Last Week on My Mac: Lies, notarization and privacy

What is going to change in notarization and code signing? Will sandboxing be required? How does this affect privacy controls?

Permissions, SIP and TCC: who’s controlling access?

There’s a lot standing between your app and what it can edit and save: POSIX permissions, ACLs, SIP, TCC, and maybe the sandbox too.

macOS virtualisation refactored and sandboxed in Viable updates

Refactored for a smoother experience and with control over shared folders, Viable beta 7 now has a sandboxed and locked-down sibling ViableS, ideal for research.

What’s in an app’s signature?

App signatures are about more than just the certificate. That provides a chain of trust going back to Apple, and supports integrity checks and entitlements.

Can you back up iCloud documents?

iCloud Drive just works. Time Machine just works. So Time Machine should back up the contents of your iCloud Drive? Maybe not.

What else changed in Big Sur 11.5.2 update?

Despite its lack of security release notes, the 11.5.2 update contains new versions of several important security executables, including spctl, sandboxd and syspolicyd.

A Short History of Malware Protection in macOS

From the start of voluntary code signing in 2007, defences against malware in macOS have changed dramatically. Here’s an overview of what has happened.

Last Week on My Mac: Deceived by the Finder

Where does Apple warn the user that four stray files in an unprotected folder are specially protected by the Sandbox kernel extension?

Quarantine, SIP, and MACL: macOS per-file security controls

The behaviour of quarantine flags, SIP flags, and the mysterious new com.apple.macl attribute, which never ceases to puzzle.

Last Week on My Mac: Catalina users caught in a game of chance

When it comes to basics, we like consistency. Imagine what life would be like if every so often […]