If you are the type who periodically check things on your Mac computer, you’d probably come across something like com.apple.WebKit.Networking.xpc. It can be an entry in your Firewall Options that you probably don’t recognize or remember seeing before.
The message goes something like com.apple.WebKit.Networking.xpc Allow incoming connections.
The question is: Is this a legitimate component of your Mac system? Or is it a piece of Mac malware that hijacks browsers and seriously threatens your machine? Let’s have a look and see what com.apple.WebKit.Networking.xpc can do in this short guide.
Is com.apple.WebKit.Networking.xpc Dangerous?
The first step that you can take to figure out if com.apple.WebKit.Networking.xpc is a dangerous element is to run your anti-malware software. See if the results include this file. It is also wise to run a Mac optimizer tool that can clean out junk and other unnecessary files that get in the way of your Mac’s performance and stable operations.
If com.apple.WebKit.Networking.xpc doesn’t come up as a suspicious element or an outright threat, it is safe to assume that it is a legitimate or even necessary part of your system.
A GetInfo report also yields information about com.apple.WebKit.Networking.xpc. The file can be found in /System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices.
The permissions are the following:
- System – Read and write
- Wheel – Read only
- Everyone – Read only
From scraping the web for answers, we found that com.apple.WebKit.Networking.xpc appears to be an Apple product. It is used by programs such as Safari, Mail, Messages, App Store, iCloud, and likely others that require internet connection. This is unless, of course, if an entity spoofs information that GetInfo would report on a file.
com.apple.WebKit.Networking.xpc Pop-Up in Safari
You might also find this message while on Safari: com.apple.WebKit.Networking.xpc wants to sign in using key “Apple ID authentication (date, time)” in your keychain. The message can quite annoying when communicated all the time, but it flashes for a legitimate reason nonetheless. And no, it’s unlikely to be a malware symptom or attack.
Now, here’s a quick rundown of the technical details. When the Safari browser goes on a secure website, the site gives a certificate to be signed. The browser, in turn, has to sign the certificate using one from the keychain.
There might be a confusion in the keychain between the right and wrong certificates, and Safari then attempts to use the wrong certificate. Suppressing the unwelcome certificate can lead the signing process to work properly. But be careful about suppressing a system or root certificate – it can cause access problems to relevant websites.
Some users find that the message constantly surfaces when they open a new tab in Safari. As they suspect that a specific website is causing the issue, their solution is to remove the said site from their Top Sites section. As a result, Safari no longer prompts them for the certificate every time.
The MIT.edu website offers specific steps to tackle this issue (thus below is an MIT-specific example). Follow these instructions:
- Open Keychain Access.
- Click on keys located under Category on bottom left part.
- Click on the Name column header to sort by name.
- Locate your MIT personal certificate, which is yourname Certificate.
- Double-click on that line.
- Next, click on Access Control.
- Click on the + sign. Afterwards, the Webkit.Framework folder should automatically open. (/System/Library/Frameworks/WebKit.framework)
- Go to Versions > A > XPC Services.
- Choose com.apple.WebKit.Networking.xpc.
- Click Add.
- Finally, click Save Changes.
It can be fairly easy to dismiss it as another malware threat, but com.apple.WebKit.Networking.xpc is actually a legitimate, even necessary component of your Mac system. It is found in anything from Safari to Messages to anything that requires you to have internet connection.
As always, it pays to be very discerning when dealing with unfamiliar files and programs. Recklessly getting rid of legitimate items, too, can be as dangerous as letting things slide.
Have you come across com.apple.WebKit.Networking.xpc? Let us know your thoughts!