A sandboxed and isolation version of Viable designed for security and other researchers, now updated to match features in the latest release of Viable.
sandbox
Why is it, what is it, and how can you tell whether an app runs in it? What can you do to remove an app’s entitlements?
What is going to change in notarization and code signing? Will sandboxing be required? How does this affect privacy controls?
There’s a lot standing between your app and what it can edit and save: POSIX permissions, ACLs, SIP, TCC, and maybe the sandbox too.
Refactored for a smoother experience and with control over shared folders, Viable beta 7 now has a sandboxed and locked-down sibling ViableS, ideal for research.
App signatures are about more than just the certificate. That provides a chain of trust going back to Apple, and supports integrity checks and entitlements.
iCloud Drive just works. Time Machine just works. So Time Machine should back up the contents of your iCloud Drive? Maybe not.
Despite its lack of security release notes, the 11.5.2 update contains new versions of several important security executables, including spctl, sandboxd and syspolicyd.
From the start of voluntary code signing in 2007, defences against malware in macOS have changed dramatically. Here’s an overview of what has happened.
Where does Apple warn the user that four stray files in an unprotected folder are specially protected by the Sandbox kernel extension?