From 0d68d22b98def5f36b00e7fe57ccd310f44c9e8d Mon Sep 17 00:00:00 2001
From: Bernd Schoolmann <mail@quexten.com>
Date: Tue, 4 Mar 2025 12:06:57 +0100
Subject: [PATCH] Prevent password from being used on safari biometric unlock
 (#13289)

---
 .../src/safari/safari/SafariWebExtensionHandler.swift  | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/apps/browser/src/safari/safari/SafariWebExtensionHandler.swift b/apps/browser/src/safari/safari/SafariWebExtensionHandler.swift
index 58d95f959be..d4ce360c32a 100644
--- a/apps/browser/src/safari/safari/SafariWebExtensionHandler.swift
+++ b/apps/browser/src/safari/safari/SafariWebExtensionHandler.swift
@@ -164,7 +164,15 @@ class SafariWebExtensionHandler: NSObject, NSExtensionRequestHandling {
                 break
             }
 
-            guard let accessControl = SecAccessControlCreateWithFlags(nil, kSecAttrAccessibleWhenUnlockedThisDeviceOnly, [.privateKeyUsage, .userPresence], nil) else {
+            var flags: SecAccessControlCreateFlags = [.privateKeyUsage];
+            // https://developer.apple.com/documentation/security/secaccesscontrolcreateflags/biometryany
+            if #available(macOS 10.13.4, *) {
+                flags.insert(.biometryAny)
+            } else {
+                flags.insert(.touchIDAny)
+            }
+
+            guard let accessControl = SecAccessControlCreateWithFlags(nil, kSecAttrAccessibleWhenUnlockedThisDeviceOnly, flags, nil) else {
                 let messageId = message?["messageId"] as? Int
                 response.userInfo = [
                     SFExtensionMessageKey: [