New version of this GUI utility for inspecting and editing extended attributes, for High Sierra and later.
quarantine
If you thought that App Translocation only happens to apps left in their original folders and not moved, and doesn’t happen after first run, this could come as a surprise.
What’s blocking you from saving that document: permissions, ACLs, privacy, an extended attribute, or what? Here are some clues.
How an obscure ACL can prevent a quarantine flag from being attached to an internet download: demonstration and explanation.
How the new tracking extended attribute is attached to apps, how it’s recorded in a security database, and how it’s checked. But for what purpose?
New version of ViableS runs in a sandbox, with no shared folders, and can now be isolated from networks. So how well does Ventura work without internet?
Ventura introduces a new extended attribute com.apple.provenance, used to mark successful clearance of quarantine. It’s protected by SIP too.
How macOS security can have excellent tools and defences, but fail to inform the user of the detection of malicious software.
Samples of four malicious software downloaded and run on macOS 13.1. Could it detect and block them effectively? Or do you need 3rd party protection?
ResEdit changed what was in the resource fork. With Mac OS X, Apple moved away from forks to extended attributes, now used for quarantine flags and more.
The Eclectic Light Company 