Final in series. Examines how the hardened runtime controls access to protected private data and services, and how some use private entitlements.
Notarization
Second in the series. Considers in detail what the hardened environment offers the user, and how notarized apps can opt out of its protection.
First of three articles looking in detail at what notarization involves, and the benefits it might have to users. Considers the question of legacy apps.
If you’re using Catalina or Big Sur, you should by now only be obtaining apps from four sources: […]
Why does it take 2 years to realise that macOS has been checking signing certificate validity online?
How Catalina and Big Sur handle the first run of apps which have their quarantine flag set. With details of log entries seen in both steps needed for approval.
How macOS checks executable code before it’s loaded and run, in macOS 10.15 and 11.0. Covering integrity checks using hashes, and validity of the signing certificate, on Intel and ARM.
Just over a week ago, security experts discovered the first macOS malware which has been notarized. Doesn’t that make Apple’s security worthless?
How developers get their software notarized, and how that works when you try to run it on your Mac.
Stepping through building it correctly in Xcode, turning it into an Installer package getting it notarized and the ticket stapled to the tool.