From 979727af1827a99dcf5016d815f9cd95f7d5687f Mon Sep 17 00:00:00 2001
From: Damian Rickard <damian@rickard.us>
Date: Sun, 21 Jun 2026 15:28:43 -0400
Subject: [PATCH] macOS: native authentication via an SMJobBless privileged
 helper

On macOS, VeraCrypt elevated privileges through the common Unix path: it
prompted for the administrator password in its own dialog and started the
core service via "sudo". This replaces that with a code-signed launchd
privileged helper installed via SMJobBless, so the OS shows its standard
authentication dialog and VeraCrypt never handles the administrator
password. Closes #1437. Linux/FreeBSD are unchanged.

Design (reuses the existing root entry point):
- A thin, self-contained helper (PrivilegedHelper/Helper.cpp) exposes one
  privileged Mach service. On request it validates the connecting client's
  code signature (audit token -> SecCode -> designated requirement) and the
  client-supplied app binary, then socketpair()/fork()/execs
  "<app> --core-service" as root and returns one socket end over XPC.
- The returned descriptor is wrapped into the existing Service streams and
  fed the same {0,0x11,0x22} sync code, so ProcessElevatedRequests() /
  ProcessRequests() and all CoreServiceRequest serialization and validation
  are unchanged.
- The SMJobBless install and XPC connection run in the main application
  process (CoreService::SendRequest), not in the unprivileged core service:
  the latter is a fork()ed child that never calls exec(), where the
  Authorization / XPC / ServiceManagement frameworks cannot run.

Security:
- SMJobBless install gate matches the app's SMPrivilegedExecutables against
  the helper signature and the helper's SMAuthorizedClients against the app.
- Native auth via AuthorizationCopyRights(kSMRightBlessPrivilegedHelper).
- Per-connection client code-signature check inside the helper.
- The helper only execs a binary that is a root-owned regular file inside a
  non-user-writable ".app/Contents/MacOS" tree (every path component is
  verified root-owned and not group/other-writable, admin-group write
  allowed only outside the bundle), with the opened descriptor pinned and
  re-checked immediately before exec. macOS has no fexecve() and rejects
  exec via /dev/fd, so this trusted-location requirement is what closes the
  validate/exec race rather than executing the descriptor directly.
- The elevated SetFileOwner and the APFS formatter now share one device-node
  validator (lstat-based; rejects symlinks; requires a block/char device).

Build / packaging:
- Link the app with Security/ServiceManagement/CoreFoundation; the Blocks/XPC
  client glue is isolated in PrivilegedHelperClient.mm.
- Main.make builds the helper, embeds it at Contents/Library/LaunchServices,
  and signs it inside-out before the app. Signing identity and Team ID are
  build-overridable (defaults pin the IDRIX project identity); the Team ID is
  templated into the code-signing requirement strings and the generated
  plists are regenerated on every build so a Team ID change always takes
  effect.
- notarize.sh signs/verifies the nested helper; a macOS uninstaller removes
  the helper and its LaunchDaemon.
---
 .gitignore                                    |   4 +
 .../Resources/MacOSX/Helper-Info.plist.xml    |  32 ++
 .../Resources/MacOSX/Helper-Launchd.plist.xml |  16 +
 src/Build/Resources/MacOSX/Info.plist.xml     |  10 +
 src/Core/Core.make                            |   1 +
 src/Core/Unix/CoreService.cpp                 |  85 +++-
 src/Core/Unix/MacOSX/PrivilegedHelperClient.h |  24 +
 .../Unix/MacOSX/PrivilegedHelperClient.mm     | 160 ++++++
 .../Unix/MacOSX/PrivilegedHelperProtocol.h    |  39 ++
 src/Main/Main.make                            |  16 +-
 src/Makefile                                  |  10 +-
 src/PrivilegedHelper/Helper.cpp               | 466 ++++++++++++++++++
 src/PrivilegedHelper/PrivilegedHelper.make    |  56 +++
 .../MacOSX/VeraCryptHelper.entitlements.plist |  11 +
 src/Setup/MacOSX/notarize.sh                  |  16 +
 src/Setup/MacOSX/veracrypt-uninstall.sh       |  32 ++
 16 files changed, 964 insertions(+), 14 deletions(-)
 create mode 100644 src/Build/Resources/MacOSX/Helper-Info.plist.xml
 create mode 100644 src/Build/Resources/MacOSX/Helper-Launchd.plist.xml
 create mode 100644 src/Core/Unix/MacOSX/PrivilegedHelperClient.h
 create mode 100644 src/Core/Unix/MacOSX/PrivilegedHelperClient.mm
 create mode 100644 src/Core/Unix/MacOSX/PrivilegedHelperProtocol.h
 create mode 100644 src/PrivilegedHelper/Helper.cpp
 create mode 100644 src/PrivilegedHelper/PrivilegedHelper.make
 create mode 100644 src/Setup/MacOSX/VeraCryptHelper.entitlements.plist
 create mode 100755 src/Setup/MacOSX/veracrypt-uninstall.sh

diff --git a/.gitignore b/.gitignore
index 11201ffb81..b6ec782f74 100644
--- a/.gitignore
+++ b/.gitignore
@@ -36,6 +36,10 @@ src/Main/VeraCrypt
 src/Main/VeraCrypt.app
 src/Main/*.dmg
 src/Setup/MacOSX/*.pkg
+# macOS privileged helper build artifacts (binary + plists generated from templates)
+src/PrivilegedHelper/org.idrix.VeraCrypt.helper
+src/PrivilegedHelper/Helper-Info.plist
+src/PrivilegedHelper/Helper-Launchd.plist
 *.oo
 *.o.32
 *.o.64
diff --git a/src/Build/Resources/MacOSX/Helper-Info.plist.xml b/src/Build/Resources/MacOSX/Helper-Info.plist.xml
new file mode 100644
index 0000000000..bd5d1e4b61
--- /dev/null
+++ b/src/Build/Resources/MacOSX/Helper-Info.plist.xml
@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>CFBundleInfoDictionaryVersion</key>
+	<string>6.0</string>
+
+	<key>CFBundleIdentifier</key>
+	<string>org.idrix.VeraCrypt.helper</string>
+
+	<key>CFBundleName</key>
+	<string>VeraCrypt Privileged Helper</string>
+
+	<key>CFBundlePackageType</key>
+	<string>APPL</string>
+
+	<key>CFBundleVersion</key>
+	<string>_VERSION_</string>
+
+	<key>CFBundleShortVersionString</key>
+	<string>_VERSION_</string>
+
+	<!-- Code-signing requirement that a connecting client (the VeraCrypt app)
+	     and the binary the helper is asked to exec must satisfy. The helper
+	     reads this at runtime as the single source of truth for the authorized
+	     client identity. _TEAMID_ is substituted at build time. -->
+	<key>SMAuthorizedClients</key>
+	<array>
+		<string>identifier "org.idrix.VeraCrypt" and anchor apple generic and certificate leaf[subject.OU] = "_TEAMID_"</string>
+	</array>
+</dict>
+</plist>
diff --git a/src/Build/Resources/MacOSX/Helper-Launchd.plist.xml b/src/Build/Resources/MacOSX/Helper-Launchd.plist.xml
new file mode 100644
index 0000000000..df446d9b76
--- /dev/null
+++ b/src/Build/Resources/MacOSX/Helper-Launchd.plist.xml
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>Label</key>
+	<string>org.idrix.VeraCrypt.helper</string>
+
+	<!-- launchd publishes this privileged Mach service on the helper's behalf
+	     and launches it on demand when the client connects. -->
+	<key>MachServices</key>
+	<dict>
+		<key>org.idrix.VeraCrypt.helper</key>
+		<true/>
+	</dict>
+</dict>
+</plist>
diff --git a/src/Build/Resources/MacOSX/Info.plist.xml b/src/Build/Resources/MacOSX/Info.plist.xml
index 04ed21c1c2..ad48098e8c 100644
--- a/src/Build/Resources/MacOSX/Info.plist.xml
+++ b/src/Build/Resources/MacOSX/Info.plist.xml
@@ -96,5 +96,15 @@
 
     <key>NSPrincipalClass</key>
     <string>NSApplication</string>
+
+	<!-- SMJobBless: authorizes installation of the privileged helper. The
+	     requirement must match the helper's code signature; _TEAMID_ is
+	     substituted at build time. Keep in sync with the helper's
+	     CFBundleIdentifier (org.idrix.VeraCrypt.helper). -->
+	<key>SMPrivilegedExecutables</key>
+	<dict>
+		<key>org.idrix.VeraCrypt.helper</key>
+		<string>identifier "org.idrix.VeraCrypt.helper" and anchor apple generic and certificate leaf[subject.OU] = "_TEAMID_"</string>
+	</dict>
 </dict>
 </plist>
diff --git a/src/Core/Core.make b/src/Core/Core.make
index def349d812..3dd2065471 100644
--- a/src/Core/Core.make
+++ b/src/Core/Core.make
@@ -26,6 +26,7 @@ OBJS += Unix/$(PLATFORM)/Core$(PLATFORM).o
 OBJS += Unix/$(PLATFORM)/Core$(PLATFORM).o
 ifeq "$(PLATFORM)" "MacOSX"
 OBJS += Unix/FreeBSD/CoreFreeBSD.o
+OBJS += Unix/MacOSX/PrivilegedHelperClient.o
 endif
 
 include $(BUILD_INC)/Makefile.inc
diff --git a/src/Core/Unix/CoreService.cpp b/src/Core/Unix/CoreService.cpp
index 014b5c8f0f..1f6a33af75 100644
--- a/src/Core/Unix/CoreService.cpp
+++ b/src/Core/Unix/CoreService.cpp
@@ -15,6 +15,9 @@
 #include <sys/stat.h>
 #include <sys/wait.h>
 #include <stdio.h>
+#ifdef TC_MACOSX
+#include "Core/Unix/MacOSX/PrivilegedHelperClient.h"
+#endif
 #include "Platform/FileStream.h"
 #include "Platform/MemoryStream.h"
 #include "Platform/Serializable.h"
@@ -61,13 +64,12 @@ namespace VeraCrypt
 			|| IsMacOSXDevicePathWithPrefix (path, "/dev/rdisk");
 	}
 
-	// The elevated service runs as root, so it must not be tricked into changing
-	// ownership of an arbitrary path. Every legitimate macOS caller of the
-	// elevated SetFileOwner targets a real disk device node (/dev/[r]diskN[sM]),
-	// so restrict the operation to that. lstat() (not stat) is used so a symlink
-	// is rejected outright rather than followed, and the st_mode check confirms an
-	// actual block/character device before the chown.
-	static void ValidateMacOSXSetFileOwnerTarget (const FilesystemPath &path)
+	// The elevated service runs as root, so it must not be tricked into operating
+	// on arbitrary paths. Every legitimate macOS caller that reaches these helpers
+	// targets a real disk device node (/dev/[r]diskN[sM]), so restrict privileged
+	// operations to that. lstat() (not stat) rejects symlinks outright, and the
+	// st_mode check confirms an actual block/character device before use.
+	static void ValidateMacOSXDeviceNodeTarget (const FilesystemPath &path)
 	{
 		const string pathStr = path;
 
@@ -84,8 +86,7 @@ namespace VeraCrypt
 
 	static list <string> BuildMacOSXAPFSFormatterArguments (const ExecuteMacOSXAPFSFormatterRequest &request)
 	{
-		if (!IsMacOSXFormatterDevicePath (request.Device))
-			throw ParameterIncorrect (SRC_POS);
+		ValidateMacOSXDeviceNodeTarget (request.Device);
 
 		if (request.OwnerUserId > static_cast <uint64> ((uid_t) -1)
 			|| request.OwnerGroupId > static_cast <uint64> ((gid_t) -1))
@@ -330,7 +331,7 @@ namespace VeraCrypt
 
 #ifdef TC_MACOSX
 						// Restrict the root-privileged chown to real disk device nodes.
-						ValidateMacOSXSetFileOwnerTarget (setFileOwnerRequest->Path);
+						ValidateMacOSXDeviceNodeTarget (setFileOwnerRequest->Path);
 #endif
 						coreUnix->SetFileOwner (setFileOwnerRequest->Path, setFileOwnerRequest->Owner);
 						SetFileOwnerResponse().Serialize (outputStream);
@@ -449,6 +450,21 @@ namespace VeraCrypt
 			{
 				//	Test if the user has an active "sudo" session.
 				bool authCheckDone = false;
+#ifdef TC_MACOSX
+				// macOS: establish the privileged channel here, in the main
+				// application process. StartElevated() uses the SMJobBless helper
+				// and XPC, which cannot run in the unprivileged core service (a
+				// fork()ed child that never calls exec()); delegating elevation to
+				// it fails before the native authentication dialog is even shown.
+				// StartElevated() repoints the Service streams at the root core
+				// service, so the request is then sent below like any other.
+				authCheckDone = true;
+				request.FastElevation = false;
+				StartElevated (request);
+				ElevatedServiceAvailable = true;
+				request.Serialize (ServiceInputStream);
+				return GetResponse <T> ();
+#else
 				if (!Core->GetUseDummySudoPassword ())
 				{	
 					// We are using -n to avoid prompting the user for a password.
@@ -493,6 +509,7 @@ namespace VeraCrypt
 						request.FastElevation = false;
 					}
 				}
+#endif
 			
 				try
 				{
@@ -527,6 +544,9 @@ namespace VeraCrypt
 
 					request.FastElevation = false;
 
+#ifdef TC_MACOSX
+					throw;
+#endif
 					if(!authCheckDone)
 						(*AdminPasswordCallback) (request.AdminPassword);
 				}
@@ -562,6 +582,51 @@ namespace VeraCrypt
 
 	void CoreService::StartElevated (const CoreServiceRequest &request)
 	{
+#ifdef TC_MACOSX
+		try
+		{
+			std::string errorMsg;
+			string appPath = request.ApplicationExecutablePath;
+			if (appPath.empty() || appPath[0] != '/')
+			{
+				appPath = Process::FindSystemBinary("VeraCrypt", errorMsg);
+				if (appPath.empty())
+					throw SystemException(SRC_POS, errorMsg);
+			}
+
+			// Install (if needed) and drive the SMJobBless privileged helper.
+			// The helper shows the native macOS authentication dialog at install
+			// time, validates this app's code signature on every connection, and
+			// spawns "<appPath> --core-service" as root, returning a connected
+			// socket. VeraCrypt never handles the administrator password.
+			int serviceFD = MacOSXConnectElevatedCoreService (appPath);
+			throw_sys_if (serviceFD == -1);
+
+			shared_ptr <File> servicePipe (new File());
+			servicePipe->AssignSystemHandle (serviceFD, false);
+			ServiceInputStream = shared_ptr <Stream> (new FileStream (servicePipe));
+			ServiceOutputStream = shared_ptr <Stream> (new FileStream (servicePipe));
+
+			// Send sync code
+			uint8 sync[] = { 0, 0x11, 0x22 };
+			ServiceInputStream->Write (ConstBufferPtr (sync, array_capacity (sync)));
+
+			return;
+		}
+		catch (Exception &)
+		{
+			throw;
+		}
+		catch (exception &e)
+		{
+			throw ExternalException (SRC_POS, StringConverter::ToExceptionString (e));
+		}
+		catch (...)
+		{
+			throw UnknownException (SRC_POS);
+		}
+#endif
+
 		unique_ptr <Pipe> inPipe (new Pipe());
 		unique_ptr <Pipe> outPipe (new Pipe());
 		Pipe errPipe;
diff --git a/src/Core/Unix/MacOSX/PrivilegedHelperClient.h b/src/Core/Unix/MacOSX/PrivilegedHelperClient.h
new file mode 100644
index 0000000000..79548b1bb7
--- /dev/null
+++ b/src/Core/Unix/MacOSX/PrivilegedHelperClient.h
@@ -0,0 +1,24 @@
+/*
+ Copyright (c) 2026 AM Crypto and are governed by the Apache License 2.0
+ the full text of which is contained in the file License.txt included in
+ VeraCrypt binary and source code distribution packages.
+*/
+
+#ifndef TC_HEADER_Core_Unix_MacOSX_PrivilegedHelperClient
+#define TC_HEADER_Core_Unix_MacOSX_PrivilegedHelperClient
+
+#include <string>
+
+namespace VeraCrypt
+{
+	// Ensures the SMJobBless privileged helper is installed and up to date
+	// (showing the native macOS authentication dialog when an install/upgrade
+	// is required), then asks it to spawn "appPath --core-service" as root and
+	// returns a connected socket file descriptor to that root process. The
+	// returned descriptor is owned by the caller and must be closed.
+	//
+	// Throws a VeraCrypt exception (e.g. ElevationFailed) on any failure.
+	int MacOSXConnectElevatedCoreService (const std::string &appPath);
+}
+
+#endif // TC_HEADER_Core_Unix_MacOSX_PrivilegedHelperClient
diff --git a/src/Core/Unix/MacOSX/PrivilegedHelperClient.mm b/src/Core/Unix/MacOSX/PrivilegedHelperClient.mm
new file mode 100644
index 0000000000..6c1dde1230
--- /dev/null
+++ b/src/Core/Unix/MacOSX/PrivilegedHelperClient.mm
@@ -0,0 +1,160 @@
+/*
+ Copyright (c) 2026 AM Crypto and are governed by the Apache License 2.0
+ the full text of which is contained in the file License.txt included in
+ VeraCrypt binary and source code distribution packages.
+*/
+
+// Client-side glue for the VeraCrypt SMJobBless privileged helper.
+//
+// This translation unit is compiled as Objective-C++ (".mm") so that it can use
+// the Blocks-based XPC and ServiceManagement APIs (the rest of CoreService.cpp
+// is plain C++ and is not compiled with -fblocks). It exposes a single plain
+// C++ entry point, MacOSXConnectElevatedCoreService(), declared in
+// PrivilegedHelperClient.h and called from CoreService::StartElevated().
+
+#include "PrivilegedHelperClient.h"
+#include "PrivilegedHelperProtocol.h"
+
+// The Apple framework headers must come first: they typedef BOOL (objc.h),
+// which must be seen before Common/Tcdefs.h redefines BOOL as a macro. They
+// also pull in <mach/error.h>, whose ERR_SUCCESS macro would otherwise mangle
+// the ERR_SUCCESS enumerator in Tcdefs.h, so it is undefined before the
+// VeraCrypt headers (reached via SystemException.h) are included.
+#include <xpc/xpc.h>
+#include <Security/Security.h>
+#include <ServiceManagement/ServiceManagement.h>
+#include <CoreFoundation/CoreFoundation.h>
+
+#undef ERR_SUCCESS
+
+#include "Platform/SystemException.h"
+#include "Core/CoreException.h"
+
+namespace VeraCrypt
+{
+	// Connects to the helper's privileged Mach service. The connection is
+	// returned resumed; the caller owns it and must xpc_connection_cancel() it.
+	static xpc_connection_t ConnectToHelper ()
+	{
+		xpc_connection_t connection = xpc_connection_create_mach_service (
+			VC_HELPER_LABEL, NULL, XPC_CONNECTION_MACH_SERVICE_PRIVILEGED);
+
+		if (!connection)
+			throw ElevationFailed (SRC_POS, VC_HELPER_LABEL, 1, "xpc_connection_create_mach_service failed");
+
+		// A no-op event handler is mandatory; per-request errors are surfaced
+		// synchronously through the reply objects below.
+		xpc_connection_set_event_handler (connection, ^(xpc_object_t) { });
+		xpc_connection_resume (connection);
+		return connection;
+	}
+
+	// Returns the version reported by the currently installed helper, or -1 if
+	// no helper is installed / reachable.
+	static int64_t QueryHelperVersion ()
+	{
+		xpc_connection_t connection = ConnectToHelper ();
+
+		xpc_object_t message = xpc_dictionary_create (NULL, NULL, 0);
+		xpc_dictionary_set_string (message, VC_HELPER_KEY_COMMAND, VC_HELPER_CMD_GET_VERSION);
+
+		xpc_object_t reply = xpc_connection_send_message_with_reply_sync (connection, message);
+
+		int64_t version = -1;
+		if (xpc_get_type (reply) == XPC_TYPE_DICTIONARY)
+			version = xpc_dictionary_get_int64 (reply, VC_HELPER_KEY_VERSION);
+
+		xpc_connection_cancel (connection);
+		return version;
+	}
+
+	// Installs (or upgrades) the helper via SMJobBless. This is the call that
+	// triggers the native macOS authentication dialog.
+	static void BlessHelper ()
+	{
+		AuthorizationRef authRef = NULL;
+		OSStatus status = AuthorizationCreate (NULL, kAuthorizationEmptyEnvironment, kAuthorizationFlagDefaults, &authRef);
+		if (status != errAuthorizationSuccess)
+			throw ElevationFailed (SRC_POS, "AuthorizationCreate", status, "");
+
+		AuthorizationItem item = { kSMRightBlessPrivilegedHelper, 0, NULL, 0 };
+		AuthorizationRights rights = { 1, &item };
+		AuthorizationFlags flags = kAuthorizationFlagDefaults
+			| kAuthorizationFlagInteractionAllowed
+			| kAuthorizationFlagPreAuthorize
+			| kAuthorizationFlagExtendRights;
+
+		status = AuthorizationCopyRights (authRef, &rights, kAuthorizationEmptyEnvironment, flags, NULL);
+		if (status != errAuthorizationSuccess)
+		{
+			AuthorizationFree (authRef, kAuthorizationFlagDefaults);
+			// errAuthorizationCanceled when the user dismisses the dialog.
+			throw ElevationFailed (SRC_POS, "AuthorizationCopyRights", status, "");
+		}
+
+		CFErrorRef cfError = NULL;
+		Boolean blessed = SMJobBless (kSMDomainSystemLaunchd, CFSTR (VC_HELPER_LABEL), authRef, &cfError);
+		AuthorizationFree (authRef, kAuthorizationFlagDefaults);
+
+		if (!blessed)
+		{
+			long code = cfError ? (long) CFErrorGetCode (cfError) : 0;
+			string description = "SMJobBless failed";
+			if (cfError)
+			{
+				CFStringRef desc = CFErrorCopyDescription (cfError);
+				if (desc)
+				{
+					char buffer[512];
+					if (CFStringGetCString (desc, buffer, sizeof (buffer), kCFStringEncodingUTF8))
+						description = buffer;
+					CFRelease (desc);
+				}
+				CFRelease (cfError);
+			}
+			throw ElevationFailed (SRC_POS, "SMJobBless", (int) code, description);
+		}
+	}
+
+	// Installs the helper if it is missing or its version does not match the
+	// version this build expects.
+	static void EnsureHelperInstalled ()
+	{
+		if (QueryHelperVersion () == VC_HELPER_VERSION)
+			return;
+
+		BlessHelper ();
+	}
+
+	int MacOSXConnectElevatedCoreService (const std::string &appPath)
+	{
+		EnsureHelperInstalled ();
+
+		xpc_connection_t connection = ConnectToHelper ();
+
+		xpc_object_t message = xpc_dictionary_create (NULL, NULL, 0);
+		xpc_dictionary_set_string (message, VC_HELPER_KEY_COMMAND, VC_HELPER_CMD_OPEN_CORE_SERVICE);
+		xpc_dictionary_set_string (message, VC_HELPER_KEY_APP_PATH, appPath.c_str());
+		xpc_dictionary_set_int64 (message, VC_HELPER_KEY_VERSION, VC_HELPER_VERSION);
+
+		xpc_object_t reply = xpc_connection_send_message_with_reply_sync (connection, message);
+
+		if (xpc_get_type (reply) != XPC_TYPE_DICTIONARY)
+		{
+			xpc_connection_cancel (connection);
+			throw ElevationFailed (SRC_POS, VC_HELPER_LABEL, 1, "Privileged helper did not return a valid reply");
+		}
+
+		int serviceFD = xpc_dictionary_dup_fd (reply, VC_HELPER_KEY_SERVICE_FD);
+		if (serviceFD < 0)
+		{
+			const char *helperError = xpc_dictionary_get_string (reply, VC_HELPER_KEY_ERROR);
+			string description = helperError ? helperError : "Privileged helper refused to open the core service";
+			xpc_connection_cancel (connection);
+			throw ElevationFailed (SRC_POS, VC_HELPER_LABEL, 1, description);
+		}
+
+		xpc_connection_cancel (connection);
+		return serviceFD;
+	}
+}
diff --git a/src/Core/Unix/MacOSX/PrivilegedHelperProtocol.h b/src/Core/Unix/MacOSX/PrivilegedHelperProtocol.h
new file mode 100644
index 0000000000..ed7edbd130
--- /dev/null
+++ b/src/Core/Unix/MacOSX/PrivilegedHelperProtocol.h
@@ -0,0 +1,39 @@
+/*
+ Copyright (c) 2026 AM Crypto and are governed by the Apache License 2.0
+ the full text of which is contained in the file License.txt included in
+ VeraCrypt binary and source code distribution packages.
+*/
+
+#ifndef TC_HEADER_Core_Unix_MacOSX_PrivilegedHelperProtocol
+#define TC_HEADER_Core_Unix_MacOSX_PrivilegedHelperProtocol
+
+// Shared constants for the VeraCrypt privileged helper (SMJobBless / launchd).
+// Included by both the helper (PrivilegedHelper/Helper.cpp) and the client glue
+// (Core/Unix/MacOSX/PrivilegedHelperClient.mm).
+
+// launchd Label and Mach service name. Must match Helper-Launchd.plist.xml,
+// Helper-Info.plist.xml (CFBundleIdentifier) and the SMPrivilegedExecutables
+// key of the application's Info.plist.
+#define VC_HELPER_LABEL "org.idrix.VeraCrypt.helper"
+
+// Absolute path where SMJobBless installs the helper tool and its launchd job.
+#define VC_HELPER_TOOL_PATH    "/Library/PrivilegedHelperTools/" VC_HELPER_LABEL
+#define VC_HELPER_PLIST_PATH   "/Library/LaunchDaemons/" VC_HELPER_LABEL ".plist"
+
+// XPC message keys.
+#define VC_HELPER_KEY_COMMAND     "command"
+#define VC_HELPER_KEY_APP_PATH    "app-path"
+#define VC_HELPER_KEY_VERSION     "version"
+#define VC_HELPER_KEY_SERVICE_FD  "service-fd"
+#define VC_HELPER_KEY_ERROR       "error"
+
+// XPC commands (value of VC_HELPER_KEY_COMMAND).
+#define VC_HELPER_CMD_OPEN_CORE_SERVICE "open-core-service"
+#define VC_HELPER_CMD_GET_VERSION       "get-version"
+#define VC_HELPER_CMD_UNINSTALL         "uninstall"
+
+// Protocol/helper version. Bump whenever Helper.cpp changes so that an outdated
+// installed helper is detected by the client and re-blessed (standard pattern).
+#define VC_HELPER_VERSION 1
+
+#endif // TC_HEADER_Core_Unix_MacOSX_PrivilegedHelperProtocol
diff --git a/src/Main/Main.make b/src/Main/Main.make
index 36b8c1f6e9..a59ef30fc7 100755
--- a/src/Main/Main.make
+++ b/src/Main/Main.make
@@ -253,13 +253,23 @@ endif
 
 	echo -n APPLTRUE >$(APPNAME).app/Contents/PkgInfo
 ifdef VC_LEGACY_BUILD
-	sed -e 's/_VERSION_/$(patsubst %a,%.1,$(patsubst %b,%.2,$(TC_VERSION)))/' ../Build/Resources/MacOSX/Info.plist.legacy.xml >$(APPNAME).app/Contents/Info.plist
+	sed -e 's/_VERSION_/$(patsubst %a,%.1,$(patsubst %b,%.2,$(TC_VERSION)))/' -e 's/_TEAMID_/$(VC_OSX_TEAM_ID)/g' ../Build/Resources/MacOSX/Info.plist.legacy.xml >$(APPNAME).app/Contents/Info.plist
 else
-	sed -e 's/_VERSION_/$(patsubst %a,%.1,$(patsubst %b,%.2,$(TC_VERSION)))/' ../Build/Resources/MacOSX/Info.plist.xml >$(APPNAME).app/Contents/Info.plist
+	sed -e 's/_VERSION_/$(patsubst %a,%.1,$(patsubst %b,%.2,$(TC_VERSION)))/' -e 's/_TEAMID_/$(VC_OSX_TEAM_ID)/g' ../Build/Resources/MacOSX/Info.plist.xml >$(APPNAME).app/Contents/Info.plist
 endif
+
+	# Build the SMJobBless privileged helper and embed it in the bundle at the
+	# location SMJobBless expects (Contents/Library/LaunchServices/<label>).
+	$(MAKE) -C $(BASE_DIR)/PrivilegedHelper -f PrivilegedHelper.make helper
+	mkdir -p $(APPNAME).app/Contents/Library/LaunchServices
+	cp $(BASE_DIR)/PrivilegedHelper/org.idrix.VeraCrypt.helper $(APPNAME).app/Contents/Library/LaunchServices/org.idrix.VeraCrypt.helper
+
 	chmod -R go-w $(APPNAME).app
 ifneq ("$(LOCAL_DEVELOPMENT_BUILD)","true")
-	codesign -s "Developer ID Application: IDRIX (Z933746L2S)" --timestamp $(APPNAME).app
+	# Sign inside-out: the nested helper first (hardened runtime + its own
+	# entitlements), then the application bundle.
+	codesign -s "$(VC_OSX_SIGN_IDENTITY)" --timestamp --options runtime --entitlements $(BASE_DIR)/Setup/MacOSX/VeraCryptHelper.entitlements.plist $(APPNAME).app/Contents/Library/LaunchServices/org.idrix.VeraCrypt.helper
+	codesign -s "$(VC_OSX_SIGN_IDENTITY)" --timestamp $(APPNAME).app
 endif
 
 install: prepare
diff --git a/src/Makefile b/src/Makefile
index 7c15e5a3a8..f2354e0c41 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -307,6 +307,14 @@ ifeq "$(shell uname -s)" "Darwin"
 	# use the output of the command "xcrun --show-sdk-version" to set the SDK version if not set
 	export VC_OSX_SDK ?= $(shell xcrun --show-sdk-version)
 
+	# Code-signing identity and Team ID. Committed defaults pin the project
+	# (IDRIX) identity; both are overridable on the command line for local
+	# testing with a developer's own Developer ID. VC_OSX_TEAM_ID is substituted
+	# into the helper/app code-signing requirement strings (see the plist
+	# templates under Build/Resources/MacOSX).
+	export VC_OSX_SIGN_IDENTITY ?= Developer ID Application: IDRIX (Z933746L2S)
+	export VC_OSX_TEAM_ID ?= Z933746L2S
+
 	#check to see if XCode 3 path exists.Otherwise, use XCode 4 path
 	VC_OSX_SDK_PATH := /Developer/SDKs/MacOSX$(VC_OSX_SDK).sdk
 	ifeq ($(wildcard $(VC_OSX_SDK_PATH)/SDKSettings.plist),)
@@ -331,7 +339,7 @@ $(error Specified SDK version was not found, ensure your active developer direct
 
 	CXXFLAGS += -std=c++11
 	C_CXX_FLAGS += -DTC_UNIX -DTC_BSD -DTC_MACOSX -mmacosx-version-min=$(VC_OSX_TARGET) -isysroot $(VC_OSX_SDK_PATH)
-	LFLAGS += -mmacosx-version-min=$(VC_OSX_TARGET) -Wl,-syslibroot $(VC_OSX_SDK_PATH) -Wl,-export_dynamic
+	LFLAGS += -mmacosx-version-min=$(VC_OSX_TARGET) -Wl,-syslibroot $(VC_OSX_SDK_PATH) -Wl,-export_dynamic -framework Security -framework ServiceManagement -framework CoreFoundation
 	# Xcode 15 linker emits a warning "no platform load command found" when linking object files generated by yasm
 	# To suppress this warning, we need to use -Wl,-ld_classic flag in order to use the old ld64 linker
 	# https://mjtsai.com/blog/2024/03/15/xcode-15-no-platform-load-command-found/
diff --git a/src/PrivilegedHelper/Helper.cpp b/src/PrivilegedHelper/Helper.cpp
new file mode 100644
index 0000000000..32ff8ea87e
--- /dev/null
+++ b/src/PrivilegedHelper/Helper.cpp
@@ -0,0 +1,466 @@
+/*
+ Copyright (c) 2026 AM Crypto and are governed by the Apache License 2.0
+ the full text of which is contained in the file License.txt included in
+ VeraCrypt binary and source code distribution packages.
+*/
+
+// VeraCrypt privileged helper.
+//
+// A thin, self-contained launchd daemon installed via SMJobBless. It runs as
+// root and exposes a single privileged Mach service. Its only job is to:
+//
+//   1. validate that the connecting client is a genuine, correctly-signed
+//      VeraCrypt application (per-connection code-signature check), and
+//   2. on request, validate the client-supplied application binary path,
+//      then socketpair()/fork()/exec() "<appPath> --core-service" as root,
+//      returning one end of the socket pair to the client over XPC.
+//
+// The exec'd process is the *existing* VeraCrypt core-service entry point
+// (CoreService::ProcessElevatedRequests via the "--core-service" command line
+// option). The helper never parses or executes privileged requests itself;
+// after handing back the socket it goes idle.
+//
+// The code-signing requirement used for both the peer check and the exec-path
+// check is read at runtime from this tool's own embedded Info.plist
+// ("SMAuthorizedClients"), which is the single source of truth for the
+// authorized client identity (templated with the build's Team ID).
+
+#include <xpc/xpc.h>
+#include <dispatch/dispatch.h>
+#include <Security/Security.h>
+#include <ServiceManagement/ServiceManagement.h>
+#include <CoreFoundation/CoreFoundation.h>
+
+#include <signal.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <grp.h>
+#include <string.h>
+#include <sys/socket.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <mach/mach.h>
+#include <string>
+
+#include "Core/Unix/MacOSX/PrivilegedHelperProtocol.h"
+
+// Not declared in the public XPC headers, but a stable, widely-used SPI that is
+// the supported way for a privileged helper to obtain the peer's audit token.
+extern "C" void xpc_connection_get_audit_token (xpc_connection_t, audit_token_t *);
+
+// Returns the code-signing requirement that an authorized client (and the
+// client-supplied executable) must satisfy. Read from this tool's embedded
+// Info.plist "SMAuthorizedClients" array. Caller releases the result.
+static SecRequirementRef CopyAuthorizedClientRequirement ()
+{
+	CFBundleRef bundle = CFBundleGetMainBundle ();
+	if (!bundle)
+		return NULL;
+
+	CFDictionaryRef info = CFBundleGetInfoDictionary (bundle);
+	if (!info)
+		return NULL;
+
+	CFArrayRef clients = (CFArrayRef) CFDictionaryGetValue (info, CFSTR ("SMAuthorizedClients"));
+	if (!clients || CFGetTypeID (clients) != CFArrayGetTypeID () || CFArrayGetCount (clients) < 1)
+		return NULL;
+
+	CFStringRef requirementString = (CFStringRef) CFArrayGetValueAtIndex (clients, 0);
+	if (!requirementString || CFGetTypeID (requirementString) != CFStringGetTypeID ())
+		return NULL;
+
+	SecRequirementRef requirement = NULL;
+	if (SecRequirementCreateWithString (requirementString, kSecCSDefaultFlags, &requirement) != errSecSuccess)
+		return NULL;
+
+	return requirement;
+}
+
+// Validates the connecting client process against the authorized-client
+// requirement using its audit token.
+static bool ClientConnectionIsValid (xpc_connection_t connection)
+{
+	audit_token_t auditToken;
+	memset (&auditToken, 0, sizeof (auditToken));
+	xpc_connection_get_audit_token (connection, &auditToken);
+
+	CFDataRef tokenData = CFDataCreate (kCFAllocatorDefault, (const UInt8 *) &auditToken, sizeof (auditToken));
+	if (!tokenData)
+		return false;
+
+	const void *keys[]   = { kSecGuestAttributeAudit };
+	const void *values[] = { tokenData };
+	CFDictionaryRef attributes = CFDictionaryCreate (kCFAllocatorDefault, keys, values, 1,
+		&kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
+	CFRelease (tokenData);
+	if (!attributes)
+		return false;
+
+	SecCodeRef code = NULL;
+	OSStatus status = SecCodeCopyGuestWithAttributes (NULL, attributes, kSecCSDefaultFlags, &code);
+	CFRelease (attributes);
+	if (status != errSecSuccess || !code)
+		return false;
+
+	SecRequirementRef requirement = CopyAuthorizedClientRequirement ();
+	if (!requirement)
+	{
+		CFRelease (code);
+		return false;
+	}
+
+	status = SecCodeCheckValidity (code, kSecCSDefaultFlags, requirement);
+
+	CFRelease (requirement);
+	CFRelease (code);
+	return status == errSecSuccess;
+}
+
+// Validates that the on-disk executable at "path" satisfies the authorized
+// client requirement (defense in depth against directing the helper at an
+// attacker-controlled binary).
+static bool ExecutablePathIsValid (const char *path)
+{
+	if (!path || path[0] != '/')
+		return false;
+
+	CFURLRef url = CFURLCreateFromFileSystemRepresentation (kCFAllocatorDefault,
+		(const UInt8 *) path, (CFIndex) strlen (path), false);
+	if (!url)
+		return false;
+
+	SecStaticCodeRef staticCode = NULL;
+	OSStatus status = SecStaticCodeCreateWithPath (url, kSecCSDefaultFlags, &staticCode);
+	CFRelease (url);
+	if (status != errSecSuccess || !staticCode)
+		return false;
+
+	SecRequirementRef requirement = CopyAuthorizedClientRequirement ();
+	if (!requirement)
+	{
+		CFRelease (staticCode);
+		return false;
+	}
+
+	status = SecStaticCodeCheckValidity (staticCode, kSecCSDefaultFlags, requirement);
+
+	CFRelease (requirement);
+	CFRelease (staticCode);
+	return status == errSecSuccess;
+}
+
+static gid_t GetAdminGroupId ()
+{
+	struct group *adminGroup = getgrnam ("admin");
+	if (!adminGroup)
+		return (gid_t) -1;
+
+	return adminGroup->gr_gid;
+}
+
+static bool IsTrustedRootOwnedNode (const struct stat &nodeStat, bool allowAdminGroupWrite)
+{
+	if (nodeStat.st_uid != 0)
+		return false;
+
+	if ((nodeStat.st_mode & S_IWOTH) != 0)
+		return false;
+
+	if ((nodeStat.st_mode & S_IWGRP) != 0)
+	{
+		if (!allowAdminGroupWrite)
+			return false;
+
+		gid_t adminGroupId = GetAdminGroupId ();
+		if (adminGroupId == (gid_t) -1 || nodeStat.st_gid != adminGroupId)
+			return false;
+	}
+
+	return true;
+}
+
+// The helper cannot fexecve() on macOS, so never launch from a user-writable
+// install tree. This limits the remaining path-based exec race to roots/admins,
+// who already have equivalent privilege.
+static bool ExecutablePathIsInTrustedLocation (const char *path, const struct stat &execStat)
+{
+	if (!path || path[0] != '/' || !S_ISREG (execStat.st_mode))
+		return false;
+
+	if (!IsTrustedRootOwnedNode (execStat, false))
+		return false;
+
+	std::string pathString (path);
+	const std::string bundleMarker (".app/Contents/MacOS/");
+	size_t bundleMarkerPosition = pathString.find (bundleMarker);
+	if (bundleMarkerPosition == std::string::npos)
+		return false;
+
+	size_t bundleRootEnd = bundleMarkerPosition + 4;
+	size_t executableNamePosition = bundleMarkerPosition + bundleMarker.size();
+	if (bundleRootEnd == 4 || executableNamePosition >= pathString.size()
+		|| pathString.find ('/', executableNamePosition) != std::string::npos)
+		return false;
+
+	std::string bundleRoot = pathString.substr (0, bundleRootEnd);
+	std::string contentsDirectory = bundleRoot + "/Contents";
+	std::string macOSDirectory = contentsDirectory + "/MacOS";
+
+	std::string currentPath ("/");
+	struct stat componentStat;
+
+	if (lstat (currentPath.c_str(), &componentStat) != 0
+		|| !S_ISDIR (componentStat.st_mode)
+		|| !IsTrustedRootOwnedNode (componentStat, true))
+		return false;
+
+	size_t position = 1;
+	while (position < pathString.size())
+	{
+		size_t nextSlash = pathString.find ('/', position);
+		std::string component = pathString.substr (position, nextSlash == std::string::npos ? std::string::npos : nextSlash - position);
+
+		if (component.empty())
+		{
+			position = nextSlash == std::string::npos ? pathString.size() : nextSlash + 1;
+			continue;
+		}
+
+		if (component == "." || component == "..")
+			return false;
+
+		if (currentPath.size() > 1)
+			currentPath += "/";
+		currentPath += component;
+
+		if (lstat (currentPath.c_str(), &componentStat) != 0)
+			return false;
+
+		bool isFinalComponent = nextSlash == std::string::npos;
+		if (isFinalComponent)
+		{
+			return S_ISREG (componentStat.st_mode)
+				&& componentStat.st_dev == execStat.st_dev
+				&& componentStat.st_ino == execStat.st_ino
+				&& IsTrustedRootOwnedNode (componentStat, false);
+		}
+
+		bool isBundleCriticalDirectory = currentPath == bundleRoot
+			|| currentPath == contentsDirectory
+			|| currentPath == macOSDirectory
+			|| (currentPath.size() > bundleRoot.size()
+				&& currentPath.compare (0, bundleRoot.size(), bundleRoot) == 0
+				&& currentPath[bundleRoot.size()] == '/');
+
+		if (!S_ISDIR (componentStat.st_mode) || !IsTrustedRootOwnedNode (componentStat, !isBundleCriticalDirectory))
+			return false;
+
+		position = nextSlash + 1;
+	}
+
+	return false;
+}
+
+static void SendError (xpc_connection_t peer, xpc_object_t request, const char *message)
+{
+	xpc_object_t reply = xpc_dictionary_create_reply (request);
+	if (!reply)
+		return;
+	xpc_dictionary_set_string (reply, VC_HELPER_KEY_ERROR, message);
+	xpc_connection_send_message (peer, reply);
+}
+
+// Spawns "<appPath> --core-service" as root with both stdin and stdout wired to
+// one end of a socket pair, and returns the other end to the client.
+//
+// The binary is opened first (pinning a specific inode), then validated, and is
+// executed only if the path still resolves to that exact inode -- the inode
+// check runs in the child immediately before execv(). macOS has no fexecve()
+// (and exec via /dev/fd is rejected), so the file cannot be executed straight
+// from the descriptor; pinning the inode shrinks the check-to-exec window to a
+// few instructions. The mandatory code-signature requirement remains the primary
+// guarantee: an attacker cannot substitute a binary that passes it.
+static void HandleOpenCoreService (xpc_connection_t peer, xpc_object_t request)
+{
+	const char *appPath = xpc_dictionary_get_string (request, VC_HELPER_KEY_APP_PATH);
+	if (!appPath || appPath[0] != '/')
+	{
+		SendError (peer, request, "Invalid application path");
+		return;
+	}
+
+	// O_NOFOLLOW: never traverse a symlink as the final path component. The
+	// descriptor pins the inode that is validated and re-checked below.
+	int execFd = open (appPath, O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
+	if (execFd == -1)
+	{
+		SendError (peer, request, "Cannot open application binary");
+		return;
+	}
+
+	struct stat execStat;
+	if (fstat (execFd, &execStat) != 0 || !S_ISREG (execStat.st_mode))
+	{
+		close (execFd);
+		SendError (peer, request, "Application binary is not a regular file");
+		return;
+	}
+
+	if (!ExecutablePathIsInTrustedLocation (appPath, execStat))
+	{
+		close (execFd);
+		SendError (peer, request, "Application binary is not in a trusted install location");
+		return;
+	}
+
+	if (!ExecutablePathIsValid (appPath))
+	{
+		close (execFd);
+		SendError (peer, request, "Application binary failed code-signature validation");
+		return;
+	}
+
+	int sockets[2];
+	if (socketpair (AF_UNIX, SOCK_STREAM, 0, sockets) != 0)
+	{
+		close (execFd);
+		SendError (peer, request, "socketpair() failed");
+		return;
+	}
+
+	pid_t pid = fork ();
+	if (pid < 0)
+	{
+		close (execFd);
+		close (sockets[0]);
+		close (sockets[1]);
+		SendError (peer, request, "fork() failed");
+		return;
+	}
+
+	if (pid == 0)
+	{
+		// Child: become the VeraCrypt core service. Its STDIN/STDOUT speak the
+		// existing CoreServiceRequest/Response protocol over the socket pair.
+		dup2 (sockets[1], STDIN_FILENO);
+		dup2 (sockets[1], STDOUT_FILENO);
+
+		int devNull = open ("/dev/null", O_WRONLY);
+		if (devNull != -1)
+		{
+			dup2 (devNull, STDERR_FILENO);
+			if (devNull > STDERR_FILENO)
+				close (devNull);
+		}
+
+		close (sockets[0]);
+		if (sockets[1] > STDOUT_FILENO)
+			close (sockets[1]);
+
+		// Final TOCTOU guard, as late as possible before exec: only proceed if
+		// the path still resolves to the exact inode that was opened (execFd,
+		// still held open) and validated above.
+		struct stat nowStat;
+		if (stat (appPath, &nowStat) != 0
+			|| nowStat.st_dev != execStat.st_dev
+			|| nowStat.st_ino != execStat.st_ino)
+			_exit (126);
+
+		char *const argv[] = { (char *) appPath, (char *) "--core-service", (char *) NULL };
+		execv (appPath, argv);
+		_exit (127);
+	}
+
+	// Parent (helper): hand the client its end of the socket pair.
+	close (execFd);
+	close (sockets[1]);
+
+	xpc_object_t reply = xpc_dictionary_create_reply (request);
+	if (reply)
+	{
+		xpc_dictionary_set_fd (reply, VC_HELPER_KEY_SERVICE_FD, sockets[0]);
+		xpc_connection_send_message (peer, reply);
+	}
+	close (sockets[0]);
+}
+
+static void HandleGetVersion (xpc_connection_t peer, xpc_object_t request)
+{
+	xpc_object_t reply = xpc_dictionary_create_reply (request);
+	if (!reply)
+		return;
+	xpc_dictionary_set_int64 (reply, VC_HELPER_KEY_VERSION, VC_HELPER_VERSION);
+	xpc_connection_send_message (peer, reply);
+}
+
+static void HandleUninstall (xpc_connection_t peer, xpc_object_t request)
+{
+	CFErrorRef cfError = NULL;
+	SMJobRemove (kSMDomainSystemLaunchd, CFSTR (VC_HELPER_LABEL), NULL, true, &cfError);
+	if (cfError)
+		CFRelease (cfError);
+
+	unlink (VC_HELPER_PLIST_PATH);
+	unlink (VC_HELPER_TOOL_PATH);
+
+	xpc_object_t reply = xpc_dictionary_create_reply (request);
+	if (reply)
+	{
+		xpc_dictionary_set_int64 (reply, VC_HELPER_KEY_VERSION, VC_HELPER_VERSION);
+		xpc_connection_send_message (peer, reply);
+	}
+
+	// The launchd job and tool are gone; exit cleanly.
+	exit (0);
+}
+
+static void HandleMessage (xpc_connection_t peer, xpc_object_t event)
+{
+	if (xpc_get_type (event) != XPC_TYPE_DICTIONARY)
+		return;
+
+	// Every privileged operation is gated on a per-connection code-signature
+	// check of the calling process.
+	if (!ClientConnectionIsValid (peer))
+	{
+		SendError (peer, event, "Client failed code-signature validation");
+		return;
+	}
+
+	const char *command = xpc_dictionary_get_string (event, VC_HELPER_KEY_COMMAND);
+	if (!command)
+		return;
+
+	if (strcmp (command, VC_HELPER_CMD_OPEN_CORE_SERVICE) == 0)
+		HandleOpenCoreService (peer, event);
+	else if (strcmp (command, VC_HELPER_CMD_GET_VERSION) == 0)
+		HandleGetVersion (peer, event);
+	else if (strcmp (command, VC_HELPER_CMD_UNINSTALL) == 0)
+		HandleUninstall (peer, event);
+}
+
+int main (int /*argc*/, const char * /*argv*/ [])
+{
+	// Reap exec'd core-service children automatically (we never wait on them).
+	signal (SIGCHLD, SIG_IGN);
+
+	xpc_connection_t listener = xpc_connection_create_mach_service (
+		VC_HELPER_LABEL, dispatch_get_main_queue (), XPC_CONNECTION_MACH_SERVICE_LISTENER);
+
+	xpc_connection_set_event_handler (listener, ^(xpc_object_t peerEvent)
+	{
+		if (xpc_get_type (peerEvent) != XPC_TYPE_CONNECTION)
+			return;
+
+		xpc_connection_t peer = (xpc_connection_t) peerEvent;
+		xpc_connection_set_event_handler (peer, ^(xpc_object_t message)
+		{
+			HandleMessage (peer, message);
+		});
+		xpc_connection_resume (peer);
+	});
+
+	xpc_connection_resume (listener);
+	dispatch_main ();
+	return 0;
+}
diff --git a/src/PrivilegedHelper/PrivilegedHelper.make b/src/PrivilegedHelper/PrivilegedHelper.make
new file mode 100644
index 0000000000..fc4279791d
--- /dev/null
+++ b/src/PrivilegedHelper/PrivilegedHelper.make
@@ -0,0 +1,56 @@
+#
+# Copyright (c) 2026 AM Crypto and are governed by the Apache License 2.0
+# the full text of which is contained in the file License.txt included in
+# VeraCrypt binary and source code distribution packages.
+#
+# Builds the VeraCrypt privileged helper (macOS, SMJobBless). Produced as a
+# self-contained Mach-O tool with its Info.plist and launchd plist embedded in
+# dedicated __TEXT sections, as required by SMJobBless. Invoked from the macOS
+# "prepare" target in Main/Main.make.
+#
+# Relies on CXXFLAGS / LFLAGS exported by the top-level Makefile (architecture,
+# SDK, deployment target and -framework Security are already present there) and
+# on TC_VERSION / VC_OSX_TEAM_ID.
+
+HELPER_LABEL := org.idrix.VeraCrypt.helper
+
+# Mirror the version normalisation used for the application Info.plist.
+HELPER_VERSION := $(patsubst %a,%.1,$(patsubst %b,%.2,$(TC_VERSION)))
+
+HELPER_INFO_PLIST    := Helper-Info.plist
+HELPER_LAUNCHD_PLIST := Helper-Launchd.plist
+HELPER_INFO_TEMPLATE    := $(BASE_DIR)/Build/Resources/MacOSX/Helper-Info.plist.xml
+HELPER_LAUNCHD_TEMPLATE := $(BASE_DIR)/Build/Resources/MacOSX/Helper-Launchd.plist.xml
+
+# The generated plists are .PHONY so they are regenerated on every build: their
+# content depends on VC_OSX_TEAM_ID / TC_VERSION (not just the template), so a
+# rebuild after changing the Team ID must re-embed the new code-signing
+# requirement. Otherwise a stale Team ID in the helper's SMAuthorizedClients
+# breaks the SMJobBless reciprocal-signature check.
+.PHONY: helper clean $(HELPER_INFO_PLIST) $(HELPER_LAUNCHD_PLIST)
+
+helper: $(HELPER_LABEL)
+
+$(HELPER_INFO_PLIST): $(HELPER_INFO_TEMPLATE)
+	@echo Generating $@
+	sed -e 's/_VERSION_/$(HELPER_VERSION)/g' -e 's/_TEAMID_/$(VC_OSX_TEAM_ID)/g' $< > $@
+
+$(HELPER_LAUNCHD_PLIST): $(HELPER_LAUNCHD_TEMPLATE)
+	@echo Generating $@
+	sed -e 's/_VERSION_/$(HELPER_VERSION)/g' -e 's/_TEAMID_/$(VC_OSX_TEAM_ID)/g' $< > $@
+
+Helper.o: Helper.cpp
+	@echo Compiling Helper.cpp
+	$(CXX) $(CXXFLAGS) -fblocks -c $< -o $@
+
+$(HELPER_LABEL): Helper.o $(HELPER_INFO_PLIST) $(HELPER_LAUNCHD_PLIST)
+	@echo Linking $@
+	$(CXX) $(LFLAGS) -fblocks \
+		-framework Security -framework ServiceManagement -framework CoreFoundation \
+		-Wl,-sectcreate,__TEXT,__info_plist,$(HELPER_INFO_PLIST) \
+		-Wl,-sectcreate,__TEXT,__launchd_plist,$(HELPER_LAUNCHD_PLIST) \
+		-o $@ Helper.o
+
+clean:
+	@echo Cleaning PrivilegedHelper
+	rm -f Helper.o Helper.d $(HELPER_LABEL) $(HELPER_INFO_PLIST) $(HELPER_LAUNCHD_PLIST)
diff --git a/src/Setup/MacOSX/VeraCryptHelper.entitlements.plist b/src/Setup/MacOSX/VeraCryptHelper.entitlements.plist
new file mode 100644
index 0000000000..74e0b202e6
--- /dev/null
+++ b/src/Setup/MacOSX/VeraCryptHelper.entitlements.plist
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<!-- The privileged helper is intentionally minimal. It loads no third-party
+	     libraries, so it keeps library validation enabled (unlike the app, which
+	     disables it for FUSE). No additional entitlements are required: the
+	     SMJobBless install gate and the runtime audit-token client check provide
+	     the security guarantees. -->
+</dict>
+</plist>
diff --git a/src/Setup/MacOSX/notarize.sh b/src/Setup/MacOSX/notarize.sh
index c3e2ff0558..2d773ea463 100755
--- a/src/Setup/MacOSX/notarize.sh
+++ b/src/Setup/MacOSX/notarize.sh
@@ -22,8 +22,24 @@ echo "Notarizing VeraCrypt ${VC_VERSION}..."
 cd "${SCRIPT_DIR}"
 
 xattr -rc "$BUNDLE_PATH"
+
+# Sign inside-out: the nested SMJobBless privileged helper first (hardened
+# runtime + its own minimal entitlements), then the application bundle. The
+# subsequent --deep app signing re-seals the bundle so its CodeResources record
+# the helper's signature.
+HELPER_PATH="$BUNDLE_PATH/Contents/Library/LaunchServices/org.idrix.VeraCrypt.helper"
+if [ -f "$HELPER_PATH" ]; then
+    codesign --timestamp --option runtime --force --entitlements "${SCRIPT_DIR}/VeraCryptHelper.entitlements.plist" --sign "${SIGNING_ID}" "$HELPER_PATH"
+fi
+
 codesign --timestamp --option runtime --deep --force --entitlements "${SCRIPT_DIR}/VeraCrypt.entitlements.plist" --sign "${SIGNING_ID}" "$BUNDLE_PATH"
 
+# Deep-verify the nested code (including the privileged helper) before packaging.
+codesign --verify --deep --strict --verbose=2 "$BUNDLE_PATH"
+if [ -f "$HELPER_PATH" ]; then
+    codesign --verify --strict --verbose=2 "$HELPER_PATH"
+fi
+
 # Check dependencies of the VeraCrypt binary
 VC_BINARY="$BUNDLE_PATH/Contents/MacOS/VeraCrypt"
 DEPENDENCY_OUTPUT=$(otool -L "$VC_BINARY" | grep libfuse-t.dylib)
diff --git a/src/Setup/MacOSX/veracrypt-uninstall.sh b/src/Setup/MacOSX/veracrypt-uninstall.sh
new file mode 100755
index 0000000000..08edeb2b61
--- /dev/null
+++ b/src/Setup/MacOSX/veracrypt-uninstall.sh
@@ -0,0 +1,32 @@
+#!/bin/bash
+#
+# Copyright (c) 2026 AM Crypto and are governed by the Apache License 2.0
+# the full text of which is contained in the file License.txt included in
+# VeraCrypt binary and source code distribution packages.
+#
+# Uninstalls VeraCrypt, including the SMJobBless privileged helper and its
+# launchd job. Must be run as root (it removes files under /Library and
+# unloads a system launchd daemon).
+
+HELPER_LABEL="org.idrix.VeraCrypt.helper"
+HELPER_TOOL="/Library/PrivilegedHelperTools/${HELPER_LABEL}"
+HELPER_PLIST="/Library/LaunchDaemons/${HELPER_LABEL}.plist"
+
+if [ "$(id -u)" -ne 0 ]; then
+    echo "This uninstaller must be run as root (use sudo)." >&2
+    exit 1
+fi
+
+# Stop and remove the privileged helper launchd job.
+launchctl bootout "system/${HELPER_LABEL}" 2>/dev/null
+launchctl unload "${HELPER_PLIST}" 2>/dev/null
+
+rm -f "${HELPER_PLIST}"
+rm -f "${HELPER_TOOL}"
+
+# Remove the application bundle and CLI symlink created by the installer.
+rm -rf /Applications/VeraCrypt.app
+rm -f /usr/local/bin/veracrypt
+
+echo "VeraCrypt and its privileged helper have been removed."
+exit 0