Just in case, here is the reply from TAC: It looks like Apple is now restricting injection to iTunes completely in their latest update. We will be releasing a content update to address this (same as the policy below) but in the meantime, Please create the condition and policy manually to address this: to create a condition - login to the ESM console - go to Settings -> Conditions -> MacOS - click on the menu/hamburger icon . its a 3 short lines to the left of Rows where you select number or rows to display, then select Add - select Bundle ID for the condition type Name: iTunes > 12.6.0 Description: iTunes >12.6.0 Bundle ID: com.apple.iTunes version comparison: Greater than Version: 12.6.0 - click Save To create the policy - go to Policies -> Exploit ->Application Protection Modules -> MacOS - click on the hamburger/menu icon which looks like 3 short horizontal lines to the left of Rows where you select number of rows to display then click Add - select Dylib-Hijacking Protection , set Activation to OFF - Select ROP Mitigation, set Activation to OFF - under Processes tab, add itunes to the selected Processes list - under Conditions, add the condition created above to the Include list - name the policy under Name tab then click Apply Once the agent checks in, it should have the policy. Confirm if iTunes can now be launched.
... View more