Check: APPL-14-002022
Apple macOS 14 (Sonoma) STIG:
APPL-14-002022
(in versions v1 r2 through v1 r1)
Title
The macOS system must disable Remote Apple Events. (Cat II impact)
Discussion
If the system does not require Remote Apple Events, support for Apple Remote Events is nonessential and must be disabled. The information system must be configured to provide only essential capabilities. Disabling Remote Apple Events helps prevent the unauthorized connection of devices, the unauthorized transfer of information, and unauthorized tunneling. Satisfies: SRG-OS-000080-GPOS-00048,SRG-OS-000096-GPOS-00050
Check Content
Verify the macOS system is configured to disable Remote Apple Events with the following command: /bin/launchctl print-disabled system | /usr/bin/grep -c '"com.apple.AEServer" => disabled' If the result is not "1", this is a finding.
Fix Text
Configure the macOS system to disable Remote Apple Events with the following commands: /usr/sbin/systemsetup -setremoteappleevents off /bin/launchctl disable system/com.apple.AEServer Note: Systemsetup with -setremoteappleevents flag will fail unless Full Disk Access to systemsetup or its parent process is granted. This requires supervision.
Additional Identifiers
Rule ID: SV-259495r941107_rule
Vulnerability ID: V-259495
Group Title: SRG-OS-000080-GPOS-00048
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000213 |
The information system enforces approved authorizations for logical access to information and system resources in accordance with applicable access control policies. |
| CCI-000382 |
The organization configures the information system to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services. |