onlyTrustedInfo.comonlyTrustedInfo.comonlyTrustedInfo.com
Notification
Font ResizerAa
  • News
  • Finance
  • Sports
  • Life
  • Entertainment
  • Tech
Reading: Security Bite: macOS 15.4 hits “Allow” on TCC event support
Share
onlyTrustedInfo.comonlyTrustedInfo.com
Font ResizerAa
  • News
  • Finance
  • Sports
  • Life
  • Entertainment
  • Tech
Search
  • News
  • Finance
  • Sports
  • Life
  • Entertainment
  • Tech
  • Advertise
  • Advertise
© 2025 OnlyTrustedInfo.com . All Rights Reserved.
Tech

Security Bite: macOS 15.4 hits “Allow” on TCC event support

Last updated: March 28, 2025 11:41 am
Oliver James
Share
5 Min Read
Security Bite: macOS 15.4 hits “Allow” on TCC event support
SHARE
9to5Mac security bite cybersecurity Apple

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.


For years, macOS security developers and researchers have urged Apple to add TCC events to the Endpoint Security (ES) framework. Doing so would allow them to directly trace a TCC request to the specific application (or malware) that triggered it. This could allow third-party security tools to offer real-time protection around permission requests.

The good news? Apple is finally making this happen in macOS 15.4.

The bad news? It’s rough around the edges right now.

Across Apple’s ecosystem of devices, TCC (Transparency, Consent, and Control) functions as a hugely important subsystem that prompts users to allow, limit, or deny requests from individual apps to access sensitive data and built-in hardware like the microphone and camera. The main goal of TCC is to provide users with transparency about how their data is accessed and used by applications.

Ideally, this protects users. But malware authors know people impulsively hit “Allow,” so they often rely on this tactic to trick users into approving access they shouldn’t.

Example of a malicious TCC prompt on macOS

Up until this, detecting a malicious TCC event was sort of trivial. Security tools could not directly observe one in real time. Instead, they would have to scrape logs to determine if a malicious event occurred, which often happens way after the damage is done.

As Objective-See’s Patrick Wardle—creator of several popular Mac security tools including LuLu—first spotted in the last macOS 15.4 beta, Apple has quietly added TCC events to its Endpoint Security framework. See below:

TCC event in Endpoint Security on macOS 15.4 beta 4. Image via Patrick Wardle/Objective-See.

The now-added ES_EVENT_TYPE_NOTIFY_TCC_MODIFY identifier notifies endpoint security that a TCC prompt was triggered. This could finally give third-party security tools the teeth they need to monitor permission prompts in real time and link the requests to the application that made them.

“Since the majority of macOS malware circumvents TCC through explicit user approval, it would be incredibly helpful for any security tool to detect this — and possibly override the user’s risky decision. Until now the best (only?) option was to ingest log messages generated by the TCC subsystem,” Wardle writes in a blog post.

Similarly, in the past, Apple added Gatekeeper events to the ES framework in macOS 13 Ventura. This gave endpoint security tools access to the Gatekeeper’s decision-making process regarding whether to allow or block an application from opening based on the policy set. Before this, Gatekeeper’s decision-making wasn’t accessible to third parties, much like TCC before the macOS 15.4 beta.

Apple finally adding a TCC event to Endpoint Security is great, but as Wardle points out in his breakdown, it’s “rather nuanced.” It may not capture every helpful detail, could behave inconsistently at times, and isn’t enough in its current state for any useful visibility. However, it’s important to point out that this was newly added to the macOS 15.4 beta, which will be released widely sometime next month. I expect Apple to have a lot of it ironed out by then.

I highly recommend checking out his blog post on Objective-See for technical insights.

Follow Arin: Twitter/X, LinkedIn, Threads

FTC: We use income earning auto affiliate links. More.

You Might Also Like

Midwest and Northeast in store for whiplash weather change

Grok gains a canvas-like tool for creating docs and apps

Patreon tests a native live video feature where creators can stream 24/7

‘Extremely Rare’ Baby Donkey Winds Up with Two Mommies

Apple reportedly wants to ‘replicate’ your doctor next year with new Project Mulberry

Share This Article
Facebook X Copy Link Print
Share
Previous Article Lincoln Handicap: Jamie Lynch’s guide to Doncaster feature as Thunder Run and Midnight Gun head field of 22 | Racing News Lincoln Handicap: Jamie Lynch’s guide to Doncaster feature as Thunder Run and Midnight Gun head field of 22 | Racing News
Next Article Lucid to ramp customer deliveries for Gravity SUV by end of April Lucid to ramp customer deliveries for Gravity SUV by end of April

Latest News

Steelers announce Ben Roethlisberger, Joey Porter, Maurkice Pouncey to join Hall of Honor
Steelers announce Ben Roethlisberger, Joey Porter, Maurkice Pouncey to join Hall of Honor
Sports July 28, 2025
Phillies’ Nick Castellanos out of Saturday’s lineup vs. Yankees with left knee injury
Phillies’ Nick Castellanos out of Saturday’s lineup vs. Yankees with left knee injury
Sports July 28, 2025
2025 Tour de France standings going into final stage, with Tadej Pogačar set to win 2nd consecutive trophy
2025 Tour de France standings going into final stage, with Tadej Pogačar set to win 2nd consecutive trophy
Sports July 28, 2025
2025 MLB betting: Nick Kurtz now a massive favorite to win AL Rookie of the Year
2025 MLB betting: Nick Kurtz now a massive favorite to win AL Rookie of the Year
Sports July 28, 2025
//
  • About Us
  • Contact US
  • Privacy Policy
onlyTrustedInfo.comonlyTrustedInfo.com
© 2025 OnlyTrustedInfo.com . All Rights Reserved.