Plus, of course, when malware gets revoked, it’ll still run on infected Macs.” All it would take is running the wrong app once. “Since macOS doesn’t check code signatures after the first run, malware could infect many of the apps on your system, without root, and you’d never know. ![]() Old signatures on installed apps are irrelevant, not a problem.”Ī security researcher expressed opposite opinions about the value of signature checks: Code signatures are designed for Gatekeeper. ![]() “I disagree with the whole notion that there are ‘signature problems’. This provoked long discussions, in which a very experienced developer asserted: What is particularly significant, with the wisdom of hindsight, is that these vulnerabilities exploited Universal binaries, which Apple internally knew would soon become widespread again, and of potentially great importance.Īt the end of that year, I reported here that macOS Mojave 10.14.2 was happy to run apps whose developer certificates appeared to have been revoked. These affected a lot of well-known security products including LittleSnitch, and more generally software from Facebook. Among the most important, and most relevant to this story, are those detailed by Josh Pitts in June 2018. Various vulnerabilities have been discovered in the processes involved in signing and their use in macOS over that period. With the immediate aftermath of the release of Big Sur now subsiding, this article traces their history, and explains how they came about.Īlthough the origin of code signing in macOS has become lost in the mists of time, as far as I can see, it appeared in 2007, but wasn’t really taken seriously until Gatekeeper was introduced in 2012, and became even more important with notarization, which was new with Mojave in 2018. ![]() What has been puzzling me ever since is that these OCSP checks have been well-known for a couple of years, and only now have attracted attention. Apple responded rapidly to mounting concerns and made commitments to address these issues over the coming year. A week ago, largely as the result of a server problem on 12 November, there was a storm of concern over the use by macOS of Apple’s OCSP service to check certificates, and resulting leakage of private data.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |