HackerTrans
TopNewTrendsCommentsPastAskShowJobs

jdc22

no profile record

comments

jdc22
·hace 4 años·discuss
I wonder if could lead to Apple getting in trouble for claiming that WebKit is "open-source" despite ignoring the requirement that programs (e.g., Safari) that include LGPL libraries permit them to be re-linked (which is something that Apple has implicitly disallowed ever since their platforms required code signing).
jdc22
·hace 4 años·discuss
Is the lack of notarization truly an issue? Aside from demonstrating that the creator has a paid subscription to the developer program, what does notarization accomplish that isn't already handled by XProtect (i.e. a YARA scan) and the Malware Removal Tool (MRT)?

Are there any examples anywhere of malware that has slipped through the client-side XProtect pre-flight checks, but that the server-side notarization checks have caught? Most independent macOS security literature I've read implies that notarization and code-signing is more about retaining centralized control of the app distribution process, but does not actually contribute anything to the malware mitigation tools that have been built into macOS for a very long time.