ISSCloud - Information Systems Solutions

isscloud

macOS security and com.apple.quarantine extended attribute

macOS security and com.apple.quarantine extended attribute

Apple offers one of the most advanced operating systems out there: macOS. With security and privacy in its core, it comes with a number of system protection services such as Gatekeeper runtime protection, the built-in System Integrity Protection (SIP), and others. While Apple Software, Apple installers and apps from the App Store are already cleared and work with these systems, other apps may not be so compliant.

It may happen on rare occasion when downloading bundled macOS apps from the internet, that when running the app for the first time it gets blocked and nothing happens. It may be so that it got the com.apple.quarantine extended attribute added to it for protection.

Applications blocked by having the com.apple.quarantine extended attribute may not show the “Allow” option on System Preferences > Privacy. Instead, they are silently blocked.

Checking for the com.apple.quarantine extended attribute:

To check if the application you’re trying to run is being blocked by this attribute, you should use the xattr command:

xattr /path/to/application.app

If the com.apple.quarantine extended attribute has been added, it will display when running the command:

user@host ~ % xattr /path/to/application.app
com.apple.quarantine
user@host ~ % Code language: Shell Session (shell)

Clearing the com.apple.quarantine extended attribute

To remove the com.apple.quarantine extended attribute from the application, you should use the following command:

sudo xattr -r -d com.apple.quarantine /path/to/application.app

By using this command you’re removing the com.apple.quarantine extended attribute from the application. The -r flag removes the attribute recursively from all files inside the application, and the -d flag indicates the given attribute is to be removed.

Please be aware:

Use the provided commands wisely. macOS is one of the most robust operative systems out there, and apps signed by Apple or identified Developers are not blocked by the operative system and are not added to quarantine. Allowing unsigned or unknown apps on your Mac is a security risk and should not be taken lightly, as it may damage your system. Use at your own risk.

Facebook
Twitter
LinkedIn
Picture of Ricardo Mendes

Ricardo Mendes

Ricardo is a Senior Systems Administrator and Consultant at ISSCloud, after +10 years working in Private Telecom. He enjoys writing about Technology, Security & Privacy.

Leave a Reply

Your email address will not be published. Required fields are marked *