Consent and Control) system treats folder access differently depending on whether the user explicitly consents or uses an Open/Save panel. This creates a UX transparency problem where users cannot reliably determine which apps have access to sensitive folders.
Safety
You can't trust macOS Privacy and Security settings
macOS's Transparent Consent and Control (TCC) system has a disclosure gap that allows applications to access sensitive folders while appearing to have no permissions in Privacy & Security settings, breaking user trust in the privacy UI.
Friday, April 10, 2026 12:00 PM UTC2 MIN READSOURCE: Hacker NewsBY sys://pipeline
Tags
safety