SecurityAgent taking focus for plugin in macOS 26.1

Question

Created 1d

Replies 5

Boosts 2

Participants 4

We have a custom SecurityAgentPlugin that is triggered by multiple authorizationdb entries. Some customers report that the SecurityAgent process takes window focus even though no UI or windows are displayed.

Our plugin explicitly ignores the _securityAgent user and does not show any UI for that user. However, in macOS 26.1, it appears that the plugin still causes the SecurityAgent to take focus as soon as it is triggered.

Is this a change in macOS 26.1 or a bug? Can we do anything to prevent "focus stealing"?

Boost

Answer 1

maartenweyns OP

22h

Not necessarily an Apple developer, but I ran across this when searching for an annoying bug I've been having lately on my macbook. Every few minutes, SecurityAgent.bundle steals focus from whatever app I have open. It automatically returns focus a few seconds later.

The full path of the offending bundle in my case is

/System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle

Maybe this is related? I couldn't find any other info on this issue online.

1

Answer 2

DTS Engineer OP

Apple

22h

First up, authorisation plug-ins are fundamentally brittle and if you’re shipping one as a product then you ought to test your product on every beta release of macOS that we seed. Not just major release seeds, but minor release seeds and even bug fix release seeds.

As to what’s going on here, it’s hard to say without more context. Is your plug-in based on SFAuthorizationPluginView? What rights are you inserting it to?

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

1

Answer 3

Afogh OP

22h

maartenweyns: Are you running any security software? Or software that has a SecurityAgent Plugin.

Quinn: Our product contains a SecurityAgent plugin and is an essential part of our product. We do a lot of testing, but this issue seems to be hitting some customers depending on maybe their MDM setup and software installed on the Macs. Could you make help me some documentation on changes in 26.1? We do have an SFAuthorizationPluginView, but that is not even invoked for this issue

0

Answer 4

ehale OP

11h

We are seeing the same issue with our product, except we can see it on Sequoia as well. We see the issue when we are inserting into rights: com.apple.ServiceManagement.daemons.modify

1

Answer 5

Afogh OP

9h

We are seeing the same issue with our product, except we can see it on Sequoia as well. We see the issue when we are inserting into rights: com.apple.ServiceManagement.daemons.modify

We are also adding a mechanism to com.apple.ServiceManagement.daemons.modify. I can't rule out that it also happens in Sequoia, but many of our users see the problem very often on Tahoe.

1