Important changes for anyone distributing command tools in particular, and a good time to ensure you only ship signed and notarized apps if possible.
Has Gatekeeper been bypassed? Disclosed details of what is claimed to be a new vulnerability may not be all that they appear to be.
Look in Activity Monitor or the log, and you won’t find anything named Gatekeeper, is its a team of different systems, each of which can work on its own. Here’s the detail and a diagram.
App signatures are only checked on app first run – it may once have been true, but is no longer accurate. But can you bypass those additional checks? Is this a vulnerability?
Apple Mobile File Integrity is a combination of a KEXT and a LaunchDaemon which check app signatures, entitlements, and provisioning profiles.
The differences between a full Gatekeeper check, an AMFI check for integrity, and a normal app open, and why signature errors can be tolerated.