General: DevForums subtopic: App & System Services > Core OS Core OS is a catch-all subtopic for low-level APIs that don’t fall into one of these more specific areas: Processes & Concurrency Resources Files and Storage Resources Networking Resources Network Extension Resources Security Resources Virtualization Resources Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com"

I've been running into lots of issues since I upgraded to 26.5 beta, spotlight doesn't work, mail index was broken and after deleting it I can't reindex my mail., after a while I get an error that reindexing failed and that I should relaunch that app and it will start over. It never succeeds Looking into the console, it seems that at least the mail issue, but also others system logging errors (trustd, coreduetd) are linked to corrupted sqlite databases. So I guess the sqlite version is a dud ?

While working on a heart rate measurement app (photoplethysmography via camera), we faced systematic err=-17281 (FigCaptureSourceRemote) issues on real devices starting from iOS 17+, and the problem became more noticeable after iOS 26. The error often appeared during AVCaptureSession initialization or when restarting capture, especially under high frame rates (30-60 FPS) and frequent foreground/background transitions. Root cause (our understanding): Camera hardware/session not fully released after previous use Race conditions between session teardown and new setup Changes in AVFoundation capture pipeline in recent iOS versions Our solution: Instead of blocking delays, we implemented asynchronous retry logic with explicit hardware readiness check via AVCaptureDevice.lockForConfiguration().

The most recent KDK for MacOS Sequoia that appears in the Downloads is for MacOS 15.5 (24F74), but the current version of MacOS Sequoia is 15.6 (24G84) and 15.7 (24G207) is in RC. Is there an ETA for the KDKs for 15.6 (24G84) and 15.7 (24G207) to be made available to download? Many thanks for any help.

We're developing a Mac App Store application that embeds the V8 JavaScript engine (via Electron). The application has shipped successfully on macOS 15.x with the following entitlements: com.apple.security.app-sandbox = true com.apple.security.cs.allow-jit = true com.apple.security.cs.allow-unsigned-executable-memory = true com.apple.security.cs.disable-library-validation = true On macOS 26 Tahoe, the exact same signed binary crashes deterministically within ~1.5 seconds on Apple Silicon with EXC_BREAKPOINT (SIGTRAP), ESR 0xf2000000. The crash is in V8's background JIT compilation thread when it attempts to manage memory page protections (transitioning pages between Read-Write and Read-Execute states via mprotect). The crash does not occur in these configurations: macOS 26 + App Sandbox + Intel x86_64 — works macOS 26 + Hardened Runtime (no sandbox) + ARM64 — works macOS 15.x + App Sandbox + ARM64 — works This appears to be a regression in how the XNU kernel handles mprotect calls for sandboxed processes on ARM64 under macOS 26, specifically in the context of the allow-jit entitlement. Has the behavior of allow-jit changed in macOS 26 with respect to runtime code generation memory management on ARM64? Is there a new API or entitlement that V8-style JIT engines should use instead of mprotect-based RW↔RX page transitions?

My MacBook Air M2 is connected to an external monitor. App windows keep switching screens every time I turn the screen off and then on again, which started happening after the new developer beta update. How can I fix this? Or is this a big I have to wait for to be fixed until the next update?

I cannot find anywhere in the documentation how to invalidate an FSItem. It seems to be cached indefinitely or am I missing something?

hi so i own a iphone 14 pro max and my battery life on it has been horrible since ios 26.4 and i want to install the public beta to see if it will fix it, however with my previous experiences from apple phones (iphone 4s) sometimes something can go horribly wrong and the baseband chip fries itself to the point where you cant get past recovery mode and get a restore error, im scared that this can happen to my iphone 14 pro max when installing ios beta. can that happen or am i just overthinking?

I am trying to find out about the availability of BLE scanning for advertisements when a watchOS app (on watchOS 26.4 with CoreBluetooth) which starts running a HKWorkoutSession becomes dimmed, ie. due to the user lowering their arm. From my understanding there is still availability for ongoing scanning whilst in the dimmed mode. If this is correct, what settings are required (e.g. using background capability for 'Workout Processing', 'bluetooth-central', etc), and does scanning whilst in background mode limit to requiring service uuids in scanForPeripherals? Also if scanning is throttled, is there an 'estimated' inter scan time? Thanks

Just wondering if anyone ran into this issue. I use NetFSMountURLSync for my application with which I allow the user to use a custom path as a mount point (instead of "/Volumes"). This has worked just fine for at least a decade now, but ... since the Tahoe 26.4 "update" mounting to a custom path only generates errors. Note: Mounting to "/Volumes" works correctly (mountpoint = NIL). Since I'm unaware of any changes; is this a bug introduced by Tahoe 26.4, or should I be using a different function to mount a network share?

We're trying to create 26.4 beta and RC VMs on 15.x and 26.3 host OS' without success. We see Tue Mar 17 17:27:36 40 anka.log (install) 45803: failed to install macOS: Error Domain=VZErrorDomain Code=10006 "Installation requires a software update." UserInfo={NSLocalizedFailure=A software update is required to complete the installation., NSLocalizedFailureReason=Installation requires a software update.} Yet, if we create it the same way on 26.4 beta host OS, it works. We've tried the usual tricks of installing latest Xcode and preparing it (accepting license, etc). But, they don't work on 26.3 and 15.x. What's the trick to get the creation of 26.4 to work on <= 26.3 host OS?

System-wide deadlock in removexattr from revisiond / APFS We're experiencing a deadlock on certains systems when our software is installed, which is causing side effects in our process (and likely others) such as blocked queues and increased memory usage. According to the spindump, revisiond appears to be holding an exclusive lock within the kernel. Process: revisiond [426] UUID: 5E9B9E04-984B-31AD-A4FF-A1A90B7D53A1 Path: /System/Library/PrivateFrameworks/GenerationalStorage.framework/Versions/A/Support/revisiond Codesigning ID: com.apple.revisiond Shared Cache: 25AE5A2A-FE2A-3998-8D4E-F3C5C6E6CEB6 slid base address 0x189834000, slide 0x9834000 (System Primary) Architecture: arm64e Parent: launchd [1] UID: 0 Sudden Term: Tracked Memory Limit: 50MB Jetsam Priority: 40 Footprint: 6225 KB Time Since Fork: 1740319s Num samples: 940 (1-940) Num threads: 5 Note: 1 idle work queue thread omitted [...] Thread 0xc0616d 940 samples (1-940) priority 46 (base 4) last ran 241692.754s ago 940 start_wqthread + 8 (libsystem_pthread.dylib + 7068) [0x189d0ab9c] 940 _pthread_wqthread + 292 (libsystem_pthread.dylib + 11852) [0x189d0be4c] 940 _dispatch_workloop_worker_thread + 692 (libdispatch.dylib + 85356) [0x189b65d6c] 940 _dispatch_root_queue_drain_deferred_wlh + 292 (libdispatch.dylib + 87156) [0x189b66474] 940 _dispatch_lane_invoke + 440 (libdispatch.dylib + 45048) [0x189b5bff8] 940 _dispatch_lane_serial_drain + 944 (libdispatch.dylib + 42420) [0x189b5b5b4] 940 _dispatch_client_callout + 16 (libdispatch.dylib + 113364) [0x189b6cad4] 940 _dispatch_call_block_and_release + 32 (libdispatch.dylib + 7004) [0x189b52b5c] 940 ??? (revisiond + 168768) [0x10494d340] 940 ??? (revisiond + 165940) [0x10494c834] 940 ??? (revisiond + 40264) [0x10492dd48] 940 ??? (revisiond + 56680) [0x104931d68] 940 <patched truncated backtrace> 940 removexattr + 8 (libsystem_kernel.dylib + 23768) [0x189cd1cd8] *940 ??? (kernel.release.t6000 + 15240) [0xfffffe000886fb88] *940 ??? (kernel.release.t6000 + 1886348) [0xfffffe0008a3888c] *940 ??? (kernel.release.t6000 + 7730436) [0xfffffe0008fcb504] *940 ??? (kernel.release.t6000 + 2759592) [0xfffffe0008b0dba8] *940 ??? (kernel.release.t6000 + 2808244) [0xfffffe0008b199b4] *940 apfs_vnop_removexattr + 1044 (apfs + 474512) [0xfffffe000be8d4d0] *940 decmpfs_cnode_set_vnode_state + 80 (kernel.release.t6000 + 2945816) [0xfffffe0008b3b318] *940 IORWLockWrite + 184 (kernel.release.t6000 + 496184) [0xfffffe00088e5238] *940 ??? (kernel.release.t6000 + 494624) [0xfffffe00088e4c20] *940 ??? (kernel.release.t6000 + 619452) [0xfffffe00089033bc] *940 ??? (kernel.release.t6000 + 624472) [0xfffffe0008904758] The bulk of the other processes are waiting for that lock. (suspended, blocked by krwlock for reading owned by revisiond [426] thread 0xc0616d) (blocked by krwlock for writing owned by revisiond [426] thread 0xc0616d) Around the time of the event, these messages were logged by revision: 2026-03-06 18:49:37.781673-0500 0x16b7 Error 0x7f92f364 426 14 revisiond: [com.apple.revisiond:default] [ERROR] CSCopyChunkIDsForToken failed for 41639 2026-03-06 18:49:37.781716-0500 0x16b7 Error 0x7f92f365 426 14 revisiond: [com.apple.revisiond:default] [ERROR] updateEntry for new entry <private> failed 2026-03-06 18:49:37.781738-0500 0x16b7 Error 0x7f92f366 426 14 revisiond: [com.apple.revisiond:default] [ERROR] no entry for '<private>' 2026-03-06 18:49:37.781754-0500 0x16b7 Error 0x7f92f367 426 14 revisiond: [com.apple.revisiond:default] [ERROR] failed assembleInfoForOffset for fsid 16777234 fileid 359684022 offset 0 size 14334 (path <private>) Our agent uses Endpoint Security Framework to monitor events, and provide anti-tamper functionality for installed components and processes. While several EndpointSecurity calls appear in the spindump stack traces, we don't have any evidence that any calls from revisiond were blocked. What we'd really like to to understand what that lock is (appears to be decompressing an object on an APFS volume), what revisiond and APFS are doing with it, and what might cause it to deadlock. Of note, one of our processes is also waiting on that lock, one thread for reading and the other for writing. This issue affects machines running several macOS versions (15.x, 26.x). The machine in the examples is running macOS 26.3 (25D125)

I'm experiencing an issue where the App Group shared container appears to be recreated (with a new creation date) during an app update, resulting in complete loss of locally stored data. Background My app uses UserDefaults, Realm, Core Data, and CloudKit, with all local data stored in the App Group container (FileManager.containerURL(forSecurityApplicationGroupIdentifier:)). The app has been available since 2016 and has a stable user base. Starting last year, I began receiving occasional reports from users saying all their data in the app had disappeared. To investigate, I added diagnostic logging that detects when an existing user's data appears to have been reset — specifically by checking the App Group container's file system creation date, and the existence and values of expected files. What the diagnostics revealed When the issue occurs, I observe the following: The App Group container has a recent creation date, far newer than the user's first launch date The Core Data store file's creation date is also immediately after the App Group container's recreation date I write the same values to both standard UserDefaults and the App Group version (UserDefaults(suiteName:)). Only the App Group version is reset — the standard side retains historical data The standard side still holds firstLaunchDate, initialVersion, and launchCount, confirming this is not a fresh install Here is a sample diagnostic log from an affected user: appGroupContainerCreationDate: 2026-03-30T18:44:10Z firstLaunchDate: 2025/01/05 4:00 initialVersion: 10.8.0 currentAppVersion: 10.14.14 previousVersion: 10.10.0 launchCount: 44 availableStorageMB: 46646 The container creation date (2026-03-30) is clearly inconsistent with the user's first launch date (2025-01-05) and launch count (44). The container creation date is obtained with the following code: let appGroupURL = FileManager.default.containerURL( forSecurityApplicationGroupIdentifier: "group.xxx.xxx" )! let attributes = try? FileManager.default.attributesOfItem(atPath: appGroupURL.path) let containerCreationDate = attributes?[.creationDate] as? Date Scale and pattern Reports began increasing in late November last year Over 85% of affected cases are on iOS 26 Most affected devices have plenty of available storage (46GB+ in the example above) This is likely occurring during a normal app update (not a fresh install or device restore) Ruled-out hypotheses Not a fresh install — firstLaunchDate, initialVersion, and launchCount are preserved in standard UserDefaults Not a storage issue — affected users typically have tens of GBs of free space, making it unlikely that iOS purged the data due to low storage Not an app-side code change — the App Group identifier and entitlements have not been changed Not triggered by silent notifications, background tasks, or widget activity — these processes do write to the App Group container, but the recreation does not appear to occur immediately after any of these operations Questions Has anyone else observed App Group containers being recreated (new creation date, empty contents) during a standard app update? Is there a known iOS behavior or bug that could cause this, particularly on iOS 26? Are there any recommended mitigations? Any insight would be greatly appreciated. This is a data loss issue affecting real users, and I'd like to understand whether this is an iOS-level problem or something I should be handling differently on my end.

We probably triggered a bug within Rosetta: https://github.com/docker/desktop-feedback/issues/230

Hello, How does macOS handle coexistence between multiple Transparent Proxy providers from different vendors if their network rules overlap and one provider modifies the traffic? Thank you in advance!

Hello, Is it possible for a Network Extension (running in its sandbox) to act as a client for an XPC service hosted by a Launch Daemon (e.g., to offload data processing)? Are there any specific sandbox restrictions or entitlement requirements for this type of XPC communication? Thank you in advance!

I'm building a freediving app for Apple Watch Ultra using the shallow depth entitlement (com.apple.developer.submerged-shallow-depth-and-pressure). My app uses WKExtendedRuntimeSession with the underwater-depth background mode, and it works correctly — the session starts, Water Lock activates automatically, and Crown hold water ejection ends the session as expected. However, the app does not appear in Settings > General > Auto-Launch > When Submerged on the watch. Other third-party apps (including one that hasn't been updated in ~2 years and presumably only has the shallow entitlement) do appear in this list. My configuration: WKBackgroundModes: ["underwater-depth", "workout-processing"] WKSupportsAutomaticDepthLaunch: true (Boolean, in watch app Info.plist) Entitlement verified in both the signed binary and provisioning profile watchOS 26.3, Apple Watch Ultra 2 Tested with: development build, TestFlight, and direct Xcode deploy. Watch restarted after each. The app does not appear in any case. The documentation at https://aninterestingwebsite.com/documentation/coremotion/accessing-submersion-data states: "Adding the underwater-depth Background Mode capability also adds your app to the list of apps that the system can autolaunch when the wearer submerges the watch." Does auto-depth-launch require the full depth entitlement (com.apple.developer.submerged-depth-and-pressure), or should the shallow entitlement be sufficient? Is there an additional step required for the app to appear in the When Submerged list? Any guidance appreciated.

Shouldn't it be supported? Also is there a way to disable spotlight indexing on a mounted folder? mds_stores is going wild on fskit volumes. mount -o nobrowse -t passthrough ~/Downloads ~/mnt alexf@MacBook-Pro-3 build % mount file:///Users/alexf/Downloads/ on /Users/alexf/mnt (passthrough, local, nodev, nosuid, noowners, noatime, fskit, mounted by alexf)```

We are trying to determine whether a third-party DriverKit HID dext can seize or intercept raw HID input reports from an external mouse through any top case–related path in the HID stack. Our dext is based on IOUserHIDEventDriver, and the goal is to receive raw input reports before they are translated into higher-level pointer events. Apple’s public HIDDriverKit documentation describes IOUserHIDEventDriver as the driver object responsible for dispatching pointer, digitizer, scrolling, and related HID-originated events, but it is not clear to us whether any “top case” path is actually exposed or supported for third-party matching in DriverKit. What we want to clarify is specifically about external mouse devices, not the built-in trackpad itself. Questions: Is there any officially supported way for a third-party DriverKit HID dext to bind through a top case–related path and receive raw HID input reports from an external mouse? Is “top case” something that third-party DriverKit drivers can meaningfully target for matching/attachment, or is it only an internal Apple implementation detail? If such a path exists, can it be used to seize raw reports before they are converted into higher-level pointer events? If not, what is the officially supported boundary for third-party DriverKit access to raw reports from external mouse-class HID devices? To be clear, we are not asking about synthesizing pointer events. We are asking whether a third-party DriverKit dext can directly observe or seize the original HID input reports from an external mouse by attaching through any top case–related portion of the HID stack. If “top case” is not a public DriverKit concept that third parties can target, confirmation of that would also be very helpful.

We are trying to intercept raw reports from the built-in MacBook haptic trackpad using a DriverKit IOUserHIDEventDriver dext. Our dext installs and activates successfully: OSSystemExtensionRequest finishes with result 0 systemextensionsctl list shows the dext as activated enabled the dext is embedded correctly in the app bundle However, it never attaches to the built-in trackpad IOHIDInterface. ioreg shows the built-in trackpad interface still matched only by Apple’s HID dext. We also observed that Apple’s own HID dext appears to use com.apple.developer.driverkit.builtin, while that entitlement is not available in our provisioning profile. Our dext specifically relies on: IOUserHIDEventDriver::handleReport(...) SetProperties() with kIOHIDEventDriverHandlesReport Questions: Is com.apple.developer.driverkit.builtin required for a third-party IOUserHIDEventDriver to match a built-in internal trackpad IOHIDInterface? Is that entitlement public/requestable, or Apple-internal only? At what stage is it enforced: activation, personality matching, provider attach, or before Start()? If builtin is not available to third parties, is there any officially supported way to receive raw reports from the built-in MacBook trackpad in DriverKit? Our conclusion so far is that activation succeeds, but provider binding to the built-in trackpad fails due to built-in-only authorization/matching.

We're seeing a sporadic crash (~2-3% of spawns) when launching a large Mach-O binary via posix_spawn(). The crash happens inside libsystem_malloc.dylib during __malloc_init, before any application code runs. The process never reaches main(). Environment: macOS 26.3.1 (25D2128), Apple Silicon (ARM64) Crash signature BUG IN LIBMALLOC: pointer range initial reservation failed, Abort Cause 3 #0 libsystem_malloc.dylib: xzm_main_malloc_zone_init_range_groups.cold.1 #1 libsystem_malloc.dylib: xzm_main_malloc_zone_init_range_groups #2 libsystem_malloc.dylib: xzm_main_malloc_zone_create #3 libsystem_malloc.dylib: __malloc_init #4 libSystem.B.dylib: libSystem_initializer #5 dyld: dyld4::Loader::findAndRunAllInitializers The binary It's a Chromium component-build test binary (browser_tests): ~1.5 GiB on disk, 5.54 GiB total VA footprint (__TEXT 517 MiB, __LINKEDIT 1.04 GiB, __PAGEZERO 4 GiB) Links 527 dylibs via @rpath All images span ~16.4 GiB of VA when loaded A simple loop that spawns this binary 200 times via posix_spawn() reliably shows 2-5 crashes. Spawning /bin/cat 1000 times produces zero failures. Investigation We did extensive analysis to understand the root cause: ASLR is irrelevant. We disabled ASLR using _POSIX_SPAWN_DISABLE_ASLR (flag 0x0100) and the failure rate is unchanged (~2% with or without). With ASLR disabled, the library addresses are identical across all crashes, confirming the VA layout itself isn't the problem. Plenty of free VA space is available. We compared the memory layout of crashing processes (from crash reports) with successful ones (via vmmap): In successful spawns, XZone places its MALLOC zones (SMALL, LARGE, metadata) in the large free regions after the loaded dylibs — for example at 0x784400000 and 0xD32000000, with 13-22 GiB contiguous free gaps available. In crashing processes, the same free regions exist (the image layout is identical), but xzm_main_malloc_zone_init_range_groups fails to reserve into them. Based on libmalloc/tests/memory_pressure.c, XZone needs 8 GiB for pointer ranges and 10 GiB for data ranges. The free gaps after the dylibs are far larger than this, yet the reservation sporadically fails. No workarounds exist. MallocNanoZone=0 has no effect (the crash is before zone configuration). The crash is entirely within system code. Questions Is this a known issue in XZone malloc on macOS 26.x? Is there any environment variable or entitlement that could work around this? Any guidance on what makes xzm_main_malloc_zone_init_range_groups fail non-deterministically when contiguous VA space is clearly available?