macOS TCC consent audit Surfaces silent, persistent grants in the Transparency / Consent / Control database (T1-T5).
Apple's TCC database is macOS's per-app privacy permission system. A compromised TCC entry gets an app silent, permanent capability to read Camera / Mic / Screen / Full Disk / inject synthetic events — no prompt, no UI. The 2022-2025 CVE record (CVE-2022-26721, CVE-2022-26726, CVE-2024-27821, CVE-2024-44170) plus the entire commercial-spyware family (Pegasus / Predator / OSX-Cocyer / JaskaGO / XCSSET) routes its persistence through TCC.
How it works
The TCC collector (digger.collectors.macos.tcc)
already runs as part of digger collect; it reads both
the system DB (/Library/Application Support/com.apple.TCC/TCC.db,
requires Full Disk Access) and the per-user DB
(~/Library/Application Support/com.apple.TCC/TCC.db) in
immutable=1&mode=ro mode so the live browser never
locks. MacosTccDetector consumes the emitted Artifacts
and emits findings.
Skip rules
- Apple clients (bundle IDs
com.apple.*, paths under/System/,/usr/libexec/,/sbin/, etc.) — first-party. KNOWN_GOOD_BUNDLE_IDSallowlist: Zoom, Slack, 1Password, Loom, Bartender, Raycast, Alfred, CleanShot, Linear, Docker, Parsec, UTM, Cyberduck, Warp, Continue, Cursor, Brave, Arc, Firefox, Chrome, VS Code, GitHub Electron, Anthropic Claude, Perplexity, ChatGPT, CleanMyMac, WeChat.- Operators extend via
DIGGER_TCC_TRUSTED_CLIENTS(comma-separated bundle IDs). auth_valuenot in (Allowed, Allowed-limited) — emits nothing.- Non-dangerous services (MediaLibrary etc.) — emits nothing.
Detection layers (T1–T5)
| ID | Severity | What it catches | MITRE |
|---|---|---|---|
| T1 | high | FullDiskAccess (or per-folder Documents/Desktop/Downloads/NetworkVolumes/RemovableVolumes/SysAdminFiles) granted to non-Apple, non-allowlisted client. Credential-harvesting + cloud-token-theft vector. | T1543.001 |
| T2 | critical | Accessibility / PostEvent / ListenEvent granted to non-Apple client. Synthetic-event-injection / keylogger / drive-other-apps primitive — the canonical macOS spyware signature. | T1056.001 |
| T3 | critical | Allowed grant to binary in suspicious path: /tmp, /Users/Shared, /private/var/folders, /Library/Caches, /.Trash, /Downloads, /private/tmp. | T1543.001 |
| T4 | high | ScreenCapture / Camera / Microphone / AppleEvents / ContactsFull granted to non-Apple client. | T1113 / T1125 / T1123 / T1559.001 / T1087 |
| T5 | critical | User-DB has Allowed grant that system-DB lacks for same client — the direct-write TCC.db bypass shape (CVE-2022-26726 / CVE-2024-27821 / XCSSET / Shlayer / JaskaGO). | T1543.001 |
No new CLI needed
The existing macos.tcc collector already runs as part
of digger collect; the detector runs at
digger scan time. To restrict collection:
$ digger collect --case-dir /tmp/case --only macos.tcc
$ digger scan --case-dir /tmp/case