In Swift I'm using unzip by launching a Process to unzip a file. I added a launchRequirement to the process in order to make sure the executable is code signed by Apple and the identifier is com.apple.unzip. After testing out my code on another machines (both physical and virtual), I found out that in some the identifier is actually com.apple.zipinfo, which broke the SigningIdentifier requirement. It's safe to assume that /usr/bin/unzip can be trusted since it's in a System Integrity Protection (SIP) location, but I'm wondering why this executable has different identifiers?

There are inconsistent behaviors in sleep/wake notification callbacks across different MacBook devices and macOS versions when the device is not connected to power, with or without external displays, entering sleep mode by closing the lid, and waking up from sleep by opening the lid. When monitoring the following Objective-C notifications: NSWorkspaceScreensDidSleepNotification NSWorkspaceScreensDidWakeNotification NSWorkspaceWillSleepNotification NSWorkspaceDidWakeNotification Different devices exhibit varying notification trigger patterns: Some devices trigger all four notifications properly Some devices fail to trigger NSWorkspaceScreensDidWakeNotification Some devices fail to trigger NSWorkspaceDidWakeNotification Some devices fail to trigger NSWorkspaceWillSleepNotification These inconsistencies make it challenging to implement reliable sleep/wake detection logic across different MacBook models and macOS versions.

working on app like dropbox and making a feature like dropbox offline download, so when a file is added from a system it will download in other system but as a placeholder file once user double click or open that file or after copy pasting to another location on demand need to download the file and after that do the action open or paste so here I need file open event and paste event to be block untill it downloads. how to achieve this uing obj c, c , c++ or swift

A few minutes back I filed a feedback assistant issue for this (FB18173706), but I am not sure I filed it in the correct category and I can't find a way to edit it either. So posting this message here just to have to assigned in the right category if appropriate. The issue is as follows. On macOS 26 Tahoe Beta, "man sw_vers" has this among other details: Previous versions of sw_vers respected the SYSTEM_VERSION_COMPAT environment variable to provide compatibility fallback versions for scripts which did not support the macOS 11.0+ version transition. This is no longer supported, versions returned by sw_vers will always reflect the real system version. It says that SYSTEM_VERSION_COMPAT is no longer supported. That doesn't look right, because running sw_vers as follows on macOS 26 Beta results in: SYSTEM_VERSION_COMPAT=1 sw_vers ProductName: macOS ProductVersion: 16.0 BuildVersion: 25A5279m i.e. setting the environment variable SYSTEM_VERSION_COMPAT=1 results in sw_vers reporting the version as 16.0. Now try with SYSTEM_VERSION_COMPAT=0, and the result is: SYSTEM_VERSION_COMPAT=0 sw_vers ProductName: macOS ProductVersion: 26.0 BuildVersion: 25A5279m notice the output says 26.0. So it appears that SYSTEM_VERSION_COMPAT is supported even on macOS 26. I think the man page requires an update to match this behaviour.

I was testing audio playback from YouTube in Safari, and the sound was clipping heavily. At first, I thought it might be due to the poor quality of my small sound system. However, when I took a screenshot and the screenshot sound effect itself produced a loud clipping noise, it became clear that this is not a mechanical problem with my speakers, nor an issue specific to YouTube or Safari. This appears to be a system-wide audio issue in macOS Tahoe 26 - Beta 5.

The new drag & drop APIs for macOS 26 are terrific, but there's an important missing piece. If I use draggable(containerItemID:), there's no way to provide a custom view for the drag image. Meanwhile the older API lets you provide a preview, but you miss out on things like multi-item drag and custom drag sessions. Is there some mechanism for supplying a preview that I'm not seeing? Without it, the drag interface in my apps is going to look terrible.

I successfully installed macOS Tahoe 26 in June on a separate external partition. Now I want to update to beta 5, but when the Mac restarts to install the update, it shows the progress indicator for a minute or two, then boots again into the main partition which has macOS 15.6. Am I required to install it from scratch?

In the LightweightCodeRequirements framework, there is a LaunchCodeRequirement object which can be used as a requirement object for a Process for example. What I don't understand (I admit my macOS low-level knowledge is limited) is that how can this be used in a secure way that doesn't fall victim of a Time-of-Check/Time-of-Use issue. e.g. I specify a LaunchCodeRequirement via Process.launchRequirement for my process, let's say /usr/local/bin/mycommandlinetool. The LaunchCodeRequirement specifies my development team and a developer ID certificate. The process must be started in some form, before a SecCode/SecTask object can be created, rather than a SecStaticCode object (which only guarantees its validity checks to be intact as long as the file is not modified). But if the process was started, then I have no tools in my set to prevent it from executing its initialization code or similar. Then, by the time I'm able to check via SecCode/SecTask functions the LaunchCodeRequirement, I might have already ran malicious code - if mycommandlinetool was maliciously replaced. Or does the operating system use a daemon to copy the executable specified for Process to a secure location, then creates the SecStaticCode object, assesses the LaunchCodeRequirement and if passed, launches the executable from that trusted location (which would make sure it is immutable for replacement by malicious actors)? I have a hard time understanding how this works under the hood - if I remember correctly these are private APIs.

Hi everyone, I have a macOS application that uses Screen Recording permission. I build my app with an adhoc signature (not with a Developer ID certificate). For example, in version 1.0.0, I grant Screen Recording permission to the app. Later, I build a new version (1.1.0) and update by dragging the new app into the Applications folder to overwrite the previous one. However, when I launch the updated app, it asks for Screen Recording permission again, even though I have already granted it for the previous version. I don’t fully understand how TCC (Transparency, Consent, and Control) determines when permissions need to be re-granted. Can anyone explain how TCC manages permissions for updated builds, especially with adhoc signatures? Is there any way to retain permissions between updates, or any best practices to avoid having users re-authorize permissions after every update?

I'm working on an enterprise product that's mainly a daemon (with Endpoint Security) without any GUI component. I'm looking into the update process for daemons/agents that was introduced with Ventura (Link), but I have to say that the entire process is just deeply unfun. Really can't stress this enough how unfun. Anyway... The product bundle now contains a dedicated Swift executable that calls SMAppService.register for both the daemon and agent. It registers the app in the system preferences login items menu, but I also get an error. Error registering daemon: Error Domain=SMAppServiceErrorDomain Code=1 "Operation not permitted" UserInfo={NSLocalizedFailureReason=Operation not permitted} What could be the reason? I wouldn't need to activate the items, I just need them to be added to the list, so that I can control them via launchctl. Which leads me to my next question, how can I control bundled daemons/agents via launchctl? I tried to use launchctl enable and bootstrap, just like I do with daemons under /Library/LaunchDaemons, but all I get is sudo launchctl enable system/com.identifier.daemon sudo launchctl bootstrap /Path/to/daemon/launchdplist/inside/bundle/Library/LaunchDaemons/com.blub.plist Bootstrap failed: 5: Input/output error (not super helpful error message) I'm really frustrated by the complexity of this process and all of its pitfalls.

Using SwiftUI on macOS, how can I add a toolbar item on the right-most (trailing) edge of the window's toolbar when an Inspector is used? At the moment, the toolbar items are all left-of (leading) the split view tracking separator. I want the inspector toolbar item to be placed similar to where Xcode's Inspector toolbar item is placed: always as far right (trailing) as possible. NavigationSplitView { // ... snip } detail: { // ... snip } .inspector(isPresented: $isInspectorPresented) { InspectorContentView() } .toolbar { // What is the correct placement value here? ToolbarItem(placement: .primaryAction) { Button { isInspectorPresented.toggle() } label: { Label("Toggle Inspector", systemImage: "sidebar.trailing") } } } See the attached screenshot. When the InspectorView is toggled open, the toolbar item tracks leading the split view tracking separator, which is not consistent with how Xcode works.

I have FileProvider based MacOS application, where user is trying to copy the folder having mix of small and large files. Large files are having size ~ 1.5 GB from FileProvider based drive to locally on Desktop. Since the folder was on cloud and not downloaded the copy action triggered the download. Small files were downloaded successfully however during large file download the URLSession timed out. We are using default timeout for URLSession which is 1 min. I tried to capture logs Console.app where i found FileProvider daemon errors. PFA Solutions tried so far: Increased timeout for URLSession from 5 to 10 mins - configuration.timeoutIntervalForRequest Set timeout for resource - configuration.timeoutIntervalForResource It happens when we have low network bandwidth. Network connectivity is there but the bandwidth is low. Any clue by looking at these errors?

I have sadly not found any updated documentation regarding NSPasteboard or clipboard history in Spotlight on macOS Tahoe. However... It seems to support the standards outlined in NSPasteboard.org. Here's my example code in macOS 26.0 Beta: private func addPasswordToClipboardAsSimpleString() { NSPasteboard.general.declareTypes([.string], owner: nil) NSPasteboard.general.setString("Insecure password :(", forType: .string) } private func addPasswordToClipboardAsNSPasteboardOrgString() { NSPasteboard.general.declareTypes( [ .string, .init("org.nspasteboard.ConcealedType"), .init("org.nspasteboard.TransientType") ], owner: nil ) NSPasteboard.general.setString( "Secure password :)", forType: .string ) } When calling addPasswordToClipboardAsSimpleString(), the string is always visible in clipboard history in spotlight. When calling addPasswordToClipboardAsNSPasteboardOrgString(), the string is not visible in clipboard history in spotlight. Once the org.nspasteboard.* types are removed from the declaration, the item is visible in clipboard history. Can someone from Apple confirm what the behavior of the clipboard history is regarding NSPasteboard.org standards? Or is there an official API to mark a confidential (e.g. password) item that I write to NSPasteboard.general not show up in Spotlight's clipboard history?

Hi, I am curious about if hyperthreading is enabled/disabled on my macbook pro M1 or M4. Howto figure out? I am using macOS 15.5. Further, I develop a multi-threaded audio sequencer that creates threads per instrument. I use vector operations to increase performance. I recognized lowering synchronization rate from 250 Hz to 60 Hz gives additional performance advantages. Howto programmatically check if Hyperthreading is enabled/disabled and howto enable/disable it programmatically? After some research I found sysctl() and nvram SMTDisable=%01. https://support.apple.com/en-us/101870 Can anyone provide me an Objective C example? regards, Joël

Hello, I am currently researching to develop an application where I want to apply the MacOS updates without the password prompt shown to the users. I did some research on this and understand that an MDM solution can apply these patches without user intervention. Are there any other ways we can achieve this? Any leads are much appreciated.

I have a Swift Package, it's added to both the main app and the autofill extension. The main app is an iOS app that run directly on my mac from Xcode. I use this extension to access the bundle import Foundation import OSLog class CurrentBundleFinder {} extension Foundation.Bundle { static let myModule: Bundle = { /* The name of your local package, prepended by "LocalPackages_" */ let bundleName = "DesignSystem_DesignSystem" let logger = Logger(subsystem: "DesignSystem", category: "Bundle") logger.error("Searching for bundle: \(bundleName)") let candidates = [ /* Bundle should be present here when the package is linked into an App. */ Bundle.main.resourceURL, /* Bundle should be present here when the package is linked into a framework. */ Bundle(for: CurrentBundleFinder.self).resourceURL, /* For command-line tools. */ Bundle.main.bundleURL, /* Bundle should be present here when running previews from a different package (this is the path to "…/Debug-iphonesimulator/"). */ Bundle(for: CurrentBundleFinder.self).resourceURL?.deletingLastPathComponent().deletingLastPathComponent(), /* For app extensions - look in parent app bundle */ Bundle.main.bundleURL.deletingLastPathComponent().deletingLastPathComponent(), ] logger.error("all bundle: \(candidates, privacy: .public)") for (index, candidate) in candidates.enumerated() { logger.error("Checking candidate \(index): \(candidate?.absoluteString ?? "nil", privacy: .public)") let bundlePath = candidate?.appendingPathComponent(bundleName + ".bundle") logger.error("Bundle path: \(bundlePath?.absoluteString ?? "nil", privacy: .public)") if let bundle = bundlePath.flatMap(Bundle.init(url:)) { logger.error("Successfully found bundle at: \(bundlePath?.absoluteString ?? "unknown", privacy: .public)") return bundle } } logger.error("Unable to find bundle named \(bundleName)") fatalError("unable to find bundle named \(bundleName)") }() } Bellow is the log from the main app and the autofill extension log.txt I have check that /private/var/folders/cb/fctmx0_x3_dbxy_9wnm7g0s40000gn/X/1CC84EBB-DAC0-5120-9346-5EFBC8691CF1/d/Wrapper/Proton Pass.app/PlugIns/AutoFill.appex/DesignSystem_DesignSystem.bundle exist in the file system, but the autofill extension is unable to create a bundle from that

Our app connects to the headend to get a IDP login URL for each connection session, for example: “https://myvpn.ocwa.com/+CSCOE+/saml/sp/login?ctx=3627097090&acsamlcap=v2” and then open embedded webview to load the page. (Note: the value of ctx is session token which changes every time). Quite often the webview shows blank white screen. After user cancel the connection and re-connect, the 2nd time webview loads the content successfully. The working case logs shows: didReceiveAuthenticationChallenge is called decidePolicyForNavigationAction is called twice didReceiveAuthenticationChallenge is called decidePolicyForNavigationResponse is called didReceiveAuthenticationChallenge is called But the failure case shows: Filed to terminate process: Error Domain=com.apple.extensionKit.errorDomain Code=18 "(null)" UserInfo={NSUnderlyingError=0x11461c240 {Error Domain=RBSRequestErrorDomain Code=3 "No such process found" UserInfo={NSLocalizedFailureReason=No such process found}}} didReceiveAuthenticationChallenge is called decidePolicyForNavigationAction is called decidePolicyForNavigationResponse is called If we stop calling evaluateJavaScript code to get userAgent, the blank page happens less frequently. Below is the code we put in makeUIView(): func makeUIView(context: Context) -> WKWebView { if let url = URL(string: self.myUrl) { let request = URLRequest(url: url) webview.evaluateJavaScript("navigator.userAgent") { result, error in if let error = error { NSLog("evaluateJavaScript Error: \(error)") } else { let agent = result as! String + " " + self.myUserAgent webview.customUserAgent = agent webview.load(request) } } } return self.webview } Found some posts saying call evaluateJavaScript only after WKWebView has finished loading its content. However, it will block us to send the userAgent info via HTTP request. And I don’t think it is the root cause since the problem still occurs with less frequency. There is no problem to load same web page on Windows desktop and Android devices. The problem only occurs on iOS and macOS which both use WKWebview APIs. Is there a bug in WKWebview? Thanks, Ying

The attached file bellow contains the full error error I clone this repo to my mac, change team id and group, and run it in Xcode: https://github.com/protonpass/ios-pass There's no issue when I ran it with the Debug configuration, but when I go to Product > Scheme > Edit Scheme and change the iOS target build configuration to Release then I got that error above. I have tried Archive and export the ipa, verify that the provisioning profile contains my Mac UDID, but when double clicking the ipa to install, I also got the error This app cannot be installed because its integrity could not be verified.

I am trying to intercept localhost connections within NETransparentProxyProvider system extension. As per NENetworkRule documentation If the address is a wildcard address (0.0.0.0 or ::) then the rule will match all destinations except for loopback (127.0.0.1 or ::1). To match loopback traffic set the address to the loopback address. I tried to add NWHostEndpoint *localhostv4 = [NWHostEndpoint endpointWithHostname:@"127.0.0.1" port:@""]; NENetworkRule *localhostv4Rule = [[NENetworkRule alloc] initWithDestinationNetwork:localhostv4 prefix:32 protocol:NENetworkRuleProtocolAny]; in the include network rules. I tried several variations of this rule like port 0, prefix 0 and some others. But the provider disregards the rule and the never receives any traffic going to localhost on any port. Is there any other configuration required to receive localhost traffic in NETransparentProxyProvider?

When I have created my developer account I do it on a MacPro 2019. Now I develop to a new silicon Mac. To submit the (Mac) application App store Connect give a six-digit verification code. This code must be enter to popup window that appear on Desktop. But the popup window appear on MacPro 2019 instead of silicon Mac. How can I receive popup window in the silicon Mac Desktop, not in MacPro 2019 ? iCloud staff tell that it imposible to change the computer destination that receive popup window... Is it true ? Yes, I can use phone to enter the six-digit verification code but it is very more easy to enter the code in the popup window.