Overview

"Privilege separation" is one of the "two main reasons to use XPC services" given by https://developer.apple.com/library/archive/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CreatingXPCServices.html — With traditional applications, if an application becomes compromised through a buffer overflow or other security vulnerability, the attacker gains the ability to do anything that the user can do. To mitigate this risk, Mac OS X provides sandboxing—limiting what types of operations a process can perform. […] Each XPC service has its own sandbox, so XPC services can make it easier to implement proper privilege separation. The idea (iiuc) being that if the main process is compromised, the spicier operations have been separated out to a separate process space, and this improves the security of the system. But if the main process is compromised, and that main process is trusted by the more-privileged XPC service, is not the system still compromised in practice? That is rather than the exploit being: exploit some vulnerability gain arbitrary code execution do something naughty isn't the same still possible with just one extra step: exploit vulnerability arbitrary execution ask the XPC service nicely… …to do something naughty?

Hello, I am seeking assistance regarding my organization's enrollment. My enrollment ID is DAJ7B62DSR. After providing all requested documents (Government ID, Articles of Incorporation, and EIN), my case was recently escalated to an internal team (Case: 102888036786). However, we are facing significant delays in launching our financial services app. Could an Apple representative please look into this or provide guidance on how to expedite the final review? We have strictly followed all D-U-N-S and legal requirements. Thank you.

We have submitted an enrollment request and cannot see the status. I cannot submit a support ticket as it is throwing a javascript exception. Unable to contact support or view status. Enrollment ID is F5T6HL5534

The sleep app on my Apple Watch is constantly getting the bedtime wrong. It averages in every nap or if I nod off in my chair, so the resulting moving average is always way off. There should be an ability to edit the bad data entries.

Untuk membuka Blokir BRImo Anda bisa menghubungi Call Center BRl melalui Chat WhatsApp ( 0897 6686 161 ) atau 140017 Melalui aplikasi BRImo Anda bisa lupa Username atau Password pada halaman login Aplikasi BRlmo.

Watch is no longer capturing biometric data. No sleep, HR, or SPO2, steps and activity after downloading 26.5 watchOS beta. Reset watch and was not able to resolve the issue.

as of this posting, chdir(2) is now following symbolic links. As per the man page, this IS NOT what it is supposed to do. This is a recent change as of 5/13/26

Hi, I experiment by creating and compiling a lot of CoreML models and I have the issue that this causes a lot of disk usage, but when I try to delete everything (I search in the disk for possible CoreML cache directories) the disk space is not actually freed up. This is a picture of my disk usage according to what is shown inside of Settings>General>Storage and the Disk Utility app. I am running on macOS 15.7.5

Markup Tool: Support for persistent tool presets (color, stroke, fill settings) I use Markup heavily for work — up to 20 images per day, always with the same settings: red arrow or rectangle, no fill, specific stroke width. The problem has two parts: Part 1 – Markup resets everything: Every time Markup is opened, all settings reset: tool, color, fill, stroke width. This means 3–4 manual steps per image, adding up to 80 unnecessary interactions per day. Part 2 – The default red is unusable: The red in Apple’s color palette is muted and too pale for clear, high-contrast annotations. I have to open the color wheel every single time to manually select a proper, vivid red. The copy/duplicate workaround only helps within one image — as soon as a new photo or screenshot is opened, everything starts over from scratch. Markup has no memory between different images. Switching to a third-party annotation app is not a solution — the entire advantage of Markup is its native integration directly within the Photos app, without switching apps. And Markup cannot be configured in depth through Shortcuts either — color, fill, and stroke width are not controllable there. The attached images: Image 1 shows the entry point in the Photos app. Image 2 shows Markup open with the current color palette. The blue-outlined fields do not indicate colors to be replaced — they mark the position where personally configured tool presets should appear: not individual colors, but fully pre-configured tools with color, stroke width, and fill setting already saved, ready to use with a single tap. My suggestion: Tool presets — configure once, saved permanently, available directly in the Markup toolbar. No need to re-configure color, fill, or stroke width for every new image. iOS already remembers last-used settings in many areas: camera mode, emojis, colors in Notes, Pages, and Keynote. Markup behaves as if it’s being opened for the first time, every time. This inconsistency costs me measurable time every single day.

Just found a simple typo you might want to fix:

Platform and Version Platform: iOS iOS Version: 17.0+ Development Environment: .NET MAUI (C#, .NET 9) Network Layer: HttpClient with HttpClientHandler Description of the Problem We are facing an issue where HttpClientHandler.ServerCertificateCustomValidationCallback is not being invoked when the app is in a terminated (kill) state. In normal app lifecycle states (foreground/background), the callback is triggered as expected and allows us to handle server certificate validation (e.g., for certificate pinning or custom validation logic). However, when the app is in a killed state and is relaunched due to a notification action, the callback does not execute. We would like to understand: Why ServerCertificateCustomValidationCallback is not invoked in this scenario Whether this behavior is expected within iOS networking/runtime constraints Any recommended approach or workaround to ensure certificate validation still occurs when handling notification-triggered flows from a terminated state Steps to Reproduce Ensure the app is force-terminated (kill mode) Configure a push notification with category: "INVITE_CATEGORY" Include custom notification action buttons Tap one of the custom actions This triggers app launch and network call using HttpClient Expected Behavior ServerCertificateCustomValidationCallback should be invoked during the network request initiated after tapping the notification action, allowing custom certificate validation.

I have started to have issues with SwiftUI previews of iOS apps with projects under the Documents folder. I have experimented that in Xcode 26.4 and I am still seeing it in 26.5. The error is: Cannot preview in this file. Failed to launch xyz.abc.TestApp Looking at the diagnostics, Xcode gets a permission denied error when trying to open /Users/me/Documents/path/to/TestApp/DerivedData/TestApp/Build/Intermediates.noindex/TestApp.build/Debug-iphonesimulator/TestApp.build/Objects-normal/arm64/ContentView.1.preview-thunk-launch.o Error details below. Note that I have set DerivedData folders relative to the projects' roots. Additional information: I get errors on freshly created iOS projects, just trying to preview the default ContentView. Xcode has full disk access set in System Preferences > Privacy & Security. I have cleaned build folders, deleted the simulators, Xcode itself, cleared various caches, restarted and reinstalled Xcode to no avail. Checking Editor > Canvas > Use Legacy Previews Execution did not fix it either. Apps run fine in Simulator. System info: macOS 26.4.1, Xcode 26.5 (17F42), MacBook Pro M1 and Mac Studio M2 Max. I have found two ways to fix the problem while keeping DerivedData relative to the project's root: create the project in some other “unprotected” directory (/Users/me/Developer in my case), or uncheck Editor > Canvas > Automatically Refresh Canvas. Either way makes previews work again. Possibly related: SwiftUI preview not working in Xcode 26 when “Automatically Refresh Canvas” is enabled Xcode 13.2.1 - Simulator works, Preview doesn't Excerpt from diagnostics: | | [Remote] JITError | | | | ================================== | | | | | [Remote] CouldNotLoadInputObjectFile: Could not load object file during preview: /Users/me/Documents/TestApp/DerivedData/TestApp/Build/Intermediates.noindex/TestApp.build/Debug-iphonesimulator/TestApp.build/Objects-normal/arm64/ContentView.1.preview-thunk-launch.o | | | | | | path: /Users/me/Documents/TestApp/DerivedData/TestApp/Build/Intermediates.noindex/TestApp.build/Debug-iphonesimulator/TestApp.build/Objects-normal/arm64/ContentView.1.preview-thunk-launch.o | | | | | | ================================== | | | | | | | [Remote] XOJITError | | | | | | | | XOJITError: '/Users/me/Documents/TestApp/DerivedData/TestApp/Build/Intermediates.noindex/TestApp.build/Debug-iphonesimulator/TestApp.build/Objects-normal/arm64/ContentView.1.preview-thunk-launch.o': Operation not permitted

I am developing a library called MemoryCryptor for macOS. Its purpose is to protect sensitive data of the calling process (including launchd daemons), e.g. user passwords and other secrets, from being written to disk or read directly by debuggers or malware. This is a mandatory security requirement from our internal Security Team. On Windows we rely on DPAPI, which stores a per‑process cryptographic key outside the calling process’s address space, ensuring that key material and ciphertext never coexist in the same memory space. I have evaluated the following macOS options, but each presents limitations for our threat model: Secure Enclave (CryptoKit.framework). Keys generated using the Secure Enclave are not bound to the creating app. The dataRepresentation of a PrivateKey resides in the caller’s memory, allowing another process that can read a memory dump on the same machine to decrypt the data. Keychain API. Keys are always loaded into the calling process’s address space before any cryptographic operation, exposing them to memory‑dump attacks. Separate helper via XPC. While this could isolate key material, it requires full control of IPC implementation - plaintext may remain in the implementation's internal buffers. Given these constraints, are there any macOS‑native mechanisms or recommended architectures that allow us to keep cryptographic keys completely out of the calling process’s memory while still performing encryption/decryption on behalf of that process? Any guidance, best‑practice references, or alternative APIs would be greatly appreciated. Thank you for your assistance.

Hi! I would like to overlay a macOS application window above all windows, even when moving spaces or moving to a fullscreen app, similar in function to the DropOver app for macOS. What I have tried: Overwriting the default app delegate in SwiftUI and creating the NSWindow myself. Then setting the window.collectionBehavior to [.canJoinAllApplications, .canJoinAllSpaces, .fullScreenAuxiliary] and the window.level to .floating or .statusBar. This works for moving between Spaces, but still does not display above apps in fullscreen mode. I also registered a notification observer for NSWorkspace.activeSpaceDidChangeNotification, where I call window.orderFrontRegardless() to always have my window frontmost. Still not displaying above fullscreen apps. What am I missing to make this work? Best regards

HI, Following up on this thread, the situation has escalated significantly. After my app was stuck in review for nearly 2 months, I received a Pending Termination Notice on my entire developer account citing section 3.2(f), concept or feature switch schemes. All of my apps have been removed from the App Store, including apps that were already live and had not been submitted or modified in any way. The notice states that automation may have been used as part of the review process, and I received the exact same notice for every single app on my account, which suggests this was a blanket automated action rather than a specific finding per app. I have already submitted individual app appeals and a full account reinstatement request through the official channels. I am an independent developer based in France under the Small Business Program and this account represents years of work. I would kindly ask if this can be looked into and escalated to the appropriate team. I am happy to provide any information needed. THANK YOU

Hello, does anyone have experience using Apple Vision Pro in countries where it has not yet been officially released? I work for a company in Austria, and we are interested in developing internal XR applications for Vision Pro. Since the device is not officially available in Austria, we are considering purchasing it in Germany. My main question is whether it is possible to develop and test Vision Pro apps using an Austrian Apple ID / developer account, or if there are any regional restrictions we should be aware of (e.g., related to App Store access, provisioning, or device functionality). Apple Support was unfortunately unable to provide a definitive answer and recommended asking here. Any insights or experiences would be greatly appreciated. Best regards, Don Appelonie

Hello, does anyone have experience using Apple Vision Pro in countries where it has not yet been officially released? I work for a company in Austria, and we are interested in developing internal XR applications for Vision Pro. Since the device is not officially available in Austria, we are considering purchasing it in Germany. My main question is whether it is possible to develop and test Vision Pro apps using an Austrian Apple ID / developer account, or if there are any regional restrictions we should be aware of (e.g., related to App Store access, provisioning, or device functionality). Apple Support was unfortunately unable to provide a definitive answer and recommended asking here. Any insights or experiences would be greatly appreciated. Best regards, Don Appelonie

I have a question. After how many days in the “Waiting for Review” status should I conclude that there is an issue with my app review request and contact the support team?

According to our crash analytics, the application crashes when trying to share a PDF file in the UIDocumentInteractionController. This crash takes place on iOS 26+ only. Based on analytics, user sessions end when the pdf file is opened in the UIDocumentInteractionController. We couldn't reproduce it on a physical device or a simulator. Can you please help with a fix or at least workaround for this issue? What's your opinion for bug localization (application or framework)? Crash log is attached below. CoreFoundation __exceptionPreprocess + 164 libobjc.A.dylib objc_exception_throw + 88 CoreFoundation -[__NSArrayM insertObject:atIndex:] + 1276 ShareSheet __79-[SHSheetActivityItemsManager loadItemProvidersForRequest:activity:completion:]_block_invoke + 972 ShareSheet __79-[_UIShareServiceActivityProxy _loadItemProvidersFromActivityItems:completion:]_block_invoke + 88 ShareSheet __74+[UIActivity _loadItemProvidersFromActivityItems:withCacheURL:completion:]_block_invoke_4 + 352 libdispatch.dylib _dispatch_call_block_and_release + 32 libdispatch.dylib _dispatch_main_queue_drain.cold.5 + 812 libdispatch.dylib _dispatch_main_queue_drain + 180 CoreFoundation __CFRunLoopRun + 1944

Hello Apple Review Team and Community, I hope this message finds you well. I am reaching out regarding our app (Apple ID: 6743547441), which has been stuck in the "Pending Review" status since May 5th — now more than 8 days with no updates or feedback. I fully understand that review times can vary and that the queue may currently be experiencing higher-than-usual volume, and I truly appreciate the hard work the review team puts in. I am not looking to escalate — I simply want to make sure everything is in order on our end. Could anyone kindly help confirm whether: There is a specific issue or blocker with this submission that requires our attention Any additional information, documentation, or clarification is needed from our side Or whether the app is simply still awaiting reviewer assignment We are happy to provide any further details or make any necessary adjustments as quickly as possible. Thank you so much for your time and support. We look forward to hearing from you. Best regards