>I continue to believe that macOS "security" is mainly theater that only impedes the law-abiding Mac software industry while posing little problem for Mac malware. It doesn't take a genius hacker to bypass macOS privacy protections: calling "ls" is a script kiddie level attack.
And doing something useful with it, to the level of malware? Is that also trivial?
Also, how would that "script kiddie" do that attack in the first place, if you get your apps from the App Store? If it's an independent app, all bets are off anyway. E.g. if they have a serious 0-day to do that, they wouldn't waste time with this. And they could ask the user to disable the SIP, enter root password, or whatever as well...
> And doing something useful with it, to the level of malware?
You probably couldn't use this to steal someone's bank password, but most of TCC doesn't really protect against that. An app could certainly use it to track users and target ads, since it can reveal your browsing history in detail.
That probably won't work on the Mac App Store—but the primary complaint about TCC in recent years is that it applies to all software, not just App Store apps.
This limitation also applies to the Safari and Chrome sandboxes on macOS. Being able to get metadata like this off of the system of someone who warrants buying a V8 vulnerability to attack them seems like a reasonable possibility to me.
And doing something useful with it, to the level of malware? Is that also trivial?
Also, how would that "script kiddie" do that attack in the first place, if you get your apps from the App Store? If it's an independent app, all bets are off anyway. E.g. if they have a serious 0-day to do that, they wouldn't waste time with this. And they could ask the user to disable the SIP, enter root password, or whatever as well...