Privileges 2.0.0

Changes

• Privileges now uses a unified expiration interval. So whether you request privileges using the application, the Dock Tile, or the command-line tool, they all have the same expiration interval, and administrator privileges expire after the time you configured.
• Touch ID is now also available in the command line tool. This makes using it more convenient, even in environments with complex password requirements.
• Administrator privileges can now be automatically revoked at login, so users can always be sure to start as a standard user.
• An application or a script can be executed whenever privileges change. This allows you to create custom workflows that fit perfectly in your environment.
• Privileges can now call a webhook whenever privileges change. This allows administrators to set up complex workflows and seamlessly integrate Privileges into their existing landscape.
• AppleScript can now be used to get information about the status of the current user's privileges. Especially for scripts, this new feature makes it easier than ever to determine if a user has administrator privileges and when they expire.
• Privileges now comes as a signed and notarized macOS installer package to make the deployment of the app easier than ever before.
• Localized in 40 languages, to make it even more useful for a wider audience.
• Stunning new app icon.

Privileges 2.0.0 runs on macOS 11 or newer.

Privileges 1.5.4

Changes

• Includes security updates to address CVE-2023-40307.

For additional details, please see the following security advisory:

Privileges Memory Corruption (Out-of-bound write)

Privileges 1.5.4 has been tested and verified to run on the following OS versions:

• macOS 11.7.9
• macOS 12.6.8
• macOS 13.5.2
• macOS 14 beta 7

Privileges 1.5.3

Changes

• Added support for the following keys associated with the ReasonRequired key:

  • ReasonMaxLength
  • ReasonPresetList

For more details, please see the Managing Privileges documentation in the wiki.

The following issues were addressed as part of this release:

• 15
• 27

Privileges 1.5.3 has been tested and verified to run on the following OS versions:

• macOS 10.12.6
• macOS 10.13.6
• macOS 10.14.6
• macOS 10.15.7
• macOS 11.6.7
• macOS 12.4
• macOS 13 beta 1

Note: Xcode 13.2 or later is required to build Privileges 1.5.3 from source.

Privileges 1.5.2

Changes

• Added support for macOS Big Sur
• Added support for the DockToggleMaxTimeout key,

Privileges 1.5.2 has been tested and verified to run on the following OS versions:

• macOS 10.12.6
• macOS 10.13.6
• macOS 10.14.6
• macOS 10.15.7
• macOS 11.0.1

Note: Xcode 12.2 or later is required to build Privileges 1.5.2 from source.

Privileges 1.5.1

• Fixed an issue where an unauthorized application could talk to the Privilege Helper tool (also partly addressed in 1.5.0.)
• Fixed an issue where an unauthorized application could elevate privileges beyond what Privileges has been designed for (also addressed in 1.5.0.)
• Further improved XPC security to make sure an unauthorized application cannot talk to the Privilege Helper tool.
• Fixed an issue introduced in version 1.5.0 where the Dock Tile did not behave as expected if the key RequireAuthentication has been used.

Privileges 1.5.1 has been tested and verified to run on the following OS versions:

• macOS 10.12.6
• macOS 10.13.6
• macOS 10.14.6
• macOS 10.15.3

We would like to acknowledge the assistance of Csaba Fitzl (@theevilbit) with identifying vulnerabilities in previous versions of Privileges and verifying that they are resolved.

Privileges 1.5.0

Changes

• The Privileges app is now sandboxed.
• Added VoiceOver support to make the app accessible to people with visual impairments.
• Added a managed preference key RequireAuthentication which makes Privileges require user authentication (password or TouchID) before granting admin rights.
• Added the managed preference keys LimitToUser and LimitToGroup which allows to limit the usage of Privileges to a certain user or user group.
• Added the managed preference keys ReasonRequired and ReasonMinLength. You may use these keys to ask the user for a reason for becoming an admin user (and specify a minimum number of characters the user must enter.)
• Added a managed preference key RemoteLogging which allows to configure a remote syslog server, Privileges should send a log message to, whenever a user changes admin rights. No local forwarder needed.
• Added a new argument --status to PrivilegesCLI what makes the tool return if the current user has admin rights or not.
• Updated the icons to fit the Catalina icon appearance.
• Privileges is now completely localized (even the menus and the preferences window).
• Fixed an issue which allowed a user to bypass managed preference restrictions by running an older version of Privileges or PrivilegesCLI.
• Fixed an issue that occurred if EnforcePrivileges has been set to none and made the app not work as expected.
• Fixed an issue where an unauthorized application could talk to the Privilege Helper tool.
• Fixed an issue where an unauthorized application could elevate privileges beyond what Privileges has been designed for.

Privileges 1.5.0 has been tested and verified to run on the following OS versions:

• macOS 10.12.6
• macOS 10.13.6
• macOS 10.14.6
• macOS 10.15.3

Privileges 1.0.5

Privileges 1.0.5 has been tested and verified to run on the following OS versions:

• macOS 10.12.6
• macOS 10.13.6
• macOS 10.14.6
• macOS 10.15.1

The new management options for Privileges 1.0.5 and later have also been tested and verified to work on the OS versions listed above.

Privileges 1.0.3

First release of Privileges.app as an open-source application.

Privileges 1.0.3 has been tested and verified to run on the following OS versions:

macOS 10.12.6
macOS 10.13.5
macOS 10.13.6
macOS 10.14.0 beta 2