Security Bite: Apple addresses privacy concerns around Notification Center database in macOS Sequoia

Share via:


9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.


The privacy implications of Notification Center popups are well-known in the security forensics community. Whether a user likes it or not, macOS temporarily keeps a log of every notification received in a single plaintext database. This can include messages from applications like iMessage, Slack, Teams, and virtually anything else.

However, it now appears Apple has moved the Notification Center database in macOS Sequoia to address concerns.

If you are not using the macOS Sequoia developer beta, you can find your notifications in an SQLite database located at /private/var/folder. To access this, open Finder, press Shift + CMD + G, and then enter “/var/folder.” Inside, you will see two folders with random letters as their names. Inside each of these folders, you will find directories containing user (0), cache (C), and temporary (T) files. Click on the first folder, then “0,” and navigate to the com.apple.notificationcenter file. It’s here you’ll find the .db file.

When you double-click to open or run the “strings” command on this file, you’ll discover a heap of information, including binary data and “NS” class names, as well as your iMessages, file paths, Slack, X, Facebook, and any other notifications sent to Notification Center by an app or the system, all visible in plaintext.

If you don’t want to go through all those steps, you can quickly find your last notification from the com.apple.notificationcenter file by punching this command into Terminal:

DA=`getconf DARWIN_USER_DIR`; sqlite3 $DA/com.apple.notificationcenter/db2/db "select hex(data) from record order by delivered_date desc limit 1;" | xxd -r -p - | plutil -p -

The good news? Apple appears to have finally acknowledged that storing iMessage data in a folder without the user’s knowledge or consent isn’t the best practice.

First spotted by security researcher Csaba Fitzl (also known as “theevilbit” in the community) on Friday, macOS Sequoia moves the Notification Center database within Group Containers. Specifically under ~/Library/Group Containers/group.com.apple.usernoted/db2/db.

Unlike in private/var/folders (the current location), Group Containers are protected by TCC (Transparency, Consent, and Control) prompts. This includes iMessage data, which Apple considers private information. You’ve likely encountered these prompts before. TCC manages permissions related to various resources, such as allowing an application to use your Mac’s microphone or camera. In this case, it enhances privacy by ensuring that sensitive message content isn’t inadvertently exposed.

This is a great step by Apple toward protecting user privacy, especially when it comes to messages. Better [4 years] late than never.

FTC: We use income earning auto affiliate links. More.





Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Popular

More Like this

Security Bite: Apple addresses privacy concerns around Notification Center database in macOS Sequoia


9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.


The privacy implications of Notification Center popups are well-known in the security forensics community. Whether a user likes it or not, macOS temporarily keeps a log of every notification received in a single plaintext database. This can include messages from applications like iMessage, Slack, Teams, and virtually anything else.

However, it now appears Apple has moved the Notification Center database in macOS Sequoia to address concerns.

If you are not using the macOS Sequoia developer beta, you can find your notifications in an SQLite database located at /private/var/folder. To access this, open Finder, press Shift + CMD + G, and then enter “/var/folder.” Inside, you will see two folders with random letters as their names. Inside each of these folders, you will find directories containing user (0), cache (C), and temporary (T) files. Click on the first folder, then “0,” and navigate to the com.apple.notificationcenter file. It’s here you’ll find the .db file.

When you double-click to open or run the “strings” command on this file, you’ll discover a heap of information, including binary data and “NS” class names, as well as your iMessages, file paths, Slack, X, Facebook, and any other notifications sent to Notification Center by an app or the system, all visible in plaintext.

If you don’t want to go through all those steps, you can quickly find your last notification from the com.apple.notificationcenter file by punching this command into Terminal:

DA=`getconf DARWIN_USER_DIR`; sqlite3 $DA/com.apple.notificationcenter/db2/db "select hex(data) from record order by delivered_date desc limit 1;" | xxd -r -p - | plutil -p -

The good news? Apple appears to have finally acknowledged that storing iMessage data in a folder without the user’s knowledge or consent isn’t the best practice.

First spotted by security researcher Csaba Fitzl (also known as “theevilbit” in the community) on Friday, macOS Sequoia moves the Notification Center database within Group Containers. Specifically under ~/Library/Group Containers/group.com.apple.usernoted/db2/db.

Unlike in private/var/folders (the current location), Group Containers are protected by TCC (Transparency, Consent, and Control) prompts. This includes iMessage data, which Apple considers private information. You’ve likely encountered these prompts before. TCC manages permissions related to various resources, such as allowing an application to use your Mac’s microphone or camera. In this case, it enhances privacy by ensuring that sensitive message content isn’t inadvertently exposed.

This is a great step by Apple toward protecting user privacy, especially when it comes to messages. Better [4 years] late than never.

FTC: We use income earning auto affiliate links. More.





Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Website Upgradation is going on for any glitch kindly connect at office@startupnews.fyi

More like this

Matrimony.com Forays Into Online Job Market With ‘ManyJobs’

SUMMARY ManyJobs.com will target “grey collar” job seekers and...

Tesla says it has reached a ‘conditional’ settlement in...

Tesla and Rivian may have resolved a lawsuit...

FInd your lost wallet with your iPhone using SwitchBot...

I have an AirTag on my keychain to...

Popular

Upcoming Events

Startup Information that matters. Get in your inbox Daily!