Apple has pushed updates to both XProtect and MRT

Apple has pushed two updates overnight, to the ‘Yara’ data files used by XProtect, bringing its version number […]

🎗 Quarantine: Documents

Second of two, here looking at quarantine of documents, what it means, how it occurs. Much more common than apps, but mysterious.

🎗 Quarantine: Apps

First of two articles – this looking at how quarantine works for apps and other executables, details of the flag itself, how it behaves, and more.

Apple has pushed an update to XProtect

Apple has pushed an update to the ‘Yara’ data files used by XProtect, bringing its version number to […]

Sandboxing makes quarantine flags almost meaningless

How the quarantine flag for apps and that for docs opened in sandboxed apps differ, and why there are now so many quarantine flags to trip us up.

Why all those quarantine flags?

Have you noticed quarantine flags appearing on movies and PDFs which have never been downloaded? Here’s a possible explanation.

PDF without Adobe: 8 Security, integrity and forensics

Can you get malware in PDF? How far can you trust a PDF, or could it be a forgery? How to sign PDFs, and what data may remain hidden inside them.

Last Year on My Mac: Out with the old, in with the new

Eighteen new apps for free download – it hasn’t been a bad year. But Apple needs to fix its App Store, as well as delivering new iMacs and the Mac Pro in 2019. And did I mention security?

How can Mojave let you open an app with signature errors?

The differences between a full Gatekeeper check, an AMFI check for integrity, and a normal app open, and why signature errors can be tolerated.

Where do Apple’s recent security updates leave macOS?

Apple appears to be maintaining MRT, but hasn’t changed detection signatures in XProtect for 9 months. What does this mean for the security of macOS and its users?