Thursday, August 18, 2022

Gatekeeper Changes in macOS Ventura

Howard Oakley:

In the past, Gatekeeper has primarily been concerned with checking apps and other executable code which have been put in quarantine; once an app has passed those first run checks and its quarantine flag has been cleared, its notarization and signing haven’t been checked again in the same way. Apple has announced that’s changing in Ventura, where Gatekeeper will check that all notarized apps are correctly signed whenever they’re run. This will ensure that no unauthorised modifications can be made to them, without these checks imposing noticeable delays in launching.

Rich Siegel:

Does this mean that if (for example) a user adds or modifies something inside of a notarized application’s package, that macOS will subsequently refuse to launch it and report some helpful error (e.g. “ appears to have been tampered with”)?

Rosyna Keller:

You get the “this application has been damaged” alert. Of course, like other gatekeeper features, users can disable it.

Guilherme Rambo:

Another change is that apps on macOS may no longer update/modify apps that are not signed by the same development team, unless the other app declares the third-party team ID in its Info.plist. This will lead to some scary dialogs before everyone adapts to this new model.

See also: What’s new in privacy, Phil Stokes (Hacker News).


Update (2022-09-26): Howard Oakley:

Fast forward to Ventura in a few weeks time, and not only are there notarization checks, introduced in Catalina, but every time you run that app the same checks on its signature and notarization are made as if it was undergoing first run. If the app doesn’t pass those, you’ll see similar dialogs to those when the problem has occurred on first run, and Gatekeeper will block that app from running on your Mac.

What could possibly go wrong?

1 Comment RSS · Twitter

I've already found a way to bypass this, easily, after a few hours of hacking this morning. I submitted a report to Apple Product Security for the bug bounty. Although I suspect that the issue might be very difficult for Apple to fix without breaking things that really shouldn't be broken.

Leave a Comment