iTunes firewall issue and solution

iaian7 » blog   John Einselen, 12.01.17    

Every time you open iTunes…

Do you want iTunes to accept incoming network connections?

Helpful hint: if iTunes demands network access every time it opens, after you’ve told it repeatedly and exasperatedly “Yes! Why won’t you listen!” it might be left over corruption from that time when you used CandyBar to customise icons 5 years ago. Yes, iTunes and even the OS have been updated eleventy-thousand times since then. Yes, you uninstalled CandyBar years ago when the OS updates destroyed support anyway. And yeah, the icon isn’t even customised right now. Yet the icon backup files have somehow been maintained within the iTunes app, which means it fails Apple’s signing process, which means it fails the firewall security requirements, which means you have to re-allow access every time you open it.

And by “you” I mean “me.”

The double-check solution

But maybe the foundational problem is completely different for you. I don’t know your life. Run the following command in Terminal and it’ll tell you exactly what’s wrong:

codesign -vvv /Applications/iTunes.app

This gives you “very very verbose” output on the app signature (I actually have no idea if that’s what it actually means, but -v doesn’t give much of anything, and -vv only tells you if it passed or not). After a good number of lines, it’ll probably say something like the following:

/Applications/iTunes.app: a sealed resource is missing or invalid
file added: /Applications/iTunes.app/Contents/Resources/CandyBar.plist
file added: /Applications/iTunes.app/Contents/Resources/iTunes.icns.backup.icns
file added: /Applications/iTunes.app/Contents/Resources/iTunes.icns.candybarbackup

I opened the app bundle, found the offending files, deleted them (which required my admin password, since I was modifying sacred Apple property), and everything was suddenly fine. Running the codesign command again showed that the app bundle passed with flying colours, and OSX no longer asks for network permission confirmation every time I open iTunes.

Or take the easy road

You could, of course, simply delete the iTunes app bundle in your /Applications/ folder and re-download it from Apple. Preferences, music, movies, and other media are all stored elsewhere, so outside of you-should-really-have-a-backup-anyway, there’s not a shred of danger in doing so.

Already broken again?

If the problem comes back, there’s probably something on your computer that’s still actively modifying the iTunes app bundle. Thankfully it appears my last.fm client of choice doesn’t interface directly into iTunes, so I should be ok, but you’ll have to do your own research here (taking the double-check route above will help).

If the problem is especially onerous, it’s probably best to start scanning for malware. Yes, I know, you have a Mac, and Macs don’t get viruses…well…we all install something stupid at some point, or accidentally download “flash installer” and end up with “russianhackersites.safariextz” It’s ok. It happens to everyone. But yeah, you’ll want to get that fixed.

Download MalwareBytes for Mac and let it do its thing.