They now get signed, an Info.plist is embedded, they’re notarized by Apple, use the hardened runtime, maybe the App Sandbox, and request entitlements. So how do you check their version?
signature
Is macOS going to be like iOS? Not in Ventura, where notarization is improved with additional security checks. Here are the details.
App signatures are about more than just the certificate. That provides a chain of trust going back to Apple, and supports integrity checks and entitlements.
There have been changes to the way that macOS 12 checks executable code when asked to run it. Summarised in a diagram.
App signatures remain valid forever, but Installer packages are different, and their certificates can and do expire. What about notarization though?
Why do we keep having problems with security certificates when they’re just supposed to work? A look at what they do, and they work.
From the start of voluntary code signing in 2007, defences against malware in macOS have changed dramatically. Here’s an overview of what has happened.
What are checksums, CRCs and hashes? What is required for a hash to be cryptographic, and how any of these affect your Mac? Some answers and explanations.
WWDC this year again featured a session on notarization. Here’s a summary of its status in Big Sur, and details of what’s next.
What tells me that macOS isn’t about to be swallowed up into iOS? Look at what’s happened with Time Machine in Big Sur, which has undergone as much development as it did prior to release in 2007.
The Eclectic Light Company 