tccutil

executablemacOS134.0 KBx86_64, arm64

Code signing utility — validates and manages digital signatures on macOS binaries

Validates code signatures on macOS executables and frameworks, verifying cryptographic signatures against trusted certificates stored in the Keychain. Accesses certificate data and signing identities to perform signature verification and management operations. Makes network connections to Apple's certificate validation and revocation check services. Processes multiple bundle identifiers and file paths during signature validation workflows.AI

Fingerprint

Platform: macOS
Type: executable
Arch: x86_64, arm64
Min OS: 26.1.0
SDK: 26.1.0
File Size: 134.0 KB
UUID: DED7FF5C-7527-322C-8723-EFA8432A0E24
Analyzed: 2026-04-07T05:21:11Z
CDHash: a856dcf76b94763c7eae581e77decd6d506a7236fc228125cdaa4fc3ce235067

Capabilities

SecurityKeychain, certificates, code signing

/System/Library/Frameworks/Security.framework/Versions/A/Security

Frameworks8

SystemExtensions(weak)CoreServices Foundation Security TCC libobjc.A.dylib libSystem.B.dylib CoreFoundation

Entitlements4

com.apple.private.system-extensions.tcctrue

com.apple.private.tcc.flag_managertrue

com.apple.private.tcc.manager.access.delete

com.apple.private.tcc.manager.access.read

kTCCServiceSystemPolicyAllFiles

Interesting Strings

Bundle IDs(9)

"com.apple.private.tcc.flag_manager 'com.apple.private.system-extensions.tcc )com.apple.private.tcc.manager.access.read0!+com.apple.private.tcc.manager.access.delete0 <key>com.apple.private.system-extensions.tcc</key>

File Paths(6)

/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation /System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation /System/Library/Frameworks/Security.framework/Versions/A/Security /System/Library/Frameworks/SystemExtensions.framework/Versions/A/SystemExtensions

URLs & Endpoints(4)

$http://crl.apple.com/codesigning.crl0 %http://www.apple.com/appleca/root.crl0 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">https://www.apple.com/appleca/0

Network Surface

Networking Frameworks

CoreFoundation Foundation

Endpoints(6)

Urlhttp://www.apple.com/DTDs/PropertyList-1.0.dtd">

Hostnamewww.apple.com

Urlhttp://www.apple.com/appleca/root.crl0

Urlhttp://crl.apple.com/codesigning.crl0

Hostnamecrl.apple.com

Urlhttps://www.apple.com/appleca/0

DNA Capability Vector

Location

0

Keychain

0

Network

0

Storage

0

Hardware

0

IPC

0

Analytics

0

Security

1

System

0

Behavioral Profile

URL Endpoints

4

Telemetry Strings

0

File Paths

6

Bundle IDs

9

IOKit Constants

0

Library Functions

0

Structural HashesSHA-256

Code12c063434580644ec18ad7bfce70c7ce04adc2b09689646cc4b68cd077f4b86c

Imports96a85052f7ca1ae5f37d35b6c701c070aa34626a188b618a868f202a7961a0c9

Frameworks70c478197b514ee62e68b6ea35a3078612ed778bce9f4011effe5613f468acbd

Classese3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Entitlementsa2ad9749a2b670a66c1f25ab8fdd9a339013659be9b609896ddd10b6f4b44e06

Symbols96a85052f7ca1ae5f37d35b6c701c070aa34626a188b618a868f202a7961a0c9

Static Libraries0 / 12 functions identified

Functions(12)

0x1000009c0sub_1000009c0

0x100000a04sub_100000a04

0x100000a84sub_100000a84

0x100000bd4sub_100000bd4

0x100000decsub_100000dec

0x100000ec0sub_100000ec0

0x100000edcsub_100000edc

0x100000f98sub_100000f98

0x100000facsub_100000fac

0x100001018sub_100001018

0x100001034sub_100001034

0x100001050sub_100001050

Imports37 symbols from 7 dylibs

libobjc.A.dylib12 libSystem.B.dylib10 CoreFoundation6 TCC4 SystemExtensions2

Exports1

_mh_execute_header0x0

Similar Binaries1,470 comparable

DataDetectorsLocalSources

MobileAssetEarlyBootTask

attach_automation_image

create_automation_image_overlay

automationmodetool

corebrightnessdiag