Safari microphone access

Hello,

I am browsing with Safari. A website asks me to access my microphone (it is a Safari prompt dialog, not a system dialog). I am answering "yes, you can access to my microphone". Everything works fine, my microphone is allowed.

Now, i am going to macOS system settings, in "Privacy & Security" section. I open "Microphone" sub section: And i don't see any entry for Safari. My question is ... Why ? Safari is accessing to my microphone at this moment and i don't see any grant information about this in system settings...

Maybe apple allows his own softwares but this is not good for security... I hope it is not the same behaviour for full disk access grant...

Thanks

Answered by CMDdev in 796384022

Maybe apple allows his own softwares

Indeed, I believe that's what's going on. Safari has some special entitlements, you can see them if you run the following command in Terminal: codesign -dv --entitlements - /System/Volumes/Preboot/Cryptexes/App/System/Applications/Safari.app.

The special entitlement that allows this kind of behaivor is com.apple.private.tcc.allow:

[Key] com.apple.private.tcc.allow
	[Value]
		[Array]
			[String] kTCCServiceAddressBook
			[String] kTCCServiceCamera
			[String] kTCCServiceListenEvent
			[String] kTCCServiceMicrophone
			[String] kTCCServiceScreenCapture
			[String] kTCCServiceSystemPolicyDownloadsFolder
			[String] kTCCServiceCalendar
			[String] kTCCServiceSystemPolicyAppData
			[String] kTCCServiceAppleEvents

I hope it is not the same behaviour for full disk access grant...

There is another simillar full disk access entitlement value, kTCCServiceSystemPolicyAllFiles, but Safari doesn't have this.

but this is not good for security...

While these Apple apps have these entitlements, other apps cannot obtain them without explicit permission from Apple. They need to be signed by Apple in order to receive these entitlements.

So, generally speaking, there is no way for them to access these permissions without prompting the user, unless they exploit some sort of vulnerability. If you find such a vulnerability, you should report it to the Apple Security Research website.

Maybe apple allows his own softwares

Indeed, I believe that's what's going on. Safari has some special entitlements, you can see them if you run the following command in Terminal: codesign -dv --entitlements - /System/Volumes/Preboot/Cryptexes/App/System/Applications/Safari.app.

The special entitlement that allows this kind of behaivor is com.apple.private.tcc.allow:

[Key] com.apple.private.tcc.allow
	[Value]
		[Array]
			[String] kTCCServiceAddressBook
			[String] kTCCServiceCamera
			[String] kTCCServiceListenEvent
			[String] kTCCServiceMicrophone
			[String] kTCCServiceScreenCapture
			[String] kTCCServiceSystemPolicyDownloadsFolder
			[String] kTCCServiceCalendar
			[String] kTCCServiceSystemPolicyAppData
			[String] kTCCServiceAppleEvents

I hope it is not the same behaviour for full disk access grant...

There is another simillar full disk access entitlement value, kTCCServiceSystemPolicyAllFiles, but Safari doesn't have this.

but this is not good for security...

While these Apple apps have these entitlements, other apps cannot obtain them without explicit permission from Apple. They need to be signed by Apple in order to receive these entitlements.

So, generally speaking, there is no way for them to access these permissions without prompting the user, unless they exploit some sort of vulnerability. If you find such a vulnerability, you should report it to the Apple Security Research website.

Safari microphone access
 
 
Q