iTunes and Firewalls

My sweetie Sarah had an issue with iTunes 10.1.2 on her new MacBook Air. A dialog box would keep coming up with Do you want iTunes to accept incoming network connections? showing Deny or Allow buttons everytime she launched iTunes. I experimented on my iMac 27” and found that I had the same issues when I enabled the Firewall and had either Share my library on my local network on the Sharing panel or Look for iPod touch, iPhone and iPad Remotes on the Devices panel checked in iTunes’s Preferences. Either of these items would make iTunes listen for an inbound connection.

After some Google-fu I came up with this Apple Discussion Thread. Here’s how you check:

  1. Open up a Terminal window (Utilities > Terminal)
  2. Type in the command codesign -v /Applications/ and press return

If you get /Applications/ a sealed resource is missing or invalid, then the iTunes version in your Applications folder is missing a file which tells the firewall that it’s OK to take inbound connections. You can see that there’s a checkbox for Automatically allow signed software to receive incoming connections when you click on the Advanced... button in the Firewall page in System Preferences > Security. This is checked by default, and lets the Firewall automatically allow iTunes to accept inbound connections – but due the missing signed resource, the Firewall instead prompts you to allow iTunes each time.

The solution was to uninstall iTunes, download, and reinstall our iTunes from Apple’s site. The codesign command now returns nothing - which is good! And the dialog box does not appear anymore!