What needs to be done in OS X 10.12?

Even as we are still catching up with El Capitan, Apple’s OS X engineering team will be hard at work on the next major version, 10.12.

Let us hope that, while as painstakingly attentive to design detail as its interface developers were in El Capitan, those who work in the engine-room of the kernel and core security are given the resources to do what they need: to re-engineer our protection. Code signing, Gatekeeper, SIP, and all the allied defences now in El Capitan are great ideas, but fast holding together with bits of chewing gum and duct tape.

Putting Macs inside the sort of walled garden that iOS lives in would destroy their software support, render them next to useless, and kill the product. I have already explained how Apple’s own engineers could not develop OS X (or iOS, watchOS, tvOS…) if the Mac were to go the iOS route.

So OS X security defences must be able to take on today’s and tomorrow’s challenges from ever more ingenious malware.

Several teams, notably Patrick Wardle and his colleagues at Synack, have revealed a series of major weaknesses in code signing and Gatekeeper over the last year or so. Apple has responded to most of these, and I am sure is continuing to work on fixes for those vulnerabilities which remain. But each time, we end up with a patch, which sometimes in turn opens up other vulnerabilities.

The time has come for OS X to have these security mechanisms written again from scratch, to design and implement them more soundly and securely. The right time to do this is for the next major OS X release, 10.12, perhaps later this year.

If Apple does not take this opportunity to make a clean start, core security will only become more and more like a pair of heavily-patched jeans, where the underlying fabric is too weak to support any more patches, and the gaps between patches will open up for the onslaught of malware. And now that those who wish to distribute malware know that their best vector is the Mac App Store, every Mac user would be at risk.

When the stakes get this high, investing the resources and making that bold move is hardly even a decision. It is an inevitable necessity.