Ventura has changed app quarantine with a new xattr

Ventura introduces a new extended attribute com.apple.provenance, used to mark successful clearance of quarantine. It’s protected by SIP too.

Last Week on My Mac: Why is Apple so reluctant for the offline Mac?

In the two years since we’ve been waiting for Apple to provide an option to opt out of online certificate and notarization checks, Apple has added two enhanced security modes, but not addressed the original issue.

How does Ventura check an app’s security?

If Ventura checks the security of apps more thoroughly, how does it go about that? Gatekeeper explored, from XProtect to OCSP checks.

Last Week on My Mac: KeySteal, Honkbox and BadGacha

Two updates to macOS security tools and the malware they protect against, including a test of XProtect Remediator against KeySteal.

Apple has just released an update to XProtect Remediator

Apple has just released an update to XProtect Remediator security software for Macs running Catalina or later, bringing […]

Apple has released an update to XProtect

Apple has just pushed a surprise update to XProtect (not Remediator) security software, bringing it to version 2166. […]

Should apps and command tools be notarized?

Yes, you can notarize command tools. Doing so ensures independent approval that the code isn’t malicious, and disapproval, letting macOS block code with revoked certificates or notarization.

Apple has released a security update to Big Sur 11.7.4

Apple has just released an update to bring Big Sur to version 11.7.4. Although a security update, Apple […]

Apple has released an urgent security update to Ventura 13.2.1

Apple has just released an update to bring macOS Ventura to version 13.2.1. This appears to be an […]

Permissions, SIP and TCC: who’s controlling access?

There’s a lot standing between your app and what it can edit and save: POSIX permissions, ACLs, SIP, TCC, and maybe the sandbox too.