Despite its lack of security release notes, the 11.5.2 update contains new versions of several important security executables, including spctl, sandboxd and syspolicyd.
sandbox
From the start of voluntary code signing in 2007, defences against malware in macOS have changed dramatically. Here’s an overview of what has happened.
Where does Apple warn the user that four stray files in an unprotected folder are specially protected by the Sandbox kernel extension?
The behaviour of quarantine flags, SIP flags, and the mysterious new com.apple.macl attribute, which never ceases to puzzle.
When it comes to basics, we like consistency. Imagine what life would be like if every so often […]
It’s not very often that we see the birth of a whole new subsystem both in macOS and iOS, but RunningBoard is brand new with 10.15 and 13.
Jeff Johnson of @lapcatsoftware has just published an excellent technical article looking at controversial issues over hardening, sandboxing, […]
Signature checks are complex. On first run with a quarantine flag, they include the contents of the Resources folder, but seldom do after that.
How to detect and investigate a problem with Time Machine backups in Mojave, using only free tools.
Second of two, here looking at quarantine of documents, what it means, how it occurs. Much more common than apps, but mysterious.
