Thanks for being a part of WWDC25!

How did we do? We’d love to know your thoughts on this year’s conference. Take the survey here

/usr/bin/shortcuts no longer works in 14.7.5 (23H527) ?

App & System Services Automation & Scripting
vessignon
vessignon OP
Created Apr ’25
Replies 2
Boosts 0
Views 77
Participants 2

I've been using /usr/bin/shortcuts for various tasks (eg. Quicksilver uses it to list and run shortcuts), and after updating from 14.7.4 to 14.7.5 the tool gets killed on startup. Eg. here is what it looks like in my shell:

❯ shortcuts list
zsh: killed     shortcuts list

(And this is regardless of whether I have "full disk access" or "developer tools" toggled on or off for iTerm.)

Looking at system logs it seems like the binary is missing an entitlement, which causes MACF / Gatekeeper to throw a fit:

2025-04-12 18:38:48.847576  kernel: mac_vnode_check_signature: /usr/bin/shortcuts: code signature validation failed fatally: When validating /usr/bin/shortcuts:
  in-kernel: com.apple.shortcuts.ShortcutsCommandLine disallowed without com.apple.private.security.restricted-application-groups
2025-04-12 18:38:48.847582  kernel: validation of code signature failed through MACF policy: 1
2025-04-12 18:38:48.847583  kernel: check_signature[pid: 2475]: error = 1
2025-04-12 18:38:48.847587  kernel: proc 95761: load code signature error 4 for file "shortcuts"
2025-04-12 18:38:48.847613  kernel: exec_mach_imgact: not running binary "shortcuts" built against preview arm64e ABI
2025-04-12 18:38:48.855481  syspolicyd: (Security) SecTrustEvaluateIfNecessary
2025-04-12 18:38:48.857970  syspolicyd: [com.apple.syspolicy.exec:default] GK evaluateScanResult: 2, PST: (path: /usr/bin/shortcuts), (team: (null)), (id: (null)), (bundle_id: (null)), 0, 0, 1, 0, 1, 1, 0evaluateScanResult: 2, PST: (path: /usr/bin/shortcuts), (team: (null)), (id: (null)), (bundle_id: (null)), 0, 0, 1, 0, 1, 1, 0

I used Time Machine to compare the binary's entitlements between 14.7.4 and 14.7.5, and looks like in 14.7.5 /usr/bin/shortcuts indeed is missing the com.apple.private.security.restricted-application-groups entitlement that 14.7.4 had. The old binary had these two entitlements that the new one doesn't:

	[Key] com.apple.private.security.restricted-application-groups
	[Value]
		[Array]
			[String] group.com.apple.shortcuts
			[String] group.is.workflow.my.app
			[String] group.is.workflow.shortcuts
	[Key] com.apple.security.application-groups
	[Value]
		[Array]
			[String] group.com.apple.shortcuts
			[String] group.is.workflow.my.app
			[String] group.is.workflow.shortcuts

Is there a sensible workaround for this (and by "sensible" I mean something that'd allow me to keep using the tool)?

(I already asked this on the support forums but I figured I might as well ask here too)

Replies  2
Boosts  0
Views  77
Participants  2
vessignon
vessignon OP
Apr ’25

Somebody replicated this on Sonoma, and apparently things work fine in Sequoia so this seems like a Sonoma-specific bug.

I've submitted feedback on this but frankly I'm not holding my breath on this getting fixed any time soon, so ideas for workarounds would be greatly appreciated – I basically just need shortcuts list and shortcuts run, and I'd be completely fine putting together some hacky Swift/ObjC/C tool if I knew which APIs to use (even if they're private)

0
stukey
stukey OP
Apr ’25

I am seeing the same issue on all of our Macs that have been updated to macOS 14.7.5. I have filed a bug report with Apple - FB17284964. Probably won't make any difference, but maybe they can fix it in 14.7.6.

0
/usr/bin/shortcuts no longer works in 14.7.5 (23H527) ?
First post date Last post date
 
 
Q