Dropbox hack blocked by Apple in Sierra

With the release of the latest version of the Mac operating system, 10.12 macOS Sierra, it’s pleasing to see that Apple have fixed a bug I reported against El Capitan in October of last year, and wrote about on this blog here and here.

The TCC.db is now under SIP, which means hacking the Accessibility preferences is no longer possible.

The bug basically allowed anyone to circumvent the authorisation warning to place an app in the list of Accessibility apps in System Preferences > Security & Privacy. It still required sudo, but an app (Dropbox being the most high profile offender) that got your admin credentials in other ways could insert itself into Accessibility and make it almost impossible for the user to remove.

Users can still alter Accessibility in the normal way (through Sys prefs GUI), but trying to hack the SQL database via Terminal now returns:

Error: attempt to write a readonly database.

Looking at xattr in Terminal for /Library/Application\ Support/com.apple.TCC confirms this with the reply:

com.apple.rootless: TCC

Hopefully, this fix will be ported to EC as well. At the moment, it’s still possible to run this hack in OS X 10.11.6.