Final in series. Examines how the hardened runtime controls access to protected private data and services, and how some use private entitlements.
signature
Second in the series. Considers in detail what the hardened environment offers the user, and how notarized apps can opt out of its protection.
First of three articles looking in detail at what notarization involves, and the benefits it might have to users. Considers the question of legacy apps.
Why does it take 2 years to realise that macOS has been checking signing certificate validity online?
If you were to strip unwanted code from a Universal App, would it still pass Big Sur’s strict security checks?
How macOS checks executable code before it’s loaded and run, in macOS 10.15 and 11.0. Covering integrity checks using hashes, and validity of the signing certificate, on Intel and ARM.
Although most were worried about Apple’s failure to deliver upgrades to Big Sur, the most serious problem left many users unable to launch any apps.
Thirty years ago, many Macs were hit by the Wdef virus, which exploited a vulnerability which remains today: it travelled in an extended attribute. Should we be worried now?
If you have no other option and can be certain there’s no danger in doing so, you can remove a signed app’s signature. But it may not be so simple.
When macOS won’t let you open an app or other software because it warns that it’s (possibly) malware, here’s how to check the signatures.
The Eclectic Light Company 