The macOS system must disable Remote Apple Events.

STIG ID: APPL-14-002022  |  SRG: SRG-OS-000080-GPOS-00048 |  Severity: medium |  CCI: CCI-000213,CCI-000382 |  Vulnerability Id: V-259495 | 

Vulnerability Discussion

If the system does not require Remote Apple Events, support for Apple Remote Events is nonessential and must be disabled.

The information system must be configured to provide only essential capabilities. Disabling Remote Apple Events helps prevent the unauthorized connection of devices, the unauthorized transfer of information, and unauthorized tunneling.

Satisfies: SRG-OS-000080-GPOS-00048,SRG-OS-000096-GPOS-00050

Check

Verify the macOS system is configured to disable Remote Apple Events with the following command:

/bin/launchctl print-disabled system | /usr/bin/grep -c '"com.apple.AEServer" => disabled'

If the result is not "1", this is a finding.

Fix

Configure the macOS system to disable Remote Apple Events with the following commands:

/usr/sbin/systemsetup -setremoteappleevents off
/bin/launchctl disable system/com.apple.AEServer

Note: Systemsetup with -setremoteappleevents flag will fail unless Full Disk Access to systemsetup or its parent process is granted. This requires supervision.
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.