In November 2020, macOS was found to have a hole in protecting users’ privacy, which Apple promised to fix within a year. Although it has made changes, are they protective enough?
OCSP
Is Apple going to meet the promises it made a year ago, to protect its users around the world from the risk posed by its online signing certificate checks?
Nine months ago, Apple undertook to make changes in the way in which macOS checks its OCSP service for certificate revocations. Has it changed anything yet?
From the start of voluntary code signing in 2007, defences against malware in macOS have changed dramatically. Here’s an overview of what has happened.
Certificate revocation checks in macOS could be misused in surveillance. How could you prevent that without putting your Mac at risk?
You try to open an app on your M1 Mac, only to see an alert telling your that you don’t have permission to open it. Only that isn’t the reason.
If you try booting into Big Sur in Remote (Internet) Recovery, you’ll get Catalina instead. But nowhere does Apple alert users to this problem.
Why does it take 2 years to realise that macOS has been checking signing certificate validity online?
Although most were worried about Apple’s failure to deliver upgrades to Big Sur, the most serious problem left many users unable to launch any apps.