These are considered security UI bugs. They are a subcategory of security bugs, since they result in users lacking control or awareness over permissions. If this were a Chromium bug it would get a CVE.
Apple Security would instantly close it as "don't see the problem here" if you reported it to them. They have a poor reputation around TCC bug reports.
It's very common for large companies to "close" or downplay vulnerabilities. That doesn't exempt researchers from responsible disclosure timelines. There have been plenty of instances where a company reverses course after some back & forth and the looming threat of going public.
There's another "security UI" issue in the latest macOS, that's been there for at least a few versions.
I go into "Privacy & Security", "Full Disk Access". A bunch of apps added themselves in there (Anki, Fission, Microsoft Autoupdate, WhatsApp), the toggle is disabled and I've never enabled it. Ok, whatever.
But when I go into "Files & Folders", and under those apps I see "Full Disk Access" in gray. Apps that have Full Disk Access toggled on look identical, with "Full Disk Access" in gray. What the hell am I supposed to make of that?
Is it a bug? Do they have full disk access? Is the UI trying to imply that those apps are solely controlled by the FullDisk toggle and are ineligible to request granular permissions for Desktop/Documents? Or that they are eligible, but haven't requested it? Or maybe they did request it, and I granted it, but I don't get to see it? Who knows?
That is really poorly worded by Apple, because if I understand it correctly, the "Files & Folders" list is just a list of apps that have requested Full Disk Access/FDA (or other locations).
It's really confusing that some of those settings can be toggled on/off, while the Full Disk Access is greyed out and can only be toggled under "Privacy & Security".
To add to the confusion, toggling FDA off just protects a few selected folders that Apple decided are extra sensitive, like:
Messages ~/Library/Messages
Safari browsing history ~/Library/Safari
Cookies ~/Library/Cookies
Identity services ~/Library/IdentityServices
Spotlight data ~/Library/Metadata/CoreSpotlight
Phone call history ~/Library/Application Support/CallHistoryDB
Facetime data ~/Library/Application Support/Facetime
TCC database ~/Library/Application Support/com.apple.TCC.db
"Normal" files and folders on your disk (including Desktop, Documents, Downloads, network volumes, and removable volumes) can always be accessed (even with FDA permission revoked!) after a simple prompt. [1]
> It’s one thing for the government to reject Anthropic’s terms—and entirely another to banish them permanently and, absurdly and punitively declare them a supply chain risk. Worse, they did it in favor of someone else who took pretty similar terms and happened to have given more campaign contributions.
Marcus is so overrated. He's not even good at straight factual reporting. The terms were not "pretty similar". He missed the whole point of the recent controversy.
> Anthropic deserves a chance at EXACTLY the same terms
This comment is so wrong. Trump's strikes won't "prevent" anything, it's domestic posturing to look tough. You cannot bomb your way into regime change.
> After the last war, it also is no longer a threshold state
That's also wrong. Trump claimed Iran's enrichment capabilities were totally destroyed, but they weren't.
> In this situation it is a fair request by the US to sign a nuclear deal
America already had a good deal. Trump got rid of it.
No it's not. This is an air strike campaign, no boots on the ground. It'll end in two weeks. There is no chance China or Russia get involved, like last time, so "WW3" is completely non-credible.
The previous campaign lasted a whole 13 days and WW3 didn't start. I'm not sure why anybody thinks it'll be different now or why Russia or China would bother going to war for Iran. That makes zero sense.
> The previous campaign lasted a whole 13 days and WW3 didn't start. I'm not sure why anybody thinks it'll be different now or why Russia or China would bother going to war for Iran. That makes zero sense.
We did not move 1/3 of operational USAF capacity and 33% of our deployable Navy for limited strikes.
Okay, and where's the army? I'm not sure what you're expecting without boots to put on the ground. Are the pilots gonna be ejecting to go hunt Khamenei? This argument is meaningless. Again, none of this can lead to WW3 and none of this can turn into a protracted war as in Ukraine-Russia.
You can stop when you have no idea what you're talking about, you know.
You seem like a Trump voter who voted for no more wars doing damage control
Boots on the ground can happen at any time if Iran manages to either hit one of the thousands of US assets in the region or worse they resort to terrorism with a theatrical attack like 9/11 which ended up costing so many lives , money and freedoms ranging from TSA literally up your ass to the destruction of privacy online and offline…..and of course as we all know boots on the ground
The big difference with previous campaign is that now, the Iranian regime is facing existential threat. While the previous war was more a of a show for respective domestic publics, this one feels like there is no coming back.
Of course Russia or China won't go to war for Iran - nobody is saying that. They can get involved though, just as Europe is involved in Ukraine war.
That is not to say bombing doesn't have its uses in war. The bombing of the oilfields of Ploesti in Romania severely damaged the German war machine. But it took Russian boots on the ground in Berlin to effect a German surrender.
Being Serbian, the bombing campaign of 1999. was successful. It lead to the (temporary, 12-years long) regime change, and to the de-facto independence of Kosovo. It ended the war.
There might be boots on the ground eventually given Trump's speech.
>The lives of courageous American heroes may be lost and we may have casualties. That often happens in war, but we’re doing this not for now. We’re doing this for the future, and it is a noble mission
Iran is hitting back at US bases so it could be related to those risks, rather than a full invasion.
(Crazy idea, maybe the people shouldn’t be left in the dark about their government’s war plans by having a deliberate legislative body debate and vote on it)
It's a sinister statement, but despite everything the U.S. has moved to the region, they didn't move the stuff they would need to move for ground operations.
I can't imagine feeling entitled to shove AI outputs in everyone's face on a user forum. It's predatory. They know no one wants it but they want to make a quick buck.
reply