HackerTrans
TopNewTrendsCommentsPastAskShowJobs

jdc22

no profile record

comments

jdc22
·4 anni fa·discuss
I wonder if could lead to Apple getting in trouble for claiming that WebKit is "open-source" despite ignoring the requirement that programs (e.g., Safari) that include LGPL libraries permit them to be re-linked (which is something that Apple has implicitly disallowed ever since their platforms required code signing).
jdc22
·4 anni fa·discuss
Is the lack of notarization truly an issue? Aside from demonstrating that the creator has a paid subscription to the developer program, what does notarization accomplish that isn't already handled by XProtect (i.e. a YARA scan) and the Malware Removal Tool (MRT)?

Are there any examples anywhere of malware that has slipped through the client-side XProtect pre-flight checks, but that the server-side notarization checks have caught? Most independent macOS security literature I've read implies that notarization and code-signing is more about retaining centralized control of the app distribution process, but does not actually contribute anything to the malware mitigation tools that have been built into macOS for a very long time.