
Apple Event sandboxing in macOS Mojave lacks essential APIs - felix_schwarz
https://www.felix-schwarz.org/blog/2018/06/apple-event-sandboxing-in-macos-mojave
======
djrogers
I can see a few problems here (launching the app seems a little carzy, but
there's gotta be a good reason for it, right?), but the inability to
'whiltelist' an app is _not_ one IMHO. Requiring explicit permissions for each
app receving events is a great thing, and would make it to trust an app like
RemoteBuddy.

Here's the thing, if Apple allows whitelisting an app, then every developer
will just request that level of access rather than per-app permissions even if
they don't need it "just in case". Eventually we wind up where we are today
with everything having permission to send apple events to everything.

Even if my dystopian whitelist fears aren't realized, those apps that do
regularly get whitelisted (or claim to require it) will become targets and
potential vectors for attack, as they are the most privileged apps on your
mac.

 __PS - and to the author, no need to exaggerate things. Just because your app
_can_ control 100+ apps doesn't mean your users are all using it to do that.
It seems perfectly reasonable to request approval for each app as they are
enabled/configured - if you're asking for apprval for all apps upfront that's
on you.

~~~
felix_schwarz
I'd like to clarify and elaborate on a few points:

1) I've made the argument that whitelisting apps should be possible. But not
that apps should be able to prompt for it like they do for a single app.

2) The existence of a whitelist option doesn't mean one needs to use it.
Approving target apps individually would still be possible.

3) Script Editor and Automator are "whitelisted" via private entitlements to
send Apple Events to any target without prompting.

Both apps (also thanks to entitlements) can also access the address book,
calendars and reminders without prompting.

As far as I can see, these privileges can't be stripped from the apps by the
user.

If an attacker were to look for apps worth targeting, why would he target
anything else but these two apps, made for executing code, with all their
(non-removable) permissions?

(Source: screenshots in
[https://twitter.com/felix_schwarz/status/1012291010863468544](https://twitter.com/felix_schwarz/status/1012291010863468544)
)

4) macOS Mojave adds an "Application Data" category to whitelist apps to
access all of the users files.

Including files that apps can't even prompt for access and are otherwise off
limits. Like f.ex. browser cookies.

It's another (needed) whitelist option that is far more permissive than an
Apple Event whitelist option would ever be.

5) I don't think I exaggerate things. I used "up to" in front of that number
to acknowledge that number as the upper limit, not the rule.

------
peterburkimsher
Your assertion that "these apps are a reason to keep buying Macs" is very
true, at least in my case. Along with MagSafe and USB iPhone syncing, it's one
of the things keeping me on the platform.

I taught myself AppleScript at age 13, to download text and put it on my iPod
as 1000 character noted. I remember when URL Access Scripting was removed, and
I started using curl instead.

I've also written many other scripts, such as diagonal selection in Excel, or
slide layout in PowerPoint.

I use a lot of Apple Events apps as well, such as BetterTouchTool.

Is there an alternative to AppleScript for Linux?

