Jeff Johnson of @lapcatsoftware has just published an excellent technical article looking at controversial issues over hardening, sandboxing, […]
How the quarantine flag for apps and that for docs opened in sandboxed apps differ, and why there are now so many quarantine flags to trip us up.
Unlike iOS, OS X does not require apps to run in a sandbox. But when they do, there are important benefits to the user.
Final in series. Examines how the hardened runtime controls access to protected private data and services, and how some use private entitlements.
Second in the series. Considers in detail what the hardened environment offers the user, and how notarized apps can opt out of its protection.
If you’re using Catalina or Big Sur, you should by now only be obtaining apps from four sources: […]
When does an M1 Mac validate its Sealed System Volume? Who designed its display interface? How soon does Find My Mac launch? So many answers found in the log.
How macOS checks executable code before it’s loaded and run, in macOS 10.15 and 11.0. Covering integrity checks using hashes, and validity of the signing certificate, on Intel and ARM.
Unlike file data, metadata has varying persistence. Some is ephemeral, others sticky. macOS has inbuilt mechanisms for managing the persistence of extended attributes.
Most quarantine flags in your Mac aren’t on apps but documents. Details of how they’re added, what info they contain, and what they do.