Things that go bump in SilentKnight: serious security failures

You may be surprised to learn that SIP or XProtect are disabled, that the SSV isn’t working, or that your security systems are way out of date.

What else changed in Big Sur 11.5.2 update?

Despite its lack of security release notes, the 11.5.2 update contains new versions of several important security executables, including spctl, sandboxd and syspolicyd.

Building and notarizing command tools as Universal binaries

Stepping through building it correctly in Xcode, turning it into an Installer package getting it notarized and the ticket stapled to the tool.

How to check signatures on apps, installers, and packages

Validating signatures isn’t straightforward. GUI apps are limited, and command tools confusing and prone to user error.

What to do when a newly-installed app can’t be opened?

Yesterday, I explained how you can ensure that macOS 10.15 Catalina will open an app which doesn’t meet […]

Checking whether apps are notarized using Signet

Now can check apps (bundles with the extension .app) to determine whether they’re notarized, from Apple, App Store, etc.

Building and delivering command tools for Catalina

It took 5 apps, 4 command tools in 6 commands, 2 developer certificates and an app-specific password for 260 lines of code.

Can you tell whether code has been notarized?

Notarization is already required for some kernel extensions and apps, even in 10.14.5. So how do you tell whether an app or code bundle is notarized?

Code signing for the concerned: 4 Results and testing

Testing at the command line, with What’s Your Sign?, and according to the requirements of the signature.

Code signing for the concerned: 3 Signing an app

How to perform ad hoc signing, signing with a personal certificate, and set signing up in Xcode.