Menu
Zoom for Mac 4.6.9, which addresses scary security flaws, removes the disable-library-validation entitlement.
With the same release, Snap Camera, a virtual webcam app, stopped working.
I'm not familiar with the particular APIs you use to build a virtual webcam, but it looks like it involves CoreMediaIO plugins:
Creating a Virtual Webcam Device for OS X
> otool -L /Library/CoreMediaIO/Plug-Ins/DAL/SnapCamera.plugin/Contents/MacOS/SnapCamera
/Library/CoreMediaIO/Plug-Ins/DAL/SnapCamera.plugin/Contents/MacOS/SnapCamera:
libSnapCamera.dylib (compatibility version 1.0.0, current version 1.0.0)
/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation (compatibility version 150.0.0, current version 1452.23.0)
/System/Library/Frameworks/CoreMedia.framework/Versions/A/CoreMedia (compatibility version 1.0.0, current version 1.0.0)
/System/Library/Frameworks/CoreMediaIO.framework/Versions/A/CoreMediaIO (compatibility version 1.0.0, current version 1.0.0)
/System/Library/Frameworks/CoreVideo.framework/Versions/A/CoreVideo (compatibility version 1.2.0, current version 1.5.0)
/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation (compatibility version 300.0.0, current version 1452.23.0)
/System/Library/Frameworks/IOKit.framework/Versions/A/IOKit (compatibility version 1.0.0, current version 275.0.0)
/System/Library/Frameworks/IOSurface.framework/Versions/A/IOSurface (compatibility version 1.0.0, current version 1.0.0)
/usr/lib/libc++.1.dylib (compatibility version 1.0.0, current version 400.9.0)
/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1252.50.4)
Out of curiosity, I tried a couple other virtual webcams -- Iriun Webcam and EpocCam –- and they behave similarly. Both have CoreMediaIO plugins, and neither works with recent Zoom.
All three virtual cameras work in Microsoft Teams, which has the entitlement:
> codesign -d --entitlements :- /Applications/Microsoft\ Teams.app/ |grep valid
Executable=/Applications/Microsoft Teams.app/Contents/MacOS/Teams
<key>com.apple.security.cs.disable-library-validation</key>
They also work in Google Chrome (on this test page). It looks like at least one of Chrome's helpers has the entitlement:
codesign -d --entitlements :- /Applications/Google\ Chrome.app/Contents/Frameworks/Google\ Chrome\ Framework.framework/Versions/81.0.4044.92/Helpers/Google\ Chrome\ Helper\ \(Plugin\).app
Executable=/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/81.0.4044.92/Helpers/Google Chrome Helper (Plugin).app/Contents/MacOS/Google Chrome Helper (Plugin)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
<true/>
<key>com.apple.security.cs.disable-library-validation</key>
<true/>
</dict>
</plist>
I've also noticed that the plugin appears in Activity Monitor's Open Files and Ports for a couple processes belonging to Teams and Chrome. (/Library/CoreMediaIO/Plug-Ins/DAL/SnapCamera.plugin/Contents/MacOS/SnapCamera)
How do CoreMedia Virtual Webcam plugins work, and do they inherently conflict with Library Validation? (e.g., loading a library into the camera-using process in a way that's no longer permitted)
Is it no longer possible to create Virtual Webcams on MacOS without running afoul of Hardened Runtime?
Update 4/19: Zoom's changelog for 4.6.10 now says "Zoom has temporarily removed virtual camera support.". It'll be interesting see see if/how they reenable it. (perhaps limiting the entitlement to a helper process that's only used when needed?)
420
Use the Disable Library Validation Entitlement if your program loads plug-ins that are signed by other third-party developers. To add this entitlement to your app, first enable the Hardened Runtime capability in Xcode, and then under Runtime Exceptions, select Disable Library Validation.
To enable the Hardened Runtime for your app, navigate in Xcode to your target's Signing & Capabilities information and click the + button. In the window that appears, choose Hardened Runtime.
I had the same problem with Microsoft Skype for MacOS (8.61.0.95) on Catalina 10.15.5
I was able to fix this by going to
cd /Applications/Skype.app/Contents/Frameworks
and then removing the signatures for all the .app parts of Skype, i.e.
codesign --remove-signature Skype\ Helper.app
codesign --remove-signature Skype\ Helper\ \(GPU\).app
codesign --remove-signature Skype\ Helper\ \(Plugin\).app
codesign --remove-signature Skype\ Helper\ \(Renderer\).app
Afterwards, restart Skype.
Now in the Settings, when you select the Camera, you should see CamTwist and CamTwist (2VUY) appear.
Similar fix works with zoom:
codesign --remove-signature /Applications/zoom.us.app\
78
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
