General: DevForums subtopic: App & System Services > Core OS Core OS is a catch-all subtopic for low-level APIs that don’t fall into one of these more specific areas: Processes & Concurrency Resources Files and Storage Resources Networking Resources Network Extension Resources Security Resources Virtualization Resources Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com"

I'm debugging the following kernel panic to do with my custom filesystem KEXT: panic(cpu 0 caller 0xfffffe004cae3e24): [kalloc.type.var4.128]: element modified after free (off:96, val:0x00000000ffffffff, sz:128, ptr:0xfffffe2e7c639600) My reading of this is that somewhere in my KEXT I'm holding a reference 0xfffffe2e7c639600 to a 128 byte zone that wrote 0x00000000ffffffff at offset 96 after that particular chunk of memory had been released and zeroed out by the kernel. The panic itself is emitted when my KEXT requests the memory chunk that's been tempered with via the following set of calls. zalloc_uaf_panic() __abortlike static void zalloc_uaf_panic(zone_t z, uintptr_t elem, size_t size) { ... (panic)("[%s%s]: element modified after free " "(off:%d, val:0x%016lx, sz:%d, ptr:%p)%s", zone_heap_name(z), zone_name(z), first_offs, first_bits, esize, (void *)elem, buf); ... } zalloc_validate_element() static void zalloc_validate_element( zone_t zone, vm_offset_t elem, vm_size_t size, zalloc_flags_t flags) { ... if (memcmp_zero_ptr_aligned((void *)elem, size)) { zalloc_uaf_panic(zone, elem, size); } ... } The panic is triggered if memcmp_zero_ptr_aligned(), which is implemented in assembly, detects that an n-sized chunk of memory has been written after being free'd. /* memcmp_zero_ptr_aligned() checks string s of n bytes contains all zeros. * Address and size of the string s must be pointer-aligned. * Return 0 if true, 1 otherwise. Also return 0 if n is 0. */ extern int memcmp_zero_ptr_aligned(const void *s, size_t n); Normally, KASAN would be resorted to to aid with that. The KDK README states that KASAN kernels won't load on Apple Silicon. Attempting to follow the instructions given in the README for Intel-based machines does result in a failure for me on Apple Silicon. I stumbled on the Pishi project. But the custom boot kernel collection that gets created doesn't have any of the KEXTs that were specified to kmutil(8) via the --explicit-only flag, so it can't be instrumented in Ghidra. Which is confirmed as well by running: % kmutil inspect -B boot.kc.kasan boot kernel collection at /Users/user/boot.kc.kasan (AEB8F757-E770-8195-458D-B87CADCAB062): Extension Information: I'd appreciate any pointers on how to tackle UAFs in kernel space.

Hello, The customer requires transparent data encryption within their DLP system. All data on external storage must be encrypted and decrypted transparently. How can the data stream (read/write) be controlled? Are there any recommended way? Thank you in advance!

I have an iOS app that allows user to select a folder (from Files). I want to bookmark that folder and later on (perhaps on a different launch of the app) access the contents of it. Is that scenario supported or not? Can't make it work for some reason (e.g. I'm getting no error from the call to create a bookmark, from a call to resolve the bookmark, the folder URL is not stale, but... startAccessingSecurityScopedResource() is returning false.

Hi, I'm trying to mount my FSKit volume with a client app (SwiftUI). I already successfully did it with the "mount" command and I can instantiate my file-system with FSPathURLResource. Also, I managed to mount the file-system with DiskArbitration in a SwiftUI app, but I only managed to get it working with FSBlockDeviceResource. Is there a way to programmatically do it in a client app? Or is "mount" command currently the only option?

I just saw another post regarding bookmarks on iOS where an Apple engineer made the following statement: [quote='855165022, DTS Engineer, /thread/797469?answerId=855165022#855165022'] macOS is better at enforcing the "right" behavior, so code that works there will generally work on iOS. [/quote] So I went back to my macOS code to double-check. Sure enough, the following statement: let bookmark = try url.bookmarkData(options: .withSecurityScope) fails 100% of the time. I had seen earlier statements from other DTS Engineers recommending that any use of a URL be bracketed by start/stopAccessingSecurityScopedResource. And that makes a lot of sense. If "start" returns true, then call stop. But if start returns false, then it isn't needed, so don't call stop. No harm, no foul. But what's confusing is this other, directly-related API where a security-scoped bookmark cannot be created under any circumstances because of the URL itself, some specific way the URL was initially created, and/or manipulated? So, what I'm asking is if someone could elaborate on what would cause a failure to create a security-scoped bookmark? What kinds of URLs are valid for creation of security-scoped bookmarks? Are there operations on a URL that will then cause a failure to create a security-scoped bookmark? Is it allowed to pass the URL and/or bookmark back and forth between Objective-C and Swift? I'm developing a new macOS app for release in the Mac App Store. I'm initially getting my URL from an NSOpenPanel. Then I store it in a SQLite database. I may access the URL again, after a restart, or after a year. I have a login item that also needs to read the database and access the URL. I have additional complications as well, but they don't really matter. Before I get to any of that, I get a whole volume URL from an NSOpen panel in Swift, then, almost immediately, attempt to create a security-scoped bookmark. I cannot. I've tried many different combinations of options and flows of operation, but obviously not all. I think this started happening with macOS 26, but that doesn't really matter. If this is new behaviour in macOS 26, then I must live with it. My particular use requires a URL to a whole volume. Because of this, I don't actually seem to need a security-scoped bookmark at all. So I think I might simply get lucky for now. But this still bothers me. I don't really like being lucky. I'd rather be right. I have other apps in development where this could be a bigger problem. It seems like I will need completely separate URL handling logic based on the type of URL the user selects. And what of document-scoped URLs? This experience seems to strongly indicate that security-scoped URLs should only ever be document-scoped. I think in some of my debugging efforts I tried document-scoped URLs. They didn't fix the problem, but they seemed to make the entire process more straightforward and transparent. Can a single metadata-hosting file host multiple security-scoped bookmarks? Or should I have a separate one for each bookmark? But the essence of my question is that this is supposed to be simple operation that, in certain cases, is a guaranteed failure. There are a mind-bogglingly large number of potential options and logic flows. Does there exist a set of options and logic flows for which the user can select a URL, any URL, with the explicit intent to persist it, and that my app can save, share with helper apps, and have it all work normally after restart?

Hey, we also opened a bug regarding this behavior on April, back when you introduce the new event on MacOs 15.4 The bug ticket is: FB17139326 Starting macOs 15.4 you added a new event for the system extension framework named: tcc_modify The event should be triggered every-time there is a change regarding the tcc db (granted / revoked using various ways). One of the ways you can grant / revoke tcc db permission is by changing the user sqlite with root permissions. You can change various permissions regarding the user for example the apps that allowed to use microphone permissions. It is expected that when granted / revoked permissions using sqlite for microphone we will get notify from the system extension for tcc modify event. but the actual result is that the permission is added without any tcc modify event. We wanted to know if this is intentional that changing the user tcc db with root permissions, using sqlite and not conventional methods (user popup / settings), suppose to not initiate an event, and we should monitor them using other methods. Thank you, Idan

I have created a sample app which read/write from a network file. When the file was attempted to open (using open Linux API), connection to network file was lost. The thread which was stuck on the open method, returns after a long time. It was observed that for macOS, the maximum return time of the thread was around 10 mins, whereas in Windows and Linux, the maximum timeout was 60 sec and 90 sec. macOS has a very large timeout before returning the thread with a network failure error. Is this by designed and expected? With a large timeout as 10mins, it's difficult to respond swiftly back to the user.

Hi all, In InfiniTime, somebody finally implemented ANCS which forced iOS to encrypt the ble connection. As a result, my PineTime appears in the battery widget. Unfortunately, I only get a Bluetooth logo as the icon. Ideally it would be a smartwatch glyph. The GAP appearance value is being set to 0xC2 (smartwatch) Note: I've used CMF watches in the past, and they display with a smartwatch icon Any thoughts?

Application has specified the bluetooth-central background mode. Peripheral Device(BLE) is connected to the iPhone. Application will initiate a request 'retrieveConnectedPeripheralsWithServices' along with list of services to scan for. Application will receive a list of peripherals connected to the system whose service UUID's match. From the list of peripherals, application will initiate a request 'connectPeripheral' with the interested peripheral along with the option set to 'CBConnectPeripheralOptionEnableAutoReconnect'. This option is available from iOS 17+. CBConnectPeripheralOptionEnableAutoReconnect - This option will help in reconnect back to peripheral when peripheral becomes available. (Turn OFF and Turn ON) How do we achieve the same thing in earlier IOS version

I'm trying to use FSKit to create a File System Extension that can read MFS-formatted disk images, following the old MFSLives sample project for reference. I have a well-formed MFS formatted img file that I'm trying to mount, but I'm having trouble getting the system to actually use my FSModule. DiskImageMounter fails to mount the img file, but I'm able to use it to attach the image as a device by clicking "Ignore" when it prompts me that it isn't able to read the disk. This is effectively the same as using the hdiutil command in Terminal. hdiutil attach -imagekey diskimage-class=CRawDiskImage -nomount Sample.img I've read that FSKit isn't fully integrated with Disk Arbitration yet, so I decided to see if I could force the system to use my extension by using the mount command. mkdir /tmp/Sample mount -F -t MFS disk54 /tmp/Sample Watching the logs in Console, I can see that fskit_agent sees my extension in its "New Modules List", and I see an MFS process gets launched and logs messages from com.apple.running and com.apple.xpc. However, the logs from the MFS process end there, and don't include any of my debug logs, which should be posted when my FSFileSystem subclass is created or when probeResource is called. Ultimately the mount command fails with exit code 69 and prints the following error message: mount: Probing resource: The operation couldn’t be completed. Permission denied mount: Unable to invoke task I've checked everything I could think of: The extension is enabled in System Settings. The extension has the FSKit Module capability added in Xcode. The Info.plist sets the FSSupportsBlockResources key to YES. The Info.plist sets both the FSName and FSShortName keys to MFS. The extension has its Team set to my developer account, with Xcode setting the Provisioning Profile and Signing Certificate automatically. The hosting app has its Team set to my developer account with the "Development" signing certificate. I wanted to see if it was something with my project configuration or implementation, so I downloaded the KhaosT/FSKitSample project from GitHub. Once I got that building, I tried mounting a disk image using the MyFS extesnion, but my system wouldn't run that either. Is there something about the system configuration I should be aware of to enable File System Extensions? I have my MFS extension showing up and enabled, but I'm not sure if there's something I'm missing that I still have to do. Is there a capability or signing requirement I didn't list that's required for the extension to run? The documentation doesn't specify anything about the entitlements, signing capabilities, or Info.plist keys, so I'm not sure what I should be looking for. I'm running macOS Sequoia 15.6.1 on an M2 Max MacBook Pro, and I'm building my project with Xcode 26 beta 6.

Hello, I’m a developer at an IT service provider in the banking sector. In the context of an HCE-based payment solution on iOS, we use the Apple Card Session API to receive and process APDU commands. We are currently facing an issue with a specific payment terminal model (CCV): When using this terminal, the Apple Card Session correctly triggers the readerDetected and readerDeselected events, but does not fire the expected received event, even though APDU commands are clearly being sent at the protocol level. This behavior only occurs with this particular CCV terminal in our implementation – with other terminals and on Android devices, the received event is triggered reliably. The same CCV terminal also works without issues when using Apple Pay or PayPal (which also uses HCE → Card Session), and APDU data is transmitted as expected in those cases. Interestingly, in our implementation, roughly every 10th to 20th transaction with this CCV terminal does trigger the received event and APDU commands are delivered — in those rare cases, the payment proceeds successfully. In the system logs, we sometimes see APDU commands marked as invalid, but this also happens in cases where communication works fine, so we’re not sure whether this is actually related to the missing events. Our questions: Has anyone encountered this behavior before – specifically missing received events despite active communication from the terminal? Are there known limitations or specific requirements for payment terminals so that APDU commands are passed through to the Apple Card Session? Are there any diagnostic tools or logs we could use to better narrow down the root cause? At this point, we are unsure whether the issue lies in terminal compatibility, the Apple Card Session itself, or our implementation. Any insights, experiences, or technical hints would be greatly appreciated. Thanks in advance for your help!

We are working with earphones that support Bluetooth BR/EDR (non-BLE). In our iOS app using CoreBluetooth, BLE peripherals appear during discovery, but this device does not.

In FileProvider framework based app, is it mandatory to make the host-app sandboxed? I think, no, as Google Drive app is non-sandboxed. But when removing sandboxing from my hostApp, even though mount is visible in Finder but extesnion is not being launched and Finder shows a error message saying "MyApp encountered an error. Items may be out of date." And when I add app-sanboxing, then things work fine. Can someone please help how can we remove sandboxing of hostApp and still make it work. Is there any specific entitlement we need to add, or any whitelisting needed for our Developer Team Id?

Hi, I encountered the following error while trying to launch a video game developed with Unity and running on an iPhone 12 and iPhone 16 Pro. Native StackTrace: Thread 2 (crashed) 0 libsystem_kernel.dylib 0x00000001d40102ec <symbols missing for uuid: 21ee5290d1193c31b948431865a67738> 1 libsystem_c.dylib 0x000000019330fba0 <symbols missing for uuid: 7135c2c8ba5836368b46a9e6226ead45> 2 UnityFramework 0x000000010e7bc744 <symbols missing for uuid: 4c1540b0ca733555aa69fc3e514204a3> 3 UnityFramework 0x000000010dc1c22c <symbols missing for uuid: 4c1540b0ca733555aa69fc3e514204a3> 4 UnityFramework 0x000000010cc26da4 <symbols missing for uuid: 4c1540b0ca733555aa69fc3e514204a3> 5 CoreFoundation 0x000000018b4af984 <symbols missing for uuid: 76a3b1983c09323e83590d4978e156f5> 6 libobjc.A.dylib 0x0000000183277140 7 libc++abi.dylib 0x00000001e7d20068 8 libc++abi.dylib 0x00000001e7d2000c 9 libdispatch.dylib 0x0000000193256de8 <symbols missing for uuid: 5f66cdb608a936158c6a4e3b47005495> 10 libdispatch.dylib 0x000000019325e400 <symbols missing for uuid: 5f66cdb608a936158c6a4e3b47005495> 11 libdispatch.dylib 0x000000019325ef30 <symbols missing for uuid: 5f66cdb608a936158c6a4e3b47005495> 12 libdispatch.dylib 0x0000000193269cb4 <symbols missing for uuid: 5f66cdb608a936158c6a4e3b47005495> 13 libdispatch.dylib 0x0000000193269528 <symbols missing for uuid: 5f66cdb608a936158c6a4e3b47005495> 14 libsystem_pthread.dylib 0x00000001e7e00934 15 libsystem_pthread.dylib 0x00000001e7dfd0cc

I ave an application that makes use of charts. I would like to have a button for the user to save the chart as a PDF. I tried to have the button save the PDF to the user's document directory directly. That attempt failed. But I was able to save the PDF to the application sandboxed documents directory. The question is how to programmatically move that file from the application documents folder to the user's general documents folder. So far I have not been able to find a method that will move the PDF file. Any ideas?

I have an iOS app that allows user to select a folder (from local Files). User is seemingly capable selecting the "On My iPhone" folder (the "Open" button is enabled, clickable and when it is tapped the app gets the relevant URL) although there's nothing in that folder apart from ".trash" item. Is selecting that folder not supported? If not why is the "Open" button enabled on that level to begin with?

Hi everyone! I'd like to create an application for system monitoring using the Endpoint Security framework. I already have a working prototype and now I am trying to expand its capabilities to capture more event types. Started looking at filesystem-related events as one of the most important ones for my use case. These seem to be supported fairly well by the framework (ES_EVENT_TYPE_NOTIFY_OPEN/CLOSE/CREATE/WRITE etc.) However, the "READ FILE" event seems to be absent… Am I missing something here, or Endpoint Security framework does not provide this kind of information? If it doesn't, what is the reason behind this? Capturing this type of events seems quite relevant for security-related software. Thanks & Best regards, Roman

Hello! I'm working on a mobile app that communicates with a peripheral via Bluetooth with security level 2 in a customised way, as there are also other communication protocols used. We use a bluetooth service with a specific UUID that has a write characteristic for sending data to the device and a notify characteristic for receiving data from the device. After connecting for the first time, a pairing prompt appears after successful connection and subscribing to notifications. When all is set, that is notifications are enabled, a handshake is performed and a communication session is established. There can be only one session for a bluetooth connection. So I have two questions: Regarding the pairing, is there any way that I can know the result of the pairing, so that I could start the handshake after it is accepted? What could be the best approach here? Asking because I noticed some instability on first connection (peripheral ignoring handshake). After disconnecting using Core Bluetooth, the system maintains the connection for some time before actually disconnecting. When opening the app shortly after killing the previous instance, it gets connected very quickly as it reuses the existing connection. The problem is, however, that the device wouldn't accept the new handshake and it is pretty much impossible to reuse previous session. In our use case we need a new BLE connection for each session. Is there any way I could forcibly disconnect from the device or enforce a new connection (not a reused one)? What might be the best approach here? The way I handle it now is by using retrieveConnectedPeripherals and if the device is found to be connected, I use scanning. If the device is advertising then we know it's not connected. Other than that we could also poll retrieveConnectedPeripherals and wait. But obviously it is not optimal, as the user has to wait longer than ususal. Other than that retrievePeripherals is used for getting the peripheral, if the app once found it during scanning. I saw this post describing similar issue, is it the only solution to implement API for disconnecting on the peripheral side?

Hello everyone, I’m developing an app that connects to Bluetooth Low Energy devices. While the stability of my connection is generally good, I’m looking to improve it. I noticed that the app from VanMoof, a company that makes ebikes, has an really strong connection. It even manages to connect to devices even when the app is forcefully closed. Could you please advise me on how I can improve the stability of my Bluetooth Low Energy connection and ensure that it continues to work even when the app is forcefully closed? Thanks in advance for your help!

Description: While testing Core NFC functionality on iOS 26 beta, when the NFC switch is turned off, the system automatically displays an alert. The alert contains two buttons: “Cancel” and “Settings”. Expected Behavior: When the user taps the “Settings” button, the system should navigate to the system settings page where the NFC switch can be turned on. Actual Behavior: The alert appears as expected Tapping the “Settings” button does not navigate to the system settings page No callback is triggered in the app’s NFC session Steps to Reproduce: Turn off the NFC switch on an iOS 26 beta device Trigger Core NFC functionality (e.g., NFCNDEFReaderSession or NFCTagReaderSession) The system alert appears indicating NFC is turned off Tap the “Settings” button Impact: Users cannot directly navigate to enable NFC from the system alert, making NFC features in the app unusable and negatively affecting user experience. Device Information: iOS Version: iOS 26 beta Device Model: iPhone 14pro App uses Core NFC APIs to trigger NFC sessions